Hi.
How would you exploit this:
SELECT $_GET['id'] FROM table
on all DBMSes?
Oracle and MySQL have DUAL but what with others? At the end we'll end with
10 new payloads and/or boundaries each of those covering each DBMS.
Kind regards,
Miroslav Stampar
On Wed, Jul 25, 2012 at 11:28 AM, Dennis <korius_...@yahoo.com> wrote:
> I'm not sure about Troy, but I had a similar case recently. I could
> control the bit of the query between SELECT and FROM, which could be
> exploited either with nested (SELECT)s or by expanding the query with
> another FROM [...] UNION SELECT [...] to extend the query. SQLmap did not
> find the injection. The DBMS was Oracle.
>
> Cheers
>
>
> Am 25.07.2012 00:48, schrieb Miroslav Stampar:
>
> Hi Troy.
>
> More info is required for sure.
>
> You mean that you just need a (SELECT...)/subquery type of injection? This
> is something that we are aware that we need to do.
>
> Kind regards,
> Miroslav Stampar
> On Jul 24, 2012 11:18 PM, "Troy B" <powercorruptionandl...@gmail.com>
> wrote:
>
>> Evening all,
>>
>> I had an SQL injection into a MySQL5-based web application the other
>> week which involved me having control over the column list being selected.
>> I tried sqlmap against the URL, but it didn't find the injection point. I
>> tried again, taking the --level and --risk a little higher, but still
>> nothing.
>>
>> In the end, I manually exploited it using a sub-select. Was I doing
>> something wrong with sqlmap, or will it not identify injection points like
>> that? I can provide an example of the query the application was using if
>> this helps.
>>
>> Regards,
>>
>> Matt
>>
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>
>
>
> _______________________________________________
> sqlmap-users mailing
> listsqlmap-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
>
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
