Skip to content

--sql-query can`t parse SQL statements properly #4564

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ChenYun4164 opened this issue Jan 31, 2021 · 1 comment
Closed

--sql-query can`t parse SQL statements properly #4564

ChenYun4164 opened this issue Jan 31, 2021 · 1 comment
Labels
bug report

Comments

@ChenYun4164
Copy link

Describe the bug

when use python3 sqlmap.py -d "mysql://cyun:[email protected]:3306/Security" --sql-query="show grants" -v 5
it response like

...
[INFO] fetching SQL SELECT statement query output: 'show grants'
[19:58:17] [PAYLOAD] SELECT show grants
[19:58:17] [WARNING] (remote) ProgrammingError: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'show grants' at line 1
...

and in mysql log i see this 120 Query SELECT show grants

this problem also in --sql-shell

Running environment:

Target details:

  • DBMS [Mysql]
@stamparm
Copy link
Member

SHOW GRANTS is a SQL statement which can't just be injected into some vulnerable SELECT statement to get its output

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug report
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stamparm @ChenYun4164