Closed uBadRequest closed 4 years ago
uBadRequest
commented
4 years ago Sorry! Just realized I didn't place the prefix and suffix in a code box so it removed the backslash.
--base64=obj --prefix='{\"ID\":\"' --suffix='\"}' -v 5
Anyways I found another way to do this!
uBadRequest
commented
4 years ago {"ID":"' UNION SELECT * from (SELECT 1)a JOIN (SELECT * from information_schema.tables)b#"}
Kept saying... Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, bool given in /var/www/html/index.php on line 34
Had to do it manually.
stamparm
commented
4 years ago I patched it with the latest revision, though, I am not sure that you are doing this properly. That same error doesn't prove nor say anything more than that MySQL is not "spitting" anything useful as a result
uBadRequest
commented
4 years ago What I meant was the way you had to do the injection was include 1 as a mysqli_result, and then use mysql.innodb_index_stats instead of information_schema to get the tables/database name. Does sqlmap not use that method of retrieving database/table names? It said it found an injection but could never get the table/database names
stamparm
commented
4 years ago It uses both system tables for such retrieval (https://github.com/sqlmapproject/sqlmap/blob/master/data/xml/queries.xml#L54-L57). You are now all of a sudden speaking about totally unrelated stuff
Describe the bug The prefix and suffix is changing backslashes to __BACKSLASH
To Reproduce
Expected behavior {"ID":"{\"ID\":\"'UNION SELECT FROM (SELECT 1)a JOIN (SELECT 1)b#\"}"} I wanted sqlmap to place payloads where "UNION SELECT FROM (SELECT 1)a JOIN (SELECT 1)b#" is and figured I could use prefixes to accomplish this.
Screenshots If applicable, add screenshots to help explain your problem.
Running environment:
Target details:
Additional context Challenge EZPZ on hackthebox