Hi
I've got a web app where the username field of the login form is affected
by the following string: t...@test.com'waitfor delay'0:0:10'-- as a
username; i.e. the delay happens, the app is vulnerable. It will always
then return you to the login screen with an invalid email error, but we
should still be able to exploit the app using time based methods. Sqlmap
picks up on this, but then fails at the fingerprinting stage, i.e:
[18:04:03] [INFO] testing MySQL
[18:04:03] [WARNING] time-based comparison needs larger statistical model.
Making a few dummy requests, please wait..
[18:04:16] [CRITICAL] there is considerable lagging in connection
response(s). Please use as high value for --time-sec option as p
ossible (e.g. 10 or more)
[18:04:16] [WARNING] the back-end DBMS is not MySQL
[18:04:16] [INFO] testing Oracle
[18:04:17] [WARNING] it is very important not to stress the network
adapter's bandwidth during usage of time-based queries
[18:04:17] [WARNING] the back-end DBMS is not Oracle
[18:04:17] [INFO] testing PostgreSQL
[18:04:17] [WARNING] the back-end DBMS is not PostgreSQL
[18:04:17] [INFO] testing Microsoft SQL Server
[18:04:18] [WARNING] the back-end DBMS is not Microsoft SQL Server
[18:04:18] [INFO] testing SQLite
[18:04:18] [WARNING] the back-end DBMS is not SQLite
[18:04:18] [INFO] testing Microsoft Access
[18:04:18] [WARNING] the back-end DBMS is not Microsoft Access
[18:04:18] [INFO] testing Firebird
[18:04:19] [WARNING] the back-end DBMS is not Firebird
[18:04:19] [INFO] testing SAP MaxDB
[18:04:19] [WARNING] the back-end DBMS is not SAP MaxDB
[18:04:19] [INFO] testing Sybase
[18:04:19] [WARNING] the back-end DBMS is not Sybase
[18:04:19] [INFO] testing IBM DB2
[18:04:19] [WARNING] the back-end DBMS is not IBM DB2
[18:04:19] [CRITICAL] sqlmap was not able to fingerprint the back-end
database management system. Support for this DBMS will be im
plemented at some point
I'm not sure why this would be the case, it should be able to find that its
MS SQL Server.
Any ideas why this might be the case? I can provide more verbose
information if required, let me know.
In the mean time, any ideas for some more manual injections taking into
account the syntax of the injection above? I'm going to have a manual play
now but I thought you might want to know wrt sqlmap.
Cheers
Chris
------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
