-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi,
on a recent blind SQLi (PostgreSQL 8.4) I had problems using sqlmap to extract data. After having a deeper look at it I noticed that the DB did like the function substr() (I can not entirely exclude it but I do not think that this problem was introduced by some kind of weird anti sqli filtering). To work around that issue I replaced the substr() function in xml/queries.xml with substring( .. from N for 1) and everything worked fine. I thought you might want to add that possibility as a second option (query2= ?) to automatically detect/workaround that issue? -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJReDF6AAoJEJeRHQyF0ukMOjQQAKIATbP/WL2LkgOdjVAZ5kG+ Yafdgrp8Cn1oL2X9AdOZL/Xr2dh67GsbV6sgCc6uv35I8rqMtfs81FlqplvLD0h0 7sb/1RXTTrrbmMEZGaGyiZhqEdlr5DDooXM3fEmgkEoXgQ1Ht9sjz3PzNk2bWCUB EIip1Jrp2EbZPAkNgfcXNcpq3ojSULkvEua0WawxR1voAI1YiWpYBAUI+LHheUVG 3PGPb5MHjGEBs1m3Hhw/hSHtlR7YhPzsx+Mk99pJkcluardzEsyucLax3MevLI1i KCWxDP0QT3MmVdBk89/ETOxhWbka1NeCDEv7gVBzYG3DHptD4PfSbsInUdJGQtZ8 bd0GjJdi9Ie4Rl3KMNXPt3j2VLq1neuLsTm/r8xwDqdLfpSeZ5eTiy1W5/usAz+o 4VDfHp7vZRMooL3PPi6Ie+l0mfY5KtFE2pcXF3EZ2DyUl9xB38v9tfgMZ8dXVa/Q mpH5Zp5V82soa+Xdb+LLkzRTuhIJg0sScvINrPbDyzQOQiTaVZXjL++pa7sOeoYJ Ag4+QIt+FvhIKog0zlc53qc7J/M3R2H3DH3G/2+FevxWTvR+m/NqsbWFujuYnu3j pCyIc9+dScBnTgk1SjCsa7HdKBeuSOwVTJiE3FY6jLmfP2JwChKC/IgxxBM9AQOY GcuFPtVicifZihtWaqwa =VzEN -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
