Re: [sqlmap-users] Add a new Injection-Type to sqlmap?
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Add a new Injection-Type to sqlmap?
|
From: Miroslav S. <mir...@gm...> - 2012-07-28 09:56:27
|
Hi. We have something similar already covered, but your payload is original for sure. We'll probably include it as a standard one. Will let you know. Kind regards, Miroslav Stampar On Thu, Jul 26, 2012 at 11:02 AM, whp <wh...@po...> wrote: > Hi list/developer > > I stumbled over this type of injection while doing a pentest and thought of > implementing this kind of injection in sqlmap (I call is > "error-based-blind-injection"): > > The Webapp replied with "success", if the statement was correct, > regardless of > the number of returned rows (the rows actually were fetched in a subsequent > request). And with an empty respons, if the statement failed. So the > attack was > identified the following way (It is a Oracle DB): > > param=' and to_char(1/0) like '1 --> empty response because 1/0 is a > devision > by zero error > param=' and to_char(1/1) like '1 --> success > > Now I had to find a workaround to get sqlmap to identify this injection (it > only identified a time based blind, but I wanted a _fast_ attack) > > My solution: > prefix= ' and to_char(1/(case (select 'a' from dual where 1=1 > suffix= ) when 'a' then '1' else '0' end)) like '1 > > Know my question: is it possible to get this attack in sqlmap as a standard > attack - or is there an easier way to configure sqlmap? > > Additionaly the oracle -"order by" clause injection via a case-statement > would > be interesting. > > Your opinions/suggestions? > > Chris > -- > whp_at_pohlcity_dot_de > > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm |
