Re: [sqlmap-users] Tricky situation..
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Tricky situation..
|
From: Bernardo D. A. G. <ber...@gm...> - 2010-04-06 11:26:55
|
James, If the web server returns a HTTP return code 301 or 302, sqlmap (as of 0.9-dev) asks the user if he wants to follow the redirection or not (assuming the web server sent a Location or URI header in the HTTP response). In your case it does. "page not found" error message is displayed only when the HTTP return code is 404 so the redirected page might return such code. Can you please provide us with the -v 5 output and/or a pcap of the traffic? If it's a sensible site, do so privately please. Regards, Bernardo On Mon, Apr 5, 2010 at 22:22, <ja...@ev...> wrote: > > Hello, > > I'm exploiting a redirection script.. > http://site.com/redirect.asp?sid=7321. > > When i feed it a ' at the end of the URL i get.. > > Microsoft OLE DB Provider for SQL Server error '80040e14' > > Unclosed quotation mark after the character string ''. > > /redirect.asp, line 23 > > Looks good, right? No. > > [jl@rashid-abdul-abmerhenijan sqlmap-dev]$ ./sqlmap -u > "http://site/redirect.asp?sid=7321" -v 5 > > sqlmap/0.9-dev - automatic SQL injection and database takeover tool > http://sqlmap.sourceforge.net > > [*] starting at: 17:20:07 > > [17:20:07] [DEBUG] initializing the configuration > [17:20:07] [DEBUG] initializing the knowledge base > [17:20:07] [DEBUG] cleaning up configuration parameters > [17:20:07] [DEBUG] setting the HTTP timeout > [17:20:07] [DEBUG] setting the HTTP method to GET > [17:20:07] [DEBUG] creating HTTP requests opener object > [17:20:07] [DEBUG] parsing XML queries file > [17:20:07] [INFO] using '/home/jl/sqlmap-dev/output/site/session' as > session file > [17:20:07] [INFO] testing connection to the target url > [17:20:07] [ERROR] page not found > > [*] shutting down at: 17:20:07 > > Is there some way to get SQLmap to exploit this? > > Here is the raw output > > Escape character is '^]'. > GET /redirect.asp?sid=7321 HTTP/1.0 > > HTTP/1.1 302 Object moved > Connection: close > Date: Mon, 05 Apr 2010 21:18:52 GMT > Server: Microsoft-IIS/6.0 > X-Powered-By: ASP.NET > Location: censored_url.com/whatever_data > Content-Length: 175 > Content-Type: text/html > Set-Cookie: source=; path=/ > Set-Cookie: sid=220216217218; path=/ > Cache-control: private > > <head><title>Object moved</title></head> > <body><h1>Object Moved</h1>This object may be found <a HREF="censored for > privacy">here</a>.</body> > Connection closed by foreign host. > > Using latest SQLMap SVN -- Btw, good work on the MS Access support!@! > > -James @ Ev6.NET > > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
