Hi. Update to the latest revision and do the following:
.. --tables --limit=105 Bye p.s. you are lucky that you are using MySQL as this patch is "doable" (as MySQL uses LIMIT m,n mechanism) p.p.s. for example: A) python sqlmap.py -u "http://testphp.vulnweb.com/artists.php?artist=1"; --technique=B --tables -D acuart returns Database: acuart [8 tables] +-----------+ | artists | | carts | | categ | | featured | | guestbook | | pictures | | products | | users | +-----------+ while B) python sqlmap.py -u "http://testphp.vulnweb.com/artists.php?artist=1"; --technique=B --tables -D acuart --start 5 returns Database: acuart [4 tables] +-----------+ | guestbook | | pictures | | products | | users | +-----------+ On Mon, Sep 28, 2015 at 11:04 AM, Miroslav Stampar < miroslav.stam...@gmail.com> wrote: > Just a sec. Will do some "adjustments" :) > > Bye > > On Mon, Sep 28, 2015 at 10:25 AM, Indra Zulkarnain <netzerosp...@gmail.com > > wrote: > >> Mysql >> On Sep 28, 2015 3:18 PM, "Miroslav Stampar" <miroslav.stam...@gmail.com> >> wrote: >> >>> Which DBMS? >>> >>> Bye >>> >>> On Mon, Sep 28, 2015 at 10:07 AM, Indra Zulkarnain < >>> netzerosp...@gmail.com> wrote: >>> >>>> Hi miro >>>> >>>> Owh i see.. >>>> Ok thanks for the reply >>>> >>>> I'm using time based injection so you can imagine how long it takes for >>>> me to do 113 tables from the start instead of resuming from 105 >>>> >>>> Thanks again >>>> On Sep 28, 2015 2:45 PM, "Miroslav Stampar" <miroslav.stam...@gmail.com> >>>> wrote: >>>> >>>>> Hi. >>>>> >>>>> You haven't told which SQLi technique has been identified by sqlmap >>>>> (e.g. boolean-based blind). Also, has sqlmap extracted those table names >>>>> by >>>>> common table name search or by regular querying of the system tables (you >>>>> could remember this from first sqlmap's run). >>>>> >>>>> If you are combining --common-tables with regular --tables, especially >>>>> if the sqlmap uses regular querying of system tables, this won't work. >>>>> Thing is that sqlmap doesn't know what is the "first table in database", >>>>> nor "second table in database", nor... All those tables are the same when >>>>> querying from system tables. Also, there can't be one huge "...WHERE >>>>> table_name NOT IN ('...','...'...)" as your request would most probably be >>>>> dropped by the web server (due to its HUGE length). >>>>> >>>>> Bye >>>>> >>>>> On Mon, Sep 28, 2015 at 3:40 AM, Indra Zulkarnain < >>>>> netzerosp...@gmail.com> wrote: >>>>> >>>>>> Hi, miro thanks for the reply >>>>>> >>>>>> Actually I already have 105 tables name crack so I use it in common >>>>>> tables. >>>>>> I'm try to run a sqlmap with - - common tables >>>>>> >>>>>> So far it works a sqlmap successfully brute force all the 105 table >>>>>> names >>>>>> But when I try to resume it with --tables it start from 1 again >>>>>> >>>>>> I just thought that if a sqlmap can do start and stop for data >>>>>> extraction why not table names >>>>>> On Sep 27, 2015 9:01 PM, "Miroslav Stampar" < >>>>>> miroslav.stam...@gmail.com> wrote: >>>>>> >>>>>>> In case of flushing the session, nothing is being left (session is >>>>>>> erased and overwritten). >>>>>>> >>>>>>> Bye >>>>>>> >>>>>>> On Sun, Sep 27, 2015 at 5:45 AM, Indra Zulkarnain < >>>>>>> netzerosp...@gmail.com> wrote: >>>>>>> >>>>>>>> hi guys >>>>>>>> >>>>>>>> is there a way to resume tables injection >>>>>>>> >>>>>>>> i already have 105 tables but then i flush the session >>>>>>>> how do i start from 105 to 113 tables >>>>>>>> >>>>>>>> thanks >>>>>>>> >>>>>>>> >>>>>>>> ------------------------------------------------------------------------------ >>>>>>>> _______________________________________________ >>>>>>>> sqlmap-users mailing list >>>>>>>> sqlmap-users@lists.sourceforge.net >>>>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Miroslav Stampar >>>>>>> http://about.me/stamparm >>>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Miroslav Stampar >>>>> http://about.me/stamparm >>>>> >>>> >>> >>> >>> -- >>> Miroslav Stampar >>> http://about.me/stamparm >>> >> > > > -- > Miroslav Stampar > http://about.me/stamparm > -- Miroslav Stampar http://about.me/stamparm
------------------------------------------------------------------------------
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
