[sqlmap-users] OT: MySQL IFNULL replacement

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi again. A curious thing: i was working with a server that at some
point started to throw 403 errors on some injection strings. Doing a
lot of analisys, i've found out that the string "IFNULL" (MySQL dbms)
was the problem. Don't know why... this is the first scenario like
this that i come across. Maybe an apache mod? why this word and not
another "bad" strings?

So, to fix it, i take a little proxy script in python, captured the
sqlmap request, and replaced:

IFNULL(arg1, arg2)

...with...

IF(ISNULL(arg1),arg2,arg1)

...and worked :)

The apache server header was something like this:

Server: Apache mod_fcgid/2.3.5 mod_auth_passthrough/2.1
mod_bwlimited/1.4 FrontPage/5.0.2.2635

Found little info about that mods...

Someone has the same issue on saw something like this before? This
time i could bypass the problem because i was sure that the script was
injectable ("nose" perhaps... no logic explanation), but i'm not sure
to catch it in the future...

Best regards,

-- 
--------8<--------
Carlos Gabriel Vergara
http://www.ThorSecurity.com.ar

PGP: http://www.ThorSecurity.com.ar/gabrielvergara.pgp
-------->8--------