-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
on a recent blind SQLi (PostgreSQL 8.4) I had problems using sqlmap to
extract data.
After having a deeper look at it I noticed that the DB did like the
function substr() (I can not entirely exclude it but I do not think
that this problem was i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
a custom web application responds to different URL parameter payloads
with changing HTTP status codes:
example.com/foo.bar?param=payload1
response: 200
example.com/foo.bar?param=payload2
response: 403
example.com/foo.bar?param=payload3
respo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
> Problem is that sqlmap needs to have data retrieved to be able to
> do it's normal workflow. For example, if you do --dump sqlmap
> needs to know table columns. In your proposed case that would be
> problematic. Also, there are lots of cases when
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
I just wanted to request a "extension" for a previous feature request
(DNS exfiltration [1]) but after looking at my former feature request
I realized that it included already the feature I was about to request:
- --dns-domain for non-root user
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
in cases where sqlmap is run against targets on internal networks it
would be great if one could tell sqlmap to simply proceed without
expecting incoming DNS requests, because sqlmap can not be executed
directly on the DNS server (which can't re
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
> and i believe i can also say great support.
I totally agree! (I especially like your response time.)
-BEGIN PGP SIGNATURE-
iQIcBAEBCgAGBQJRSjyqAAoJEJeRHQyF0ukM1lIQALOXfk5Wgnff1zRSyv2y+X0i
YHYPjE9lQCo9Wt7hnsRUB75gPL3UYUv70T+QaLILh1CyULnEu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
to simply get the job done I changed the table name in:
lib/core/dicts.py:144
after changing MSysAccessObjects to foobar sqlmap detected the union
based sqli but exploitation did not work because it created very long
queries and the server replied w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
I've got a simple union based sqli (resulting webpage shows only one
entry/row).
Valid statements that show the numbers in the resulting html page:
...&id=123 union all select 1,2,3,4,5,6,7,8,9,10,11,12,13 from foobar
...&id=123 union select t
> Could you update now and send full output of -v3 -t traffic.log
> masking sensible data? This would help us to debug this potential
> comparison issue as we are pretty confident that it is not 302
> redirect related anymore.
Hi,
I'm sorry but I no longer have access to the tested system,
but the
Hi Miroslav,
> Could you please retry it now with the latest r4884? There were few related
> fixes in the mean time.
I tested r4884, but it still needs --string to retrieve data, if this
was what you were asking for.
kind regards
Hi Miroslav,
> Could you please retry it now with the latest revision (r4874)?
now with r4882, sqlmap doesn't make any follow up requests anymore when
choosing [3] Ignore.
It is not able to retrieve data (blind), but when providing info via the
--string option data retrieval works fine.
thanks!
> Also, "Ignore" should be suitable for your
> case when you don't want sqlmap to follow the redirection.
This still does not work for me.
If I choose "[3] Ignore". sqlmap still sends requests to the redirection
Location.
There are even scenarios where sqlmap doesn't detect an sqli due to this
beh
Hi,
regardless whether --keep-alive is used or not
the 'Connection:' header field is always set to 'close'.
I'm using --keep-alive in conjunction with --proxy=..
regards,
buawig
--
Keep Your
these requests to the URL specified in the
Location: header?
Sqlmap should only query the url specified in -u parameter and analyze
the responses - no follow up requests.
thanks,
buawig
--
Keep Your Developer Skills Curren
ia either tcp or udp channels (mssql openrowset, pgsql
> db_link, oracle utl_*, ...) This is planned and will potentially make
> it for 1.0 release.
What is the current state on DNS exfiltration in sqlmap?
thanks,
buawig
---
nion all select" with
"union select"), but I wanted to share this case with you and I thought
you might want to add some "union select" testcases if there are none.
(I'm sorry I don't re
> Hi buawig.
>
> With the latest commit (r4773) you can find a new switch --hex for doing
> this kind of stuff. Currently, all 4 major DBMSes (MySQL, MSSQL, PgSQL,
> Oracle) are supported for all techniques. Feel free to report any related
> errors.
Thanks! I'll test
Hi,
I'm using sqlmap mostly for exploiting a sqli/dumping contents.
In the current case I've got a simple union based sqli in a MySQL 4.1.x DB.
..&x=foo union select 1,1,1,1 --
(works)
..&x=foo union select 1,user(),1,1 --
(doesn't work: Illegal mix of collation)
to work around the collation i
Miroslav Stampar wrote:
> quote from that same paragraph:
>
> "
> 10.5.5 504 Gateway Timeout
>
>The server, while acting as a gateway or proxy, did not receive a
>timely response from the upstream server specified by the URI (e.g.
>HTTP, FTP, LDAP) or some other auxiliary server (e.g.
If the proxy returns 504 the hostname is probably not existing,
but in anyway the response came not from the upstream target (specified
in -u) and should not interpreted as such.
http://tools.ietf.org/html/rfc2616#section-10.5.5
---
Miroslav Stampar wrote:
> second, are you using some plugins (like FoxyProxy) or just entered
> proxy address manually into settings?
no plugins, manual settings used to configure proxy.
Do you see DNS queries if you configure your browser to use a http proxy?
> also, have you tried to issue
> s
Miroslav Stampar wrote:
> hi buawig.
>
> well, sure there is a misunderstanding here :)
>
> http://superuser.com/questions/272714/why-still-dns-lookup-when-using-proxy
>
> quote:
> "Even when connecting via a proxy your browser needs to get the IP
> address for t
Miroslav Stampar wrote:
> hi David.
>
> you won't be able to redirect DNS requests through HTTP(s) proxy for sure.
I think there is a misunderstanding here.
If you configure an application to route its HTTP(s) requests through a
proxy the application itself should not generate any DNS requests.
Ryan Sears wrote:
> There's a few different options that I basically ALWAYS use
What about setting up an alias?
alias sqlmap='sqlmap --z "ra,le=5,ri=3..."'
--
EditLive Enterprise is the world's most technically advanced
On 05/04/2011 04:13 PM, Bernardo Damele A. G. wrote:
> Done - svn.sqlmap.org SSL certificate is now signed by a valid CA,
> StartSSL.
> Also, I recently realized that svn checks the SSL certificate validity.
Great, no more warnings and questions.
Thanks!
-
On 05/04/2011 12:15 PM, Bernardo Damele A. G. wrote:
> * Confirm injection in another page (feature requested by someone on
> the mailing list)
Great!
> * Implement out-of-band for data fetching: we may possibly implement
> this. It would be split down in the following functions:
> * HTTP reque
On 04/17/2011 06:15 PM, Bernardo Damele A. G. wrote:
> This would not solve anything as svn command does not check
> certificate validity. It would only serve for access from the browser
> as far as I know. Nevertheless, we can consider to get a CA signed
> certificate.
What is the current status
On 05/03/2011 04:45 PM, Bernardo Damele A. G. wrote:
> Thanks for reminding buawig. Please, do not hesitate to report if it
> is not clear enough.
> Find it committed now, r3839. See doc/README.[html|pdf]
Are you also going to put/update it on the website?
http://sqlmap.sourceforg
On 04/11/2011 10:08 PM, Bernardo Damele A. G. wrote:
> Sorry, it is not documented. I will update it soon. Thanks for the note.
On 04/28/2011 02:43 PM, Bernardo Damele A. G. wrote:
> I will update the user's manual with this feature at some point like
> someone else pointed out.
Yes, I'm still wa
> i've tried this moment (via anonymous) and it worked ok.
>
> could you please try to go to the web page at that same url using your
> browser and tell what's happening? in normal case browser shouldn't
> ask you for credentials.
>
> kr
>
> On Sun, Apr 17, 2011 at 3:18 PM, Mines wrote:
>> Hi,
On 03/01/2011 11:07 AM, Bernardo Damele A. G. wrote:
> Thanks for reminding that. We will certainly add it to the manual.
>
> Bernardo Damele A. G.
Chapter 5.5.1 does not mention that possibility[1], where in the manual
[2] can I find it?
[1] http://sourceforge.net/mailarchive/message.php?msg_id
On 03/22/2011 08:03 PM, Miroslav Stampar wrote:
> hi.
>
> now you can follow sqlmap also on:
> http://news.gmane.org/gmane.comp.security.sqlmap
>
> for the time being only new messages are available there, but
> hopefully gmane administrators will manage to import the archive
> caring the rest.
32 matches
Mail list logo
