Hey guys, frustration is the name of the game. I have burp pro telling me
that it is a definite sql injection, but I cannot get sqlmap to find an
injection point. I have tried adding a * where the single quote is, using
the ?1 as prefix and =1 as suffix, and tuning the level and risk. I tried
loading the entire request into a file for sqlmap. If I add 2 quotes the
error goes away. Burp added the name of an arbitrarily supplied request
parameter where the highlight is. Check out this request and response.
GET /forgot_password.html?1'=1 HTTP/1.1
Host: XXXX.XXXXXXXX.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101
Firefox/12.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Referer: https://XXXXX.XXXXX.com/
Connection: keep-alive
Cache-Control: max-age=0
HTTP/1.1 200 OK
Date: Tue, 05 Jun 2012 19:26:42 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Content-Length: 385
Connection: close
Content-Type: text/html; charset=UTF-8
Error in query: SELECT id from flag WHERE url='
https://XXXXX.XXXXX.com/forgot_password.html?1'=1' AND author_id='' AND
active='y' ORDER BY date_last_modified DESC, You have an error in your SQL
syntax; check the manual that corresponds to your MySQL server version for
the right syntax to use near '' AND author_id='' AND active='y' ORDER BY
date_last_modified DESC' at line 1
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
