Re: [sqlmap-users] OT: MySQL IFNULL replacement
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] OT: MySQL IFNULL replacement
|
From: Miroslav S. <mir...@gm...> - 2010-09-30 12:46:43
|
interesting.
for example, we already have a similar switch --use-between for cases
when '>' are filtered in blind injections.
we could add a switch for this one like --use-isnull but i am not sure
if it will be ever used (except you :).
any suggestion is more than welcome.
kr
On Wed, Sep 29, 2010 at 9:55 PM, Carlos Gabriel Vergara
<car...@gm...> wrote:
> Hi again. A curious thing: i was working with a server that at some
> point started to throw 403 errors on some injection strings. Doing a
> lot of analisys, i've found out that the string "IFNULL" (MySQL dbms)
> was the problem. Don't know why... this is the first scenario like
> this that i come across. Maybe an apache mod? why this word and not
> another "bad" strings?
>
> So, to fix it, i take a little proxy script in python, captured the
> sqlmap request, and replaced:
>
> IFNULL(arg1, arg2)
>
> ...with...
>
> IF(ISNULL(arg1),arg2,arg1)
>
> ...and worked :)
>
> The apache server header was something like this:
>
> Server: Apache mod_fcgid/2.3.5 mod_auth_passthrough/2.1
> mod_bwlimited/1.4 FrontPage/5.0.2.2635
>
> Found little info about that mods...
>
> Someone has the same issue on saw something like this before? This
> time i could bypass the problem because i was sure that the script was
> injectable ("nose" perhaps... no logic explanation), but i'm not sure
> to catch it in the future...
>
> Best regards,
>
> --
> --------8<--------
> Carlos Gabriel Vergara
> http://www.ThorSecurity.com.ar
>
> PGP: http://www.ThorSecurity.com.ar/gabrielvergara.pgp
> -------->8--------
>
> ------------------------------------------------------------------------------
> Start uncovering the many advantages of virtual appliances
> and start using them to simplify application deployment and
> accelerate your shift to cloud computing.
> http://p.sf.net/sfu/novell-sfdev2dev
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
--
Miroslav Stampar
E-mail / Jabber: miroslav.stampar (at) gmail.com
Mobile: +385921010204 (HR 0921010204)
PGP Key ID: 0xB5397B1B
Location: Zagreb, Croatia
|
