Thread: [sqlmap-users] Customizing SQLMap to bypass weak (but effective) input filters
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users
|
From: Giorgio F. <gio...@gm...> - 2011-05-28 11:02:45
|
Dear List, A tool cannot deal automatically with particular contexts and situations. A common reason of failure for SQL injection tools is the fact that some field are vulnerable but somehow sanitized. If fields are sanitized the Penetration tester must: 1) Understand which characters are filtered and how 2) Find how to make the blind SQL logic to work even if there are restrictions in place 3) Use a tool that can be customized with your new logic SQL is the best tool available for me (I am a strong SQLmap supporter :D) because it's yet powerful, but also fully customizable and meets perfectly these requirements. You can find the post here: http://blog.mindedsecurity.com/2011/05/customizing-sqlmap-to-bypass-weak-but.html Thank you, Giorgio Fedon |
|
From: Miroslav S. <mir...@gm...> - 2011-05-28 11:29:05
|
hi Georgio. we have a mechanism called "tampering" for doing this kind of things. e.g. for dealing with characters > and < you can try to use --tamper=between which will replace standard greater/lesser than characters in inference by BETWEEN operator kr On Sat, May 28, 2011 at 1:02 PM, Giorgio Fedon <gio...@gm...> wrote: > Dear List, > > A tool cannot deal automatically with particular contexts and situations. > A common reason of failure for SQL injection tools is the fact that > some field are vulnerable but somehow sanitized. > > If fields are sanitized the Penetration tester must: > 1) Understand which characters are filtered and how > 2) Find how to make the blind SQL logic to work even if there are > restrictions in place > 3) Use a tool that can be customized with your new logic > > SQL is the best tool available for me (I am a strong SQLmap supporter > :D) because it's yet powerful, but also fully customizable and meets > perfectly these requirements. > > You can find the post here: > http://blog.mindedsecurity.com/2011/05/customizing-sqlmap-to-bypass-weak-but.html > > Thank you, > > Giorgio Fedon > > ------------------------------------------------------------------------------ > vRanger cuts backup time in half-while increasing security. > With the market-leading solution for virtual backup and recovery, > you get blazing-fast, flexible, and affordable data protection. > Download your free trial now. > http://p.sf.net/sfu/quest-d2dcopy1 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Miroslav S. <mir...@gm...> - 2011-05-28 16:03:29
|
hi. now after last commit (added ./tamper/equaltolike.py tampering script) you can avoid filtering of >, < and = chars with: --tamper="between,equaltolike" kr On Sat, May 28, 2011 at 1:28 PM, Miroslav Stampar <mir...@gm...> wrote: > hi Georgio. > > we have a mechanism called "tampering" for doing this kind of things. > > e.g. for dealing with characters > and < you can try to use > --tamper=between which will replace standard greater/lesser than > characters in inference by BETWEEN operator > > kr > > On Sat, May 28, 2011 at 1:02 PM, Giorgio Fedon <gio...@gm...> wrote: >> Dear List, >> >> A tool cannot deal automatically with particular contexts and situations. >> A common reason of failure for SQL injection tools is the fact that >> some field are vulnerable but somehow sanitized. >> >> If fields are sanitized the Penetration tester must: >> 1) Understand which characters are filtered and how >> 2) Find how to make the blind SQL logic to work even if there are >> restrictions in place >> 3) Use a tool that can be customized with your new logic >> >> SQL is the best tool available for me (I am a strong SQLmap supporter >> :D) because it's yet powerful, but also fully customizable and meets >> perfectly these requirements. >> >> You can find the post here: >> http://blog.mindedsecurity.com/2011/05/customizing-sqlmap-to-bypass-weak-but.html >> >> Thank you, >> >> Giorgio Fedon >> >> ------------------------------------------------------------------------------ >> vRanger cuts backup time in half-while increasing security. >> With the market-leading solution for virtual backup and recovery, >> you get blazing-fast, flexible, and affordable data protection. >> Download your free trial now. >> http://p.sf.net/sfu/quest-d2dcopy1 >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B |
|
From: Giorgio F. <gio...@gm...> - 2011-05-28 20:16:26
|
Thankyou for pointing it out, but the post is more aimed to explain which part of SQL to modify to change the logic. It was just an example, I felt into things like need of hex encodings or other stuff... in addition the preliminary checks may not work and block you wither Giorgio 2011/5/28 Miroslav Stampar <mir...@gm...>: > hi. > > now after last commit (added ./tamper/equaltolike.py tampering script) > you can avoid filtering of >, < and = chars with: > > --tamper="between,equaltolike" > > kr > > On Sat, May 28, 2011 at 1:28 PM, Miroslav Stampar > <mir...@gm...> wrote: >> hi Georgio. >> >> we have a mechanism called "tampering" for doing this kind of things. >> >> e.g. for dealing with characters > and < you can try to use >> --tamper=between which will replace standard greater/lesser than >> characters in inference by BETWEEN operator >> >> kr >> >> On Sat, May 28, 2011 at 1:02 PM, Giorgio Fedon <gio...@gm...> wrote: >>> Dear List, >>> >>> A tool cannot deal automatically with particular contexts and situations. >>> A common reason of failure for SQL injection tools is the fact that >>> some field are vulnerable but somehow sanitized. >>> >>> If fields are sanitized the Penetration tester must: >>> 1) Understand which characters are filtered and how >>> 2) Find how to make the blind SQL logic to work even if there are >>> restrictions in place >>> 3) Use a tool that can be customized with your new logic >>> >>> SQL is the best tool available for me (I am a strong SQLmap supporter >>> :D) because it's yet powerful, but also fully customizable and meets >>> perfectly these requirements. >>> >>> You can find the post here: >>> http://blog.mindedsecurity.com/2011/05/customizing-sqlmap-to-bypass-weak-but.html >>> >>> Thank you, >>> >>> Giorgio Fedon >>> >>> ------------------------------------------------------------------------------ >>> vRanger cuts backup time in half-while increasing security. >>> With the market-leading solution for virtual backup and recovery, >>> you get blazing-fast, flexible, and affordable data protection. >>> Download your free trial now. >>> http://p.sf.net/sfu/quest-d2dcopy1 >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >> >> >> >> -- >> Miroslav Stampar >> >> E-mail: miroslav.stampar (at) gmail.com >> PGP Key ID: 0xB5397B1B >> > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > |
|
From: Bernardo D. A. G. <ber...@gm...> - 2011-05-30 16:46:23
|
Inline.. Bernardo Damele A. G. This message was sent from a smartphone On 28 May 2011, at 21:17, Giorgio Fedon <gio...@gm...> wrote: > Thankyou for pointing it out, but the post is more aimed to explain > which part of SQL to modify to change the logic. Nice blog post. Also, consider writing and using your own tamper scripts if you can. I look forward to hear feedback from you about that feature. It is of course documented in he users manual. > It was just an > example, I felt into things like need of hex encodings or other > stuff... Giorgio, feel free to request features. They well might be already in our ticketing system as may not! > in addition the preliminary checks may not work and block you > wither If you provide tamper scripts, prefix, suffix and dbms then sqlmap should do very little initial requests at the detection phase. To avoid any fingerprint request, provide --dbms with "mssql 2005" for instance. > > Giorgio > > 2011/5/28 Miroslav Stampar <mir...@gm...>: >> hi. >> >> now after last commit (added ./tamper/equaltolike.py tampering script) >> you can avoid filtering of >, < and = chars with: >> >> --tamper="between,equaltolike" >> >> kr >> >> On Sat, May 28, 2011 at 1:28 PM, Miroslav Stampar >> <mir...@gm...> wrote: >>> hi Georgio. >>> >>> we have a mechanism called "tampering" for doing this kind of things. >>> >>> e.g. for dealing with characters > and < you can try to use >>> --tamper=between which will replace standard greater/lesser than >>> characters in inference by BETWEEN operator >>> >>> kr >>> >>> On Sat, May 28, 2011 at 1:02 PM, Giorgio Fedon <gio...@gm...> wrote: >>>> Dear List, >>>> >>>> A tool cannot deal automatically with particular contexts and situations. >>>> A common reason of failure for SQL injection tools is the fact that >>>> some field are vulnerable but somehow sanitized. >>>> >>>> If fields are sanitized the Penetration tester must: >>>> 1) Understand which characters are filtered and how >>>> 2) Find how to make the blind SQL logic to work even if there are >>>> restrictions in place >>>> 3) Use a tool that can be customized with your new logic >>>> >>>> SQL is the best tool available for me (I am a strong SQLmap supporter >>>> :D) because it's yet powerful, but also fully customizable and meets >>>> perfectly these requirements. >>>> >>>> You can find the post here: >>>> http://blog.mindedsecurity.com/2011/05/customizing-sqlmap-to-bypass-weak-but.html >>>> >>>> Thank you, >>>> >>>> Giorgio Fedon >>>> >>>> ------------------------------------------------------------------------------ >>>> vRanger cuts backup time in half-while increasing security. >>>> With the market-leading solution for virtual backup and recovery, >>>> you get blazing-fast, flexible, and affordable data protection. >>>> Download your free trial now. >>>> http://p.sf.net/sfu/quest-d2dcopy1 >>>> _______________________________________________ >>>> sqlmap-users mailing list >>>> sql...@li... >>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>> >>> >>> >>> >>> -- >>> Miroslav Stampar >>> >>> E-mail: miroslav.stampar (at) gmail.com >>> PGP Key ID: 0xB5397B1B >>> >> >> >> >> -- >> Miroslav Stampar >> >> E-mail: miroslav.stampar (at) gmail.com >> PGP Key ID: 0xB5397B1B >> > > ------------------------------------------------------------------------------ > vRanger cuts backup time in half-while increasing security. > With the market-leading solution for virtual backup and recovery, > you get blazing-fast, flexible, and affordable data protection. > Download your free trial now. > http://p.sf.net/sfu/quest-d2dcopy1 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X