Re: [sqlmap-users] Injection into columns list
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Injection into columns list
|
From: Miroslav S. <mir...@gm...> - 2012-07-25 09:47:55
|
Hi. How would you exploit this: SELECT $_GET['id'] FROM table on all DBMSes? Oracle and MySQL have DUAL but what with others? At the end we'll end with 10 new payloads and/or boundaries each of those covering each DBMS. Kind regards, Miroslav Stampar On Wed, Jul 25, 2012 at 11:28 AM, Dennis <kor...@ya...> wrote: > I'm not sure about Troy, but I had a similar case recently. I could > control the bit of the query between SELECT and FROM, which could be > exploited either with nested (SELECT)s or by expanding the query with > another FROM [...] UNION SELECT [...] to extend the query. SQLmap did not > find the injection. The DBMS was Oracle. > > Cheers > > > Am 25.07.2012 00:48, schrieb Miroslav Stampar: > > Hi Troy. > > More info is required for sure. > > You mean that you just need a (SELECT...)/subquery type of injection? This > is something that we are aware that we need to do. > > Kind regards, > Miroslav Stampar > On Jul 24, 2012 11:18 PM, "Troy B" <pow...@gm...> > wrote: > >> Evening all, >> >> I had an SQL injection into a MySQL5-based web application the other >> week which involved me having control over the column list being selected. >> I tried sqlmap against the URL, but it didn't find the injection point. I >> tried again, taking the --level and --risk a little higher, but still >> nothing. >> >> In the end, I manually exploited it using a sub-select. Was I doing >> something wrong with sqlmap, or will it not identify injection points like >> that? I can provide an example of the query the application was using if >> this helps. >> >> Regards, >> >> Matt >> >> >> ------------------------------------------------------------------------------ >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. Discussions >> will include endpoint security, mobile security and the latest in malware >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > > > _______________________________________________ > sqlmap-users mailing lis...@li...https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > -- Miroslav Stampar http://about.me/stamparm |
