sqlmap-users

[sqlmap-users] MySQL Comment Injection Question

[cats <du...@al...>]

Hello there! :-)

Just a quick question.
Does sqlmap currently handle injections like this?

http://example.com?someparam=1/*!and 1=1*/

That is, if there is a filter that prevents a more common injection like
someparam=1 AND 1=1 from working, then using this type of commenting
would execute it and sometimes bypass the filter.

Reason I ask is because I was recently testing out a new web application
using sqlmap, and it didn't seem to detect this injection even though I
know it's there (The server doesn't respond if it detects an injection,
thus sqlmap keeps timing out).

Thanks for any response in advance :-)

Re: [sqlmap-users] MySQL Comment Injection Question

[Iago S. <146...@gm...>]

Use --tamper=tamper/space2comment.py

On Mon, Jul 2, 2012 at 6:02 PM, cats <du...@al...> wrote:

> Hello there! :-)
>
> Just a quick question.
> Does sqlmap currently handle injections like this?
>
> http://example.com?someparam=1/*!and 1=1*/
>
> That is, if there is a filter that prevents a more common injection like
> someparam=1 AND 1=1 from working, then using this type of commenting
> would execute it and sometimes bypass the filter.
>
> Reason I ask is because I was recently testing out a new web application
> using sqlmap, and it didn't seem to detect this injection even though I
> know it's there (The server doesn't respond if it detects an injection,
> thus sqlmap keeps timing out).
>
> Thanks for any response in advance :-)
>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Regards,
Iago Sousa

Re: [sqlmap-users] MySQL Comment Injection Question

[Miroslav S. <mir...@gm...>]

Hi.

As Iago said, you'll need to play with tamper scripts.

I would recommend for that case of yours:
--tamper=versionedkeywords
or
--tamper=versionedmorekeywords
or
--tamper=halfversionedmorekeywords

Kind regards,
Miroslav Stampar

On Mon, Jul 2, 2012 at 11:29 PM, Iago Sousa <146...@gm...> wrote:

> Use --tamper=tamper/space2comment.py
>
>
> On Mon, Jul 2, 2012 at 6:02 PM, cats <du...@al...> wrote:
>
>> Hello there! :-)
>>
>> Just a quick question.
>> Does sqlmap currently handle injections like this?
>>
>> http://example.com?someparam=1/*!and 1=1*/
>>
>> That is, if there is a filter that prevents a more common injection like
>> someparam=1 AND 1=1 from working, then using this type of commenting
>> would execute it and sometimes bypass the filter.
>>
>> Reason I ask is because I was recently testing out a new web application
>> using sqlmap, and it didn't seem to detect this injection even though I
>> know it's there (The server doesn't respond if it detects an injection,
>> thus sqlmap keeps timing out).
>>
>> Thanks for any response in advance :-)
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>
>
>
> --
> Regards,
> Iago Sousa
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm