[sqlmap-users] Tricky situation..
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] Tricky situation..
|
From: <ja...@ev...> - 2010-04-05 21:40:13
|
Hello, I'm exploiting a redirection script.. http://site.com/redirect.asp?sid=7321. When i feed it a ' at the end of the URL i get.. Microsoft OLE DB Provider for SQL Server error '80040e14' Unclosed quotation mark after the character string ''. /redirect.asp, line 23 Looks good, right? No. [jl@rashid-abdul-abmerhenijan sqlmap-dev]$ ./sqlmap -u "http://site/redirect.asp?sid=7321" -v 5 sqlmap/0.9-dev - automatic SQL injection and database takeover tool http://sqlmap.sourceforge.net [*] starting at: 17:20:07 [17:20:07] [DEBUG] initializing the configuration [17:20:07] [DEBUG] initializing the knowledge base [17:20:07] [DEBUG] cleaning up configuration parameters [17:20:07] [DEBUG] setting the HTTP timeout [17:20:07] [DEBUG] setting the HTTP method to GET [17:20:07] [DEBUG] creating HTTP requests opener object [17:20:07] [DEBUG] parsing XML queries file [17:20:07] [INFO] using '/home/jl/sqlmap-dev/output/site/session' as session file [17:20:07] [INFO] testing connection to the target url [17:20:07] [ERROR] page not found [*] shutting down at: 17:20:07 Is there some way to get SQLmap to exploit this? Here is the raw output Escape character is '^]'. GET /redirect.asp?sid=7321 HTTP/1.0 HTTP/1.1 302 Object moved Connection: close Date: Mon, 05 Apr 2010 21:18:52 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Location: censored_url.com/whatever_data Content-Length: 175 Content-Type: text/html Set-Cookie: source=; path=/ Set-Cookie: sid=220216217218; path=/ Cache-control: private <head><title>Object moved</title></head> <body><h1>Object Moved</h1>This object may be found <a HREF="censored for privacy">here</a>.</body> Connection closed by foreign host. Using latest SQLMap SVN -- Btw, good work on the MS Access support!@! -James @ Ev6.NET |
