Re: [sqlmap-users] Stack query detection misbehavior

Wed, 05 Jun 2013 05:34:29 -0700 

Hi David.

Thank you for your report and find it fixed now.

Kind regards,
Miroslav Stampar


On Wed, Jun 5, 2013 at 12:18 PM, David Alvarez <david.alvare...@gmail.com>wrote:

> Hi,
>
> I have found out a misbehavior in the detection phase, sqlmap detects a
> stack query injectable with the following request:
> POST /path
> abc=%27%29%3B%20SELECT%20SLEEP%285%29--%20
>
> However, when Sqlmap checks if the injection point is a false positive,
> it's using the following payload:
>
> abc=%27%29%3B%20IF%28%28%2884%2B88%29%3D172%29%2CSLEEP%285%29%2C5577%29--%20
>
> At this moment, it replies with a false positive or unexploitable point,
> so the correct payload for Mysql v5.5 will be:
>
> %27%29%3B%20SELECT%20IF%28%28%2884%2B88%29%3D172%29%2CSLEEP%285%29%2C5577%29--%20
>
> The problem is in line 2028 of xml/payloads.xml file, the correct one for
> MySQL v5.5 is:
> <vector>; *SELECT* IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
>
> payloads.xml:
> ...
> <!-- Stacked queries tests -->
> <test>
> <title>MySQL &gt; 5.0.11 stacked queries</title>
> <stype>4</stype>
> <level>1</level>
> <risk>0</risk>
> <clause>0</clause>
> <where>1</where>
> *<vector>; IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>*
> <request>
> <payload>; SELECT SLEEP([SLEEPTIME])</payload>
> <comment>-- </comment>
> </request>
> <response>
> <time>[SLEEPTIME]</time>
> </response>
> <details>
> <dbms>MySQL</dbms>
> <dbms_version>&gt; 5.0.11</dbms_version>
> </details>
> </test>
>
> Regards
>
>
>
>
> ------------------------------------------------------------------------------
> How ServiceNow helps IT people transform IT departments:
> 1. A cloud service to automate IT design, transition and operations
> 2. Dashboards that offer high-level views of enterprise services
> 3. A single system of record for all IT processes
> http://p.sf.net/sfu/servicenow-d2d-j
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. A cloud service to automate IT design, transition and operations
2. Dashboards that offer high-level views of enterprise services
3. A single system of record for all IT processes
http://p.sf.net/sfu/servicenow-d2d-j
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to