Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error in MS SQL payload when using --count #5492

Closed
kobyan opened this issue Aug 15, 2023 · 3 comments
Closed

Error in MS SQL payload when using --count #5492

kobyan opened this issue Aug 15, 2023 · 3 comments

Comments

@kobyan
Copy link

kobyan commented Aug 15, 2023

When fetching number of entries for table in Boolean Based SQLi in MS SQL
with --count:

[16:03:47] [PAYLOAD] 15536 AND UNICODE(SUBSTRING((SELECT COUNT(*) FROM <table>),1,1))>51

with --dump:

[16:10:20] [PAYLOAD] 15536 AND UNICODE(SUBSTRING((SELECT LTRIM(STR(COUNT(*))) FROM <table>),1,1))>51

As you can see, there is no conversion to string and trimming in --count payload, so it will throw an error when you try to SUBSTRING an int

@stamparm
Copy link
Member

it doesn't make sense. i am not able to reproduce it - though, running on MySQL COUNT(*) is properly null-casted (i.e. checking for NULL and casted to string)

are you using --no-cast or smth?

@stamparm
Copy link
Member

NOTE: for my future self: agent.py:493-504

@kobyan
Copy link
Author

kobyan commented Aug 16, 2023

it doesn't make sense. i am not able to reproduce it - though, running on MySQL COUNT(*) is properly null-casted (i.e. checking for NULL and casted to string)

are you using --no-cast or smth?

Yes, I use --no-cast.

@stamparm stamparm self-assigned this Aug 19, 2023
@stamparm stamparm added this to the 1.8 milestone Aug 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants