Hi.
sqlmap is always trying to use fastest technique available, and in case
that something goes wrong it retries with slower ones.
In your case something went wrong with union and sqlmap residued to blind
technique.
Question is why. Can you please send a traffic file for that run (-t
traffic.txt --dump --fresh-queries -T ... -D ...). You don't have to let it
run for the whole run. I am only interested into first couple of requests.
Also, you could try to establish the problematic column for that case by
using option -C ...
Kind regards,
Miroslav Stampar
On Jul 28, 2013 5:52 AM, "Carlos Silva" <r3...@r3pek.org> wrote:
> Hi!
>
> I found an odd behavior on sqlmap. I throwed it and url where it found
> this:
> Place: GET
> Parameter: pub
> Type: boolean-based blind
> Title: AND boolean-based blind - WHERE or HAVING clause
> Payload: XXX=' OR '1'='1' AND 5523=5523 AND 'YIrb'='YIrb
>
> Type: UNION query
> Title: Generic UNION query (NULL) - 6 columns
> Payload: XXX=' OR '1'='1' UNION ALL SELECT
> NULL,NULL,CHR(113)||CHR(97)||CHR(101)||CHR(98)||CHR(113)||CHR(69)||CHR(111)||CHR(119)||CHR(107)||CHR(115)||CHR(118)||CHR(118)||CHR(66)||CHR(98)||CHR(115)||CHR(113)||CHR(110)||CHR(109)||CHR(107)||CHR(113),NULL,NULL,NULL
> FROM DUAL--
>
> Type: AND/OR time-based blind
> Title: Oracle AND time-based blind (heavy query)
> Payload: XXX=' OR '1'='1' AND 4237=(SELECT COUNT(*) FROM ALL_USERS
> T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) AND 'DQxD'='DQxD
>
> So, the best way to dump the DB would be to use the UNION query since it
> can retrieve the whole table at a time.
>
> Now, the funny thing is that it actually used this for the first 4 or 5
> tables, which are 5 or 6 columns wide, but then, on a table with only 3
> columns it didn't. It is now using a slow-moving AND boolean-based attack
> to dump the table char-by-char but I can't understand why. Any known reason
> for this? Or I'm just missing something?
>
>
> ------------------------------------------------------------------------------
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
