Re: [sqlmap-users] UNHEX vs 0x in MySQL/MariaDB
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] UNHEX vs 0x in MySQL/MariaDB
|
From: Brandon P. <bpe...@gm...> - 2018-05-30 13:53:37
|
> On May 30, 2018, at 8:49 AM, Miroslav Stampar <mir...@gm...> wrote: > > Hi. > > Just added new tamper script to the HEAD. Please update and try --tamper=0x2char > > p.s. There is no need for unhex (as you'll see by running this new tamper script) Perfect, this works like a charm! Thanks for the quick update. > > Kind regards, > Miroslav Stampar > > On Wed, May 30, 2018 at 12:49 PM, Brandon Perry <bpe...@gm... <mailto:bpe...@gm...>> wrote: > I’ve come across a SQL injection that uppercases the input, so that 0xaaaa becomes 0XAAAA. This isn’t a valid hex value in MySQL since 0X is required to use a lowercase x. I attempted to use a quick —eval argument to change the syntax from 0x to X’’, but the single quotes in the X’' syntax end up being escaped with double slashes so the syntax is still broken (X’’ -> X\\’\\’). > > What are the chances a different encoding using UNHEX and CONCAT be used instead of 0x when using BENCHMARK? > > For instance: > > BENCHMARK(5000000,MD5(0xaaaa)) > > Could be rewritten as: > > BENCHMARK(5000000,MD5(UNHEX(CONCAT(CHAR(65),CHAR(65),CHAR(65),CHAR(65)) > > Perhaps this is attainable with a tamper script and I am missing it? This would prevent the application from breaking the SQL syntax by changing 0x to 0X. > > Any thoughts are appreciated! > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot <http://sdm.link/slashdot> > _______________________________________________ > sqlmap-users mailing list > sql...@li... <mailto:sql...@li...> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users <https://lists.sourceforge.net/lists/listinfo/sqlmap-users> > > > > > -- > Miroslav Stampar > http://about.me/stamparm <http://about.me/stamparm> |
