On Wed, Nov 28, 2012 at 10:12 AM, Stephen Shkardoon wrote:
> Don't all these current methods rely on either the hostname of the MySQL
> server to be something that actually resolves, or a authentication rule
> using a public IP? If a server is NAT'd, won't both of these fail?
> Could a more reliab
On Wed, Nov 28, 2012 at 4:04 PM, Miroslav Stampar
wrote:
> Hi.
>
> If you want to get IP addresses of interest you could try something like
> this:
> --sql-query="SELECT host, user FROM mysql.user WHERE user LIKE '%root%' OR
> user LIKE '%admin%'"
>
> back-end DBMS: MySQL >= 5.0.0
> [10:00:24] [IN
Don't all these current methods rely on either the hostname of the MySQL
server to be something that actually resolves, or a authentication rule
using a public IP? If a server is NAT'd, won't both of these fail?
Could a more reliable way of getting the IP/hostname be make a DNS request
or simliar,
Hi.
If you want to get IP addresses of interest you could try something like
this:
--sql-query="SELECT host, user FROM mysql.user WHERE user LIKE '%root%' OR
user LIKE '%admin%'"
back-end DBMS: MySQL >= 5.0.0
[10:00:24] [INFO] fetching SQL SELECT statement query output: 'SELECT host,
user FROM my
this problem was fixed.thks
thanks&Best Regards
From: Zaki Akhmad
Date: 2012-11-28 16:34
To: root
CC: Luka Pušić; sqlmap-users
Subject: Re: [sqlmap-users] GitHub for Windows
On Fri, Nov 9, 2012 at 9:00 PM, root wrote:
On Wed, Nov 28, 2012 at 3:53 PM, Leon Jacobs wrote:
> On Wed, Nov 28, 2012 at 10:48 AM, Miroslav Stampar
> wrote:
>>
>> That proposed solution is equivalent to the SELECT @@hostname (except that
>> last one doesn't need that non-query SHOW statement). Only thing is that
>> you'll get a same resul
On Wed, Nov 28, 2012 at 10:48 AM, Miroslav Stampar <
miroslav.stam...@gmail.com> wrote:
> That proposed solution is equivalent to the SELECT @@hostname (except that
> last one doesn't need that non-query SHOW statement). Only thing is that
> you'll get a same result as in --hostname which is not a
That proposed solution is equivalent to the SELECT @@hostname (except that
last one doesn't need that non-query SHOW statement). Only thing is that
you'll get a same result as in --hostname which is not an IP address that
your require. Have to seek what can be used here.
Kind regards
On Wed, Nov
On Wed, Nov 28, 2012 at 3:39 PM, Leon Jacobs wrote:
> If its MySQL and according to [1], try:
>
> $ python sqlmap.py -u something --sql-query="show variables where
> Variable_name = 'hostname'"
>
> I am not 100% sure about the required permissions/escaping that might be
> needed to achieve this v
On Wed, Nov 28, 2012 at 10:31 AM, Zaki Akhmad wrote:
> Hello,
>
> I found SQL injection vulnerability. I want to know the database
> server IP address. From the fingerprint result, the database server is
> MySQL. How should I write the --sql-query so that I could retrieve the
> MySQL database ser
On Fri, Nov 9, 2012 at 9:00 PM, root wrote:
>
>no,i not modified sqlmap's files
Try this command:
$ git pull origin master
--
Zaki Akhmad
--
Keep yourself connected to Go Parallel:
INSIGHTS What's next f
Hello,
I found SQL injection vulnerability. I want to know the database
server IP address. From the fingerprint result, the database server is
MySQL. How should I write the --sql-query so that I could retrieve the
MySQL database server IP address? It's n-tier web appliction.
$ python sqlmap.py -u
12 matches
Mail list logo
