I was trying to leverage sqlmap for an error based injection which requires using extractvalue technique. Seems to work fine for basic info, however there is a character limitation to the results with this xpath methods typically limiting result to 26 chars due to nature of floating point values it expects or something. Anyways, when dumping password column, which is MD5 (32 char hex), SQLMAP fails to get the full values. Now this can easily be accomplished manually via checking length of result prior to query, then leveraging mid() to extract the chunks of the result.
like so: sElEct mid(user_pass, 1,26) from adm_users limit 0,1 sElEct mid(user_pass, 27,32) from adm_users limit 0,1 I can do this from the --sql-shell or via --sql-query, but its taking forever as I have a number of rows to fetch (150+). Any chance you could look into adding some length checking to extractvalue attacks and leveraging mid or substr where needed to get full results? Additionally, it would be great if I could load a file with one query per line to run embedded. I thought the --sql-file option might accomplish this task but it seems to be looking for a full .sql file to load and run. I can't find anything in the docs or on the wiki on how to use this option. Any chance you could shed some light on this option? How should I format this .sql file for attack payload to be used? Can you look into adding a simpler option like a --sql-query-file=FILE to load one query per line from FILE to embed and run, similar to the --sql-query option that exists, just allowing for more bulk queries to be run in a sequential order from file instead of typing them all in manually for these weird edge case scenarios. i.e. cat queries.txt sElEct mid(user_pass, 1,26) from adm_users limit 0,1 sElEct mid(user_pass, 27,32) from adm_users limit 0,1 sElEct mid(user_pass, 1,26) from adm_users limit 1,1 sElEct mid(user_pass, 27,32) from adm_users limit 1,1 sElEct mid(user_pass, 1,26) from adm_users limit 2,1 sElEct mid(user_pass, 27,32) from adm_users limit 2,1 ... sElEct mid(user_pass, 1,26) from adm_users limit 150,1 sElEct mid(user_pass, 27,32) from adm_users limit 150,1 Thoughts? Thanks, HR
------------------------------------------------------------------------------
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
