Re: [sqlmap-users] MsSQL - wait command
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] MsSQL - wait command
|
From: hooshmand k <hoo...@gm...> - 2014-12-08 13:13:43
|
1) "waitfor delay '0:0:0'" makes no delay and "waitfor delay '0:0:5'" makes5 seconds delay and so on. 2) I tried again with --tamper=between and sqlmap verified the vulnerability. 3) using the tor in timebased techniques is not the best choice but I preferred to be anonymous in pentesting. Best Regards On Mon, Dec 8, 2014 at 2:38 PM, Miroslav Stampar <mir...@gm... > wrote: > For sure it is. sqlmap gives you a huge nagging message in such case > (network latency...blaballa). > > Bye > > On Mon, Dec 8, 2014 at 12:06 PM, Robin Wood <ro...@di...nja> wrote: > >> Wouldn't it be a bad idea trying to do a time based attack over Tor? >> >> Robin >> >> On 8 December 2014 at 11:00, Miroslav Stampar >> <mir...@gm...> wrote: >> > Hi. >> > >> > 1) Shouldn't "waitfor delay '0:0:0'" make no delay? >> > 2) sqlmap says "false positive or unexploitable injection point >> detected". >> > Is there a possibility that the character > is filtered? >> > 3) Please run sqlmap with -v 3 and use the payloads that sqlmap tries >> to use >> > in "false positive check" phase. Then you'll see what fails. >> > >> > Bye >> > >> > On Mon, Dec 8, 2014 at 11:51 AM, hooshmand k <hoo...@gm...> >> wrote: >> >> >> >> Hi, >> >> >> >> There is a website that vulnerable to SQL injection. I have checked and >> >> I'm sure there is blind sql injection vulnerability but the sqlmap >> could not >> >> find this. >> >> I tried this command: >> >> ./sqlmap.py -u 'target' -p search --tor --tor-type=SOCKS5 >> --random-agent >> >> --risk 3 --level 3 --technique=T --dbms="MsSQL" >> >> and the output was something like this: >> >> [INFO] GET parameter 'search' seems to be 'Microsoft SQL Server/Sybase >> >> time-based blind' injectable >> >> [INFO] checking if the injection point on GET parameter 'search' is a >> >> false positive >> >> [WARNING] false positive or unexploitable injection point detected >> >> [WARNING] GET parameter 'search' is not injectable >> >> >> >> >> >> the "search" parameter is vulnerable to this payload: '); waitfor delay >> >> '0:0:0' -- >> >> >> >> Did I make a mistake or the sqlmap did not find that? >> >> >> >> Best Regards >> >> >> >> >> >> >> ------------------------------------------------------------------------------ >> >> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server >> >> from Actuate! Instantly Supercharge Your Business Reports and >> Dashboards >> >> with Interactivity, Sharing, Native Excel Exports, App Integration & >> more >> >> Get technology previously reserved for billion-dollar corporations, >> FREE >> >> >> >> >> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk >> >> _______________________________________________ >> >> sqlmap-users mailing list >> >> sql...@li... >> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> >> > >> > >> > >> > -- >> > Miroslav Stampar >> > http://about.me/stamparm >> > >> > >> ------------------------------------------------------------------------------ >> > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server >> > from Actuate! Instantly Supercharge Your Business Reports and Dashboards >> > with Interactivity, Sharing, Native Excel Exports, App Integration & >> more >> > Get technology previously reserved for billion-dollar corporations, FREE >> > >> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk >> > _______________________________________________ >> > sqlmap-users mailing list >> > sql...@li... >> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > >> > > > > -- > Miroslav Stampar > http://about.me/stamparm > -- http://about.me/hooshmand Public Key <http://scriptics.ir/pub_key/hooshmand_pub.asc> |
