Hi Chris.
This all looks kind of strange. At your place I would try running sqlmap
against:
./sqlmap.py -u "www.target.com/forgot_password.html?1*"
Putting that 1'=1 looks to me like a big no no (if you take a good look
into the response you'll see for yourself that putting it does not make any
sense).
If everything fails, please send me a traffic file for that run I've
proposed in upper lines.
Kind regards,
Miroslav Stampar
On Tue, Jun 5, 2012 at 10:04 PM, Chris Rowe <pipedreamreal...@gmail.com>wrote:
> Hey guys, frustration is the name of the game. I have burp pro telling me
> that it is a definite sql injection, but I cannot get sqlmap to find an
> injection point. I have tried adding a * where the single quote is, using
> the ?1 as prefix and =1 as suffix, and tuning the level and risk. I tried
> loading the entire request into a file for sqlmap. If I add 2 quotes the
> error goes away. Burp added the name of an arbitrarily supplied request
> parameter where the highlight is. Check out this request and response.
>
> GET /forgot_password.html?1'=1 HTTP/1.1
> Host: XXXX.XXXXXXXX.com
> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101
> Firefox/12.0
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> Accept-Language: en-us,en;q=0.5
> Accept-Encoding: gzip, deflate
> DNT: 1
> Referer: https://XXXXX.XXXXX.com/
> Connection: keep-alive
> Cache-Control: max-age=0
>
> HTTP/1.1 200 OK
> Date: Tue, 05 Jun 2012 19:26:42 GMT
> Server: Apache/2.2.3 (CentOS)
> X-Powered-By: PHP/5.1.6
> Content-Length: 385
> Connection: close
> Content-Type: text/html; charset=UTF-8
>
> Error in query: SELECT id from flag WHERE url='
> https://XXXXX.XXXXX.com/forgot_password.html?1'=1' AND author_id='' AND
> active='y' ORDER BY date_last_modified DESC, You have an error in your SQL
> syntax; check the manual that corresponds to your MySQL server version for
> the right syntax to use near '' AND author_id='' AND active='y' ORDER BY
> date_last_modified DESC' at line 1
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
