Hohoooo Cool thanks On Sep 28, 2015 4:15 PM, "Miroslav Stampar" <miroslav.stam...@gmail.com> wrote:
> Hi. > > Update to the latest revision and do the following: > > .. --tables --limit=105 > > Bye > > p.s. you are lucky that you are using MySQL as this patch is "doable" (as > MySQL uses LIMIT m,n mechanism) > p.p.s. > > for example: > > A) python sqlmap.py -u "http://testphp.vulnweb.com/artists.php?artist=1"; > --technique=B --tables -D acuart > > returns > > Database: acuart > [8 tables] > +-----------+ > | artists | > | carts | > | categ | > | featured | > | guestbook | > | pictures | > | products | > | users | > +-----------+ > > while > > B) python sqlmap.py -u "http://testphp.vulnweb.com/artists.php?artist=1"; > --technique=B --tables -D acuart --start 5 > > returns > > Database: acuart > [4 tables] > +-----------+ > | guestbook | > | pictures | > | products | > | users | > +-----------+ > > > On Mon, Sep 28, 2015 at 11:04 AM, Miroslav Stampar < > miroslav.stam...@gmail.com> wrote: > >> Just a sec. Will do some "adjustments" :) >> >> Bye >> >> On Mon, Sep 28, 2015 at 10:25 AM, Indra Zulkarnain < >> netzerosp...@gmail.com> wrote: >> >>> Mysql >>> On Sep 28, 2015 3:18 PM, "Miroslav Stampar" <miroslav.stam...@gmail.com> >>> wrote: >>> >>>> Which DBMS? >>>> >>>> Bye >>>> >>>> On Mon, Sep 28, 2015 at 10:07 AM, Indra Zulkarnain < >>>> netzerosp...@gmail.com> wrote: >>>> >>>>> Hi miro >>>>> >>>>> Owh i see.. >>>>> Ok thanks for the reply >>>>> >>>>> I'm using time based injection so you can imagine how long it takes >>>>> for me to do 113 tables from the start instead of resuming from 105 >>>>> >>>>> Thanks again >>>>> On Sep 28, 2015 2:45 PM, "Miroslav Stampar" < >>>>> miroslav.stam...@gmail.com> wrote: >>>>> >>>>>> Hi. >>>>>> >>>>>> You haven't told which SQLi technique has been identified by sqlmap >>>>>> (e.g. boolean-based blind). Also, has sqlmap extracted those table names >>>>>> by >>>>>> common table name search or by regular querying of the system tables (you >>>>>> could remember this from first sqlmap's run). >>>>>> >>>>>> If you are combining --common-tables with regular --tables, >>>>>> especially if the sqlmap uses regular querying of system tables, this >>>>>> won't >>>>>> work. Thing is that sqlmap doesn't know what is the "first table in >>>>>> database", nor "second table in database", nor... All those tables are >>>>>> the >>>>>> same when querying from system tables. Also, there can't be one huge >>>>>> "...WHERE table_name NOT IN ('...','...'...)" as your request would most >>>>>> probably be dropped by the web server (due to its HUGE length). >>>>>> >>>>>> Bye >>>>>> >>>>>> On Mon, Sep 28, 2015 at 3:40 AM, Indra Zulkarnain < >>>>>> netzerosp...@gmail.com> wrote: >>>>>> >>>>>>> Hi, miro thanks for the reply >>>>>>> >>>>>>> Actually I already have 105 tables name crack so I use it in common >>>>>>> tables. >>>>>>> I'm try to run a sqlmap with - - common tables >>>>>>> >>>>>>> So far it works a sqlmap successfully brute force all the 105 table >>>>>>> names >>>>>>> But when I try to resume it with --tables it start from 1 again >>>>>>> >>>>>>> I just thought that if a sqlmap can do start and stop for data >>>>>>> extraction why not table names >>>>>>> On Sep 27, 2015 9:01 PM, "Miroslav Stampar" < >>>>>>> miroslav.stam...@gmail.com> wrote: >>>>>>> >>>>>>>> In case of flushing the session, nothing is being left (session is >>>>>>>> erased and overwritten). >>>>>>>> >>>>>>>> Bye >>>>>>>> >>>>>>>> On Sun, Sep 27, 2015 at 5:45 AM, Indra Zulkarnain < >>>>>>>> netzerosp...@gmail.com> wrote: >>>>>>>> >>>>>>>>> hi guys >>>>>>>>> >>>>>>>>> is there a way to resume tables injection >>>>>>>>> >>>>>>>>> i already have 105 tables but then i flush the session >>>>>>>>> how do i start from 105 to 113 tables >>>>>>>>> >>>>>>>>> thanks >>>>>>>>> >>>>>>>>> >>>>>>>>> ------------------------------------------------------------------------------ >>>>>>>>> _______________________________________________ >>>>>>>>> sqlmap-users mailing list >>>>>>>>> sqlmap-users@lists.sourceforge.net >>>>>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Miroslav Stampar >>>>>>>> http://about.me/stamparm >>>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Miroslav Stampar >>>>>> http://about.me/stamparm >>>>>> >>>>> >>>> >>>> >>>> -- >>>> Miroslav Stampar >>>> http://about.me/stamparm >>>> >>> >> >> >> -- >> Miroslav Stampar >> http://about.me/stamparm >> > > > > -- > Miroslav Stampar > http://about.me/stamparm >
------------------------------------------------------------------------------
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
