Re: [sqlmap-users] A simple injection case failing
Brought to you by:
inquisb
From: Stephen S. <ss...@ss...> - 2013-06-10 18:28:51
|
Hi, After trying to figure out exactly what's going on, it looks like the input ParameterOne is truncated to 167 characters. It's a blackbox test so I'm not sure how it's producing valid SQL, but I guess my next question is, if an input size is constrained like this, does sqlmap have a mechanism for still working? As long as database/table/field names aren't amazing long, it should be possible for sqmap to exfil data, right? Thanks, Stephen On Wed, Jun 5, 2013 at 9:56 AM, Miroslav Stampar <mir...@gm... > wrote: > Hi. > > That site is trimming results (seems to do it to 14 chars in length). > > For example, request [#32]: > > ParamterOne=-4230' UNION ALL SELECT > NULL,NULL,CHAR(58)+CHAR(106)+CHAR(117)+CHAR(103)+CHAR(58)+CHAR(75)+CHAR(108)+CHAR(101)+CHAR(113)+CHAR(75)+CHAR(89)+CHAR(67)+CHAR(120)+CHAR(113)+CHAR(116)+CHAR(58)+CHAR(104)+CHAR(111)+CHAR(114)+CHAR(58)-- > &ParameterTwo=10,11,12,35,61 > > can be decoded to: > > ParamterOne=-4230' UNION ALL SELECT NULL,NULL,*:jug:KleqKYCxqt:hor:*-- > &ParameterTwo=10,11,12,35,61 > > while in response there is: > :jug:KleqKYCxq > > In this kind of cases you'll need to (at least try to) exploit it manually. > > Kind regards, > Miroslav Stampar > > > On Tue, Jun 4, 2013 at 10:47 AM, Stephen Shkardoon <ss...@ss...>wrote: > >> I have a case that sqlmap seems to be acting weird about. I've ran a >> 'sqlmap.py -u "myhost.com/TestFile.aspx" >> --data="ParameterOne=d&ParameterTwo=10,11,12,35,61" --dbms=mssql --hostname >> --technique=U --union-cols=3 -v 6 --flush-session --fresh-queries -t >> traffic_log.txt' >> Manually injecting with ParameterOne looking like "foo' UNION SELECT >> 1,2,3 -- " works as expected. In fact, in the log, you can see it working >> fine in the case of request #32 and #36. However, sqlmap doesn't "find" >> this issue. Most of the queries seem to be doing something like "foo) >> UNION" instead. >> Is there a problem on my end here, or is sqlmap doing something weird or >> what? >> >> Running sqlmap/1.0-dev-3e0f747 (latest git). >> >> Thanks, >> Stephen >> >> >> ------------------------------------------------------------------------------ >> How ServiceNow helps IT people transform IT departments: >> 1. A cloud service to automate IT design, transition and operations >> 2. Dashboards that offer high-level views of enterprise services >> 3. A single system of record for all IT processes >> http://p.sf.net/sfu/servicenow-d2d-j >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > -- > Miroslav Stampar > http://about.me/stamparm > |