sqlmap-users

[sqlmap-users] sqlmap and oracle (just a thought)

[<d...@ds...>]

First, Sorry for my bad English I'm from Romania



I use sqlmap to test web app+oracle db.

Maybe will be done to use for oracle blind injetion technique like this



http://example.com/app.jsp?id=21 and(1)=(select

upper(XMLType(chr(60)||chr(58)||chr(58)||(select

replace(banner,chr(32),chr(58)) from sys.v_$version where

rownum=1)||chr(62))) from dual)-- 



it work only if print error is on, but technique will be useful i think.

if need i cant post a real link with example.

I write a small tool in python to use this technique but use a lot of

utilities are not comfortable really want to see this technique in sqlmap

:)

if you need some form of assistance with this task would be happy to assist

you



two, Implement support of Oracle Application server to sqlmap :)

Sqlmap dont know how to work with it, but exist more than one technique to

exploit sql injection for Oracle Application Server



if you're busy with other matters I would take to embed this technique in

sqlmap with your help :)





____________________________________________________________________________________________________________________________________________________

Vitaly Turenko aka DSU (d[at]dsu.com.ua)

My Oracle security blog http://dsu.com.ua/

Re: [sqlmap-users] sqlmap and oracle (just a thought)

[Bernardo D. A. G. <ber...@gm...>]

Hi Vitaly,

sqlmap does not support error-based SQL injection yet: This will come
in the upcoming months with the new design and rewrite from scratch of
the detection engine.
Support to exploit injection points in Oracle Application Server is
another task, not planned at the moment though.

If you are happy to help, feel free to provide us with patch files to
support OAP.

Cheers,
Bernardo


On Sun, Apr 18, 2010 at 17:45,  <d...@ds...> wrote:
>
> First, Sorry for my bad English I'm from Romania
>
>
>
> I use sqlmap to test web app+oracle db.
>
> Maybe will be done to use for oracle blind injetion technique like this
>
>
>
> http://example.com/app.jsp?id=21 and(1)=(select
>
> upper(XMLType(chr(60)||chr(58)||chr(58)||(select
>
> replace(banner,chr(32),chr(58)) from sys.v_$version where
>
> rownum=1)||chr(62))) from dual)--
>
>
>
> it work only if print error is on, but technique will be useful i think.
>
> if need i cant post a real link with example.
>
> I write a small tool in python to use this technique but use a lot of
>
> utilities are not comfortable really want to see this technique in sqlmap
>
> :)
>
> if you need some form of assistance with this task would be happy to assist
>
> you
>
>
>
> two, Implement support of Oracle Application server to sqlmap :)
>
> Sqlmap dont know how to work with it, but exist more than one technique to
>
> exploit sql injection for Oracle Application Server
>
>
>
> if you're busy with other matters I would take to embed this technique in
>
> sqlmap with your help :)
>
>
>
>
>
> ____________________________________________________________________________________________________________________________________________________
>
> Vitaly Turenko aka DSU (d[at]dsu.com.ua)
>
> My Oracle security blog http://dsu.com.ua/
>
>
>
> ------------------------------------------------------------------------------
> Download Intel&#174; Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F