Skip to content

Not parsing data from JSON #4842

New issue
New issue
Closed
Closed
Not parsing data from JSON#4842
Labels
bug report
@kobyan1

Description

@kobyan1
kobyan1
opened on Oct 3, 2021

I am trying to get tables in a database. SqlMap tried this payload first:
UNION ALL SELECT ...CONCAT(0x71717a7171,JSON_ARRAYAGG(CONCAT_WS(0x78617366716d,table_schema,table_name)),0x716b7a7a71)... FROM INFORMATION_SCHEMA.TABLES WHERE table_schema IN (...)-- -

SqlMap received a JSON response from the site:
{...,"data":[...,["qqzqq[\"<table_schema>xasfq<table_name>\", \"<table_schema>xasfq<table_name>\", \"<table_schema>xasfq<table_name>\", \"<table_schema>xasfq<table_name>\", \"<table_schema>xasfq<table_name>\", \"<table_schema>xasfq<table_name>\", \"<table_schema>xasfq<table_name>\", \"<table_schema>xasfq<table_name>\", \"<table_schema>xasfq<table_name>\", \"<table_schema>xasfq<table_name>\", \"<table_schema>xasfq<table_name>\", \"<table_schema>xasfq<table_name>\", \"<table_schema>xasfq<table_name>\", \"<table_schema>xasfq<table_name>\", \"<table_schema>xasfq<table_name>\", \"<table_schema>xasfq<table_name>\", \"<table_schema>xasfq<table_name>\", \"<table_schema>xasfq<table_name>\", \"<table_schema>xasfq<table_name>\", \"<table_schema>xasfq<table_name>\", \"<table_schema>xasfq<table_name>\", \"<table_schema>xasfq<table_name>\", \"<table_schema>xasfq<table_name>\", \"<table_schema>xasfq<table_name>\", \"<table_schema>xasfq<table_name>\", \"<table_schema>xasfq<table_name>\", \"<table_schema>xasfq<table_name>\", \"<table_schema>xasfq<table_name>\", \"<table_schema>xasfq<table_name>\", \"<table_schema>xasfq<table_name>\", \"<table_schema>xasfq<table_name>\", \"<table_schema>xasfq<table_name>\"]qkzzq",...]]}

This answer contained all the required tables, but sqlmap for some reason used a next payload:
UNION ALL SELECT ...CONCAT(0x71717a7171,IFNULL(CAST(table_schema AS NCHAR),0x20),0x78617366716d,IFNULL(CAST(table_name AS NCHAR),0x20),0x716b7a7a71)... FROM INFORMATION_SCHEMA.TABLES WHERE table_schema IN (...)-- -

To this Sqlmap received a response:
{...,"data":[...,["qqzqq<table_schema>xasfqm<table_name>qkzzq",...]]}

As a result sqlmap showed only the table from the last payload.
It looks like it failed to parse the JSON to get the necessary tables from first response

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug report

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions