Hi,
Thanks a lot.
Yes with * it's easier than with prefix/suffix
... but I'm not sure I was clear enough because my problem is still there :)
Here is my Request :
POST target_url
...
param=&other_param=...
if param
- is empty,
- or contains a number
- or contains a select sub-statement that returns a number
=> returns 200 with other info
if param
- contains a string
- or contains a select sub-statement that returns a string
=> returns 302 to error page
so using the * I still get some strange payload , for example
[PAYLOAD] -9402 OR (9544=9561)
I think it comes from the "<where>2</where> in the payloads.xml file (for
OR boolean-based blind)
... because if I add a test case with <where>1</where> then the generated
payload seems ok (and then the blind injection is detected)
I have also a second problem
when the response is 302, the error message is contained in the location
(and also in the body as a HREF), as very often with asp
(but if I follow the redirection the next page don't contains the message)
=> so it's not detected because of URL encoded, specially "+" character)
I can turn around this by using a proxy and modifying the response before
it returns to sqlmap but it would be more convenient to do that in sqlmap.
Is there a way ? (for example and option similar to tamper to call a
function on the response before it is processed by sqlmap)
Thanks again
Raphael
On Wed, Oct 2, 2013 at 10:18 PM, Miroslav Stampar <
miroslav.stam...@gmail.com> wrote:
> Hi.
>
> --prefix is a formation that is going in between of *value* and *payload*:
>
> ...=*value prefix payload*...
>
> This simply means that you've forgot for the complete *value* thing in
> your case.
>
> In your case usage of custom injection mark (*) is more appropriate:
>
> python sqlmap.py -u "www.target.com/vuln.php?param=(select name from
> sysusers where udi=-1 *)"
>
> Kind regards,
> Miroslav Stampar
>
>
> On Wed, Oct 2, 2013 at 2:29 PM, Raphael GONZALEZ <raphag...@gmail.com>wrote:
>
>> Hi,
>>
>> sqlmap/1.0-dev-25eca9d
>>
>> I don't manage to get Sqlmap generating the good payload !
>>
>> Here is my entry point :
>> (dbms = MSSQL)
>>
>> I got this with manual tries in burp :
>>
>> param value : (select name from sysusers where udi=-1)
>> - if the select returns no value => HTTP request returns 200
>> - otherwise returns 302 to an error page
>>
>> so
>> with param value : (select name from sysusers where udi=-1 or 1=1) =>
>> returns error
>> with param value : (select name from sysusers where udi=-1 or 1=2) =>
>> returns 200
>>
>> I thought I could make Sqlmap find a boolean based blind test with OR
>> statements
>> So I tried this command :
>> ./sqlmap.py -r myreq.txt -p param --level=3 --risk=3 --prefix="(select
>> name from sysusers where udi=-1 " --suffix=")"
>>
>> nothing is founded
>> but when I look at generated payloads, I get
>> [PAYLOAD] -9402(select name from sysusers where udi=-1 OR (9544=9561))
>>
>> so I always get a number generated before my command
>>
>> Where am I wrong ?
>>
>> Thanks
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> October Webinars: Code for Performance
>> Free Intel webinars can help you accelerate application performance.
>> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most
>> from
>> the latest Intel processors and coprocessors. See abstracts and register >
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
