Hi Sebastian.
There was indeed a bug [1]. Find it fixed now.
If you would like to contribute this payload we could include it into
sqlmap :)
Kind regards,
Miroslav Stampar
[1] https://github.com/sqlmapproject/sqlmap/issues/462
On Mon, Jun 10, 2013 at 11:30 AM, Sebastian Nerz <sebastian.n...@syss.de>wrote:
> Hi there,
>
> I wrote a small payload, to test for conditional error-based
> SQL-injection possibilities:
>
> <!-- Boolean-error-based blind tests - WHERE/HAVING clause -->
> <test>
> <title>AND boolean-error-based blind - WHERE or HAVING clause
> (MySQL)</title>
> <stype>1</stype>
> <level>1</level>
> <risk>1</risk>
> <clause>1</clause>
> <where>1</where>
> <vector>REGEXP IF([INFERENCE],1,"")</vector>
> <request>
> <payload>REGEXP IF([RANDNUM]=[RANDNUM],1,"")</payload>
> </request>
> <response>
> <comparison>REGEXP IF([RANDNUM]=[RANDNUM1],1,"")</comparison>
> </response>
> <details>
> <dbms>MySQL</dbms>
> </details>
> </test>
>
>
> Theoretically it is working - as long as the server is actually
> returning content, the injection is detected and works just fine (feel
> free to add it to the sqlmap repository, if it is correct :) ). But a
> soon as the tested URL is returning an empty page, detection fails.
>
> * With a TRUE request, the server returns a content-length of 0
> * With a FALSE request, the server returns the error message
>
> Now ... for my understanding, this is quite a difference, but SQLMAP
> fails to recognize it, even with "not-string" given. The problem might
> be, that the server returns a warning during the dynamic-check as well.
> Is it possible to forbid the usage of ' during this test?
>
> What am I doing wrong? Is there an error in the payload above? Can
> sqlmap handle empty pages?
>
> Thanks!
>
> Kind regards,
>
> Sebastian Nerz
> --
> Sebastian Nerz
> Dipl.-Inform.
> IT-Security Consultant
>
> mailto:sebastian.n...@syss.de
> ___________________________________________________________
>
> SySS GmbH
> Wohlboldstraße 8
> 72072 Tübingen
> Germany
> Voice: +49 7071 407856-31
> Fax: +49 7071 407856-19
> WWW: http://www.syss.de
>
> PGP FP: 79DC 2CEC D18D F92F CBB4 AF09 D12D 26A4 9180 FDB2
>
> Geschaeftsfuehrer Sebastian Schreiber
> Registergericht: Amtsgericht Stuttgart / HRB 382420
> Steuernummer: 86118 / 55809
>
>
>
>
> ------------------------------------------------------------------------------
> How ServiceNow helps IT people transform IT departments:
> 1. A cloud service to automate IT design, transition and operations
> 2. Dashboards that offer high-level views of enterprise services
> 3. A single system of record for all IT processes
> http://p.sf.net/sfu/servicenow-d2d-j
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. A cloud service to automate IT design, transition and operations
2. Dashboards that offer high-level views of enterprise services
3. A single system of record for all IT processes
http://p.sf.net/sfu/servicenow-d2d-j
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
