Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Assistance Needed with Sqlmap Security Product #5695

Open
aryater2212 opened this issue Apr 24, 2024 · 2 comments
Open

Assistance Needed with Sqlmap Security Product #5695

aryater2212 opened this issue Apr 24, 2024 · 2 comments
Labels
bug report

Comments

@aryater2212
Copy link

Dear Stamp,

I hope this email finds you well. I am writing to seek assistance regarding an issue I encountered while using the Sqlmap security product.

During my usage of the Sqlmap security product, I identified and confirmed two injection types. The first type is boolean-based blind with DBMS set to MySQL, and the second type is time-based blind.

Following this, I submitted a request to Sqlmap to obtain databases (denoted by --dbs) using time-based blind injection. I received a response for the --dbs request, and it successfully listed all databases. However, when I attempted to retrieve tables (denoted by --tables), I encountered an obstacle.

The --tables request seems to be repeating the content of one table byte, such as "action," for all tables. This repetition fills up the response with the number of tables present, but it does not provide the actual table names or information. I have been unable to identify the root cause of this issue, and I would greatly appreciate your assistance in resolving it.

Could you please provide guidance on how to troubleshoot and resolve this issue? Additionally, if there are any specific configurations or adjustments that need to be made, please let me know.

Thank you very much for your attention to this matter. I look forward to your prompt response and assistance.

1
2
Best regards,
@stamparm
Copy link
Member

you should run sqlmap with -v 3 and try to find whether some of payloads are wrong during the retrieval of those table names

@aryater2212
Copy link
Author

aryater2212 commented May 11, 2024 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug report
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stamparm @aryater2212