Hi Till.
I don't want to break your balls, but :)
There are lots of things that need to be fulfilled in this approach for it
to be useful. Hence, implementing it in automated tool would be unusable. In
short, lots of variables/parameters make systems self-destructible :)
Kr
Kr
On 13.7.2011. 14:
ers
- Till
> Date: Tue, 12 Jul 2011 23:45:41 +0200
> Subject: Re: [sqlmap-users] Subquery payloads on mysql <4.1
> From: miroslav.stam...@gmail.com
> To: till...@hotmail.com
> CC: sqlmap-users@lists.sourceforge.net
>
> found one (VM) and done some tests :)
>
> you are
found one (VM) and done some tests :)
you are right, subqueries can't be used on MySQL < 4.1 which means
that sql injection there is of no significant value (e.g. dumping of
table content which inherently requires subquerying mechanism).
kr
On Tue, Jul 12, 2011 at 11:23 PM, Miroslav Stampar
wro
ok, got the point.
also seen the same thing on Twitter few days ago, maybe it was you :)
two things:
A) does anyone have experience with subqueries on MySQL < 4.1?
B) is there some VM around that carry for example MySQL 3.x ready for testing?
kr
On Tue, Jul 12, 2011 at 1:01 PM, Till .ch wrote:
Hi Till,
Is the injection point only boolean? No UNION? No error-based? Try to
increase the value of --level. Can you enumerate the -b? A run with -t
traffic.log and inspection of the log file afterwards would be
helpful.
I reckon I've only detected a SQL injection in MySQL < 4.1 long time
ago and
Hi
Lately I've been playing with sqlmap and a 4.0 mysql server. Sqlmap detected
the injection point just fine, but struggled with gathering information about
other tables.
I guess this happened due to the fact as subqueries have been introduced with
mysql >=4.1 (http://dev.mysql.com/doc/refma
