Re: [sqlmap-users] Dynamic parameter
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Dynamic parameter
|
From: Ignacio H. <nac...@gm...> - 2010-03-09 14:35:19
|
You can use the "-p param" option to avoid the dinamicy tests. And also i think the detection engine is going to be rewiritten to fix some flaws. Just try "-p searchquery" Cheers 2010/3/8 Wu, Michael <Mic...@fm...> > Hi, > I'm just starting with SQLMap. I have an app that has known SQL inject > vulnerabilities. http://www.badstore.net/ > > Here is the url after the application is installed and configured. > http://192.168.56.104/cgi-bin/badstore.cgi?searchquery=Money&action=sear > ch&x=0&y=0<http://192.168.56.104/cgi-bin/badstore.cgi?searchquery=Money&action=sear%0Ach&x=0&y=0> > > The searchquery parameter is known to have SQL injection vulnerabilities > (confirmed manaully as follows), > http://192.168.56.104/cgi-bin/badstore.cgi?searchquery=Money%27&action=s > earch&x=0&y=0<http://192.168.56.104/cgi-bin/badstore.cgi?searchquery=Money%27&action=s%0Aearch&x=0&y=0> > DBD::mysql::st execute failed: You have an error in your SQL syntax; > check the manual that corresponds to your MySQL server version for the > right syntax to use near ''Money'' IN (itemnum,sdesc,ldesc)' at line 1 > at /usr/local/apache/cgi-bin/badstore.cgi line 207. > > but SQL map 0.7 and 0.8-dev consistently report that this parameter is > not "dynamic". Could someone help please? > > SQL map output > GET > http://192.168.56.104:80/cgi-bin/badstore.cgi?searchquery=Money&action=s > earch&x=19&y=12<http://192.168.56.104:80/cgi-bin/badstore.cgi?searchquery=Money&action=s%0Aearch&x=19&y=12> > do you want to test this url? [Y/n/q] > > Y > [17:33:16] [INFO] testing url > http://192.168.56.104:80/cgi-bin/badstore.cgi?searchquery=Money&action=s > earch&x=19&y=12<http://192.168.56.104:80/cgi-bin/badstore.cgi?searchquery=Money&action=s%0Aearch&x=19&y=12> > [17:33:16] [INFO] testing connection to the target url > [17:33:16] [INFO] testing if the url is stable, wait a few seconds > [17:33:18] [INFO] url is stable > ... > > [17:33:21] [INFO] testing if GET parameter 'x' is dynamic > [17:33:21] [WARNING] GET parameter 'x' is not dynamic > [17:33:21] [INFO] testing if GET parameter 'searchquery' is dynamic > [17:33:21] [WARNING] GET parameter 'searchquery' is not dynamic > [17:33:21] [INFO] testing if GET parameter 'y' is dynamic > [17:33:21] [WARNING] GET parameter 'y' is not dynamic > > Regards > > Michael > > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > |
