-
-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sqlmap Uses Incompatible MySQL Function JSON_STORAGE_FREE with MariaDB #5713
Comments
Vulnerable code snippet, if needed:
|
you should do better and inspect the sqlmap's source code, at least from which part of it that same call is made. let me help: https://github.com/sqlmapproject/sqlmap/blob/master/plugins/dbms/mysql/fingerprint.py#L206-L210. this is just to check whether the sqlmap is dealing with MySQL>=8.0.0. it doesn't affect the further workflow in any case/scenario please don't be trigger happy when seeing a HTTP error code during a web (pen)test. it is perfectly normal to get non-200 here and there, especially if you are using an automated tool like sqlmap |
@stamparm Yeah, sorry, my mistake. I have tried to inject sql query this way:
I thought HTTP errors and the use of incorrect functions were to blame, but MySQL reacts the same way. Important note, these are my resources |
Description:
When using sqlmap to test a web application running with MariaDB, it incorrectly attempts to use the
JSON_STORAGE_FREE
function, which is exclusive to MySQL, resulting in errors.Steps to Reproduce:
Expected Behavior:
sqlmap correctly recognizes the DBMS type (MariaDB in this case) and adapt its function calls accordingly, avoiding the use of MySQL-specific functions.
Running Environment:
./sqlmap.py
Target Details:
11.3.2-MariaDB-1:11.3.2+maria~ubu2204
Relevant Console Output:
Exception Traceback:
Additional Information:
This error may lead to an incomplete or incorrect analysis of the security posture of the web application when MariaDB is used instead of MySQL. Adjusting sqlmap to better recognize and differentiate MariaDB specific functions could mitigate this issue.
The text was updated successfully, but these errors were encountered: