Re: [sqlmap-users] Stack query detection misbehavior
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Stack query detection misbehavior
|
From: Miroslav S. <mir...@gm...> - 2013-06-05 12:33:49
|
Hi David. Thank you for your report and find it fixed now. Kind regards, Miroslav Stampar On Wed, Jun 5, 2013 at 12:18 PM, David Alvarez <dav...@gm...>wrote: > Hi, > > I have found out a misbehavior in the detection phase, sqlmap detects a > stack query injectable with the following request: > POST /path > abc=%27%29%3B%20SELECT%20SLEEP%285%29--%20 > > However, when Sqlmap checks if the injection point is a false positive, > it's using the following payload: > > abc=%27%29%3B%20IF%28%28%2884%2B88%29%3D172%29%2CSLEEP%285%29%2C5577%29--%20 > > At this moment, it replies with a false positive or unexploitable point, > so the correct payload for Mysql v5.5 will be: > > %27%29%3B%20SELECT%20IF%28%28%2884%2B88%29%3D172%29%2CSLEEP%285%29%2C5577%29--%20 > > The problem is in line 2028 of xml/payloads.xml file, the correct one for > MySQL v5.5 is: > <vector>; *SELECT* IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector> > > payloads.xml: > ... > <!-- Stacked queries tests --> > <test> > <title>MySQL > 5.0.11 stacked queries</title> > <stype>4</stype> > <level>1</level> > <risk>0</risk> > <clause>0</clause> > <where>1</where> > *<vector>; IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>* > <request> > <payload>; SELECT SLEEP([SLEEPTIME])</payload> > <comment>-- </comment> > </request> > <response> > <time>[SLEEPTIME]</time> > </response> > <details> > <dbms>MySQL</dbms> > <dbms_version>> 5.0.11</dbms_version> > </details> > </test> > > Regards > > > > > ------------------------------------------------------------------------------ > How ServiceNow helps IT people transform IT departments: > 1. A cloud service to automate IT design, transition and operations > 2. Dashboards that offer high-level views of enterprise services > 3. A single system of record for all IT processes > http://p.sf.net/sfu/servicenow-d2d-j > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
