Re: [sqlmap-users] i think there may be a bug in "Oracle AND error-based - WHERE or HAVING clause (
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] i think there may be a bug in "Oracle AND error-based - WHERE or HAVING clause (XMLType)" in sqlmap1.0-dev
|
From: Miroslav S. <mir...@gm...> - 2011-12-04 13:49:53
|
Hi.
Could you please send me privately traffic files got by -t traffic.txt
--technique=E --flush-session for both cases (run with v0.9 and v1.0-dev)?
Thing is that everything runs properly on local VM.
Kind regards,
Miroslav Stampar
On Dec 4, 2011 2:30 PM, "CoeTs7" <tm...@ho...> wrote:
> when i test a injectable point, i found sqlmap0.9 can exploit while
> 1.0-dev(r4567) can not.
>
> 1.0-dev first send
>
> *testf') AND 3339=(SELECT
> UPPER(XMLType(CHR(60)||CHR(58)||CHR(116)||CHR(105)||CHR(102)||CHR(58)||(SELECT
> (CASE WHEN (3339=3339) THEN 1 ELSE 0 END) FROM
> DUAL)||CHR(58)||CHR(120)||CHR(110)||CHR(109)||CHR(58)||CHR(62))) FROM DUAL)
> AND ('QjCL'='QjCL*
>
> to see if the controllable part is in parentheses . the webpage return a
> "query Not properly closed" error.
> so it go on to send
>
> *testf' AND 3339=(SELECT
> UPPER(XMLType(CHR(60)||CHR(58)||CHR(116)||CHR(105)||CHR(102)||CHR(58)||(SELECT
> (CASE WHEN (3339=3339) THEN 1 ELSE 0 END) FROM
> DUAL)||CHR(58)||CHR(120)||CHR(110)||CHR(109)||CHR(58)||CHR(62))) FROM DUAL)
> AND 'ZCna'='ZCn*
>
> the webpage return a error page contained
>
> *ORA-19202: XML 处理
> LPX-00110: Warning: 无效的 QName ":tif:1:xnm:" (不是名称)
> Error at line 1*
>
> when receive this, sqlmap0.9 will tell that this is injectable( this is
> obvious) but sqlmap 1.0 exit and tell me that all parameters appear to be
> not injectable. i tried to raise risk/level but that didn't work at all.
>
>
>
> ------------------------------------------------------------------------------
> All the data continuously generated in your IT infrastructure
> contains a definitive record of customers, application performance,
> security threats, fraudulent activity, and more. Splunk takes this
> data and makes sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-novd2d
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
|
