Thread: [sqlmap-users] Param in multi-part post has to change each request

Brought to you by: inquisb

sqlmap-users

[sqlmap-users] Param in multi-part post has to change each request

From: Brandon P. <bpe...@gm...> - 2013-10-11 15:23:49

Hi, I have a request that posts multi-part form data to the server, and one
of the params is vulnerable to a sqli. However, another param must change
each request (can be totally random) and I am not sure how to approach
that. I am sure that a tamper script or something will be the correct
solution, just not sure how to approach it.

Any thoughts or questions in case I did not explain it well? Basically, I
would like to replcae this param with a random uuid or something each
request.

-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website

Re: [sqlmap-users] Param in multi-part post has to change each request

From: Brandon P. <bpe...@gm...> - 2013-10-11 15:59:58

FWIW here is what was happening when I tried to use eval:

bperry@ubuntu:~/tools/sqlmap$ ./sqlmap.py -r ~/req2.req --level=3 -o
--eval="import uuid;Name=str(uuid.uuid1())"

    sqlmap/1.0-dev-2dc570d - automatic SQL injection and database takeover
tool
    http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior
mutual consent is illegal. It is the end user's responsibility to obey all
applicable local, state and federal laws. Developers assume no liability
and are not responsible for any misuse or damage caused by this program

[*] starting at 08:58:56

[08:58:56] [INFO] parsing HTTP request from '/home/bperry/req2.req'
custom injection marking character ('*') found in option '--data'. Do you
want to process it? [Y/n/q] y
[08:58:59] [WARNING] you've provided target URL without any GET parameters
(e.g. www.site.com/article.php?id=1) and without providing any POST
parameters through --data option
do you want to try URI injections in the target URL itself? [Y/n/q] n
[08:59:00] [INFO] testing connection to the target URL
[08:59:00] [CRITICAL] an error occurred while evaluating provided code
('can't assign to operator (<string>, line 1)').

[*] shutting down at 08:59:00

bperry@ubuntu:~/tools/sqlmap$

On Fri, Oct 11, 2013 at 10:23 AM, Brandon Perry
<bpe...@gm...>wrote:

> Hi, I have a request that posts multi-part form data to the server, and
> one of the params is vulnerable to a sqli. However, another param must
> change each request (can be totally random) and I am not sure how to
> approach that. I am sure that a tamper script or something will be the
> correct solution, just not sure how to approach it.
>
> Any thoughts or questions in case I did not explain it well? Basically, I
> would like to replcae this param with a random uuid or something each
> request.
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>

-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website

Re: [sqlmap-users] Param in multi-part post has to change each request

From: Miroslav S. <mir...@gm...> - 2013-10-12 19:48:13

Hi Brandon.

There is no such feature (at least for multipart cases).

Nevertheless, I would suggest you to patch (just for this case):

lib/request/connect.py (line 225):
+        post = post.replace("[RANDSTR]", randomStr()) if post else post

Afterwards, you can put a [RANDSTR] mark into the request file itself at
the place where you want a random value to be.

Kind regards,
Miroslav Stampar


On Fri, Oct 11, 2013 at 5:23 PM, Brandon Perry <bpe...@gm...>wrote:

> Hi, I have a request that posts multi-part form data to the server, and
> one of the params is vulnerable to a sqli. However, another param must
> change each request (can be totally random) and I am not sure how to
> approach that. I am sure that a tamper script or something will be the
> correct solution, just not sure how to approach it.
>
> Any thoughts or questions in case I did not explain it well? Basically, I
> would like to replcae this param with a random uuid or something each
> request.
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>
>
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most
> from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

Re: [sqlmap-users] Param in multi-part post has to change each request

From: Brandon P. <bpe...@gm...> - 2013-10-12 22:39:43

Sure thing, thanks a bunch!


On Sat, Oct 12, 2013 at 2:48 PM, Miroslav Stampar <
mir...@gm...> wrote:

> Hi Brandon.
>
> There is no such feature (at least for multipart cases).
>
> Nevertheless, I would suggest you to patch (just for this case):
>
> lib/request/connect.py (line 225):
> +        post = post.replace("[RANDSTR]", randomStr()) if post else post
>
> Afterwards, you can put a [RANDSTR] mark into the request file itself at
> the place where you want a random value to be.
>
> Kind regards,
> Miroslav Stampar
>
>
> On Fri, Oct 11, 2013 at 5:23 PM, Brandon Perry <bpe...@gm...>wrote:
>
>> Hi, I have a request that posts multi-part form data to the server, and
>> one of the params is vulnerable to a sqli. However, another param must
>> change each request (can be totally random) and I am not sure how to
>> approach that. I am sure that a tamper script or something will be the
>> correct solution, just not sure how to approach it.
>>
>> Any thoughts or questions in case I did not explain it well? Basically, I
>> would like to replcae this param with a random uuid or something each
>> request.
>>
>> --
>> http://volatile-minds.blogspot.com -- blog
>> http://www.volatileminds.net -- website
>>
>>
>> ------------------------------------------------------------------------------
>> October Webinars: Code for Performance
>> Free Intel webinars can help you accelerate application performance.
>> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most
>> from
>> the latest Intel processors and coprocessors. See abstracts and register >
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>



-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website