I *think* that the 999999999999999999999999999999999999 did make it into the query, but whatever language the page is written in changed it to 8.0E+36,8 which could make sense because that number is 1.0E+36, and then that in turn broke the SQL query syntax which caused the error message. Unfortunately, the injectable bit there is within the LIMIT clause, which probably gives you limited scope for anything useful.
It does seem that the page name is being split though and it also seems that the 6 is making it into the WHERE clause, so what Miroslav put should work - I don't think it's a limit of SQLmap so much as your original injection point was wrong. Cheers Chris Oakley On 23 January 2014 22:25, Miroslav Stampar <miroslav.stam...@gmail.com>wrote: > Hi. > > I would say that your application is splitting the page name and using > parts of it inside the SQL statement. It's clearly visible that > 999999999999999999999999999999999999 was not inside the final SQL > statement. > > You should maybe try something like this: > sqlmap.py -u > "http://target/sezione-3-sottosezione-6<http://target/sezione-3-sottosezione-6-pag-1*.htm> > * > <http://target/sezione-3-sottosezione-6-pag-1*.htm>-pag-1.htm<http://target/sezione-3-sottosezione-6-pag-1*.htm>" > --dbms=mysql > > If that won't work, please find a VALID sql injection payload (blind > injection would be the best one) and reply it here. That would really be > helpful to find a valid sqlmap command for your case. > > Kind regards, > Miroslav Stampar > > > On Thu, Jan 23, 2014 at 10:02 PM, Marco Mirandola <mmmc...@gmail.com>wrote: > >> Taking the tests I noticed sqlmap does not find vulnerable spots: >> >> sqlmap.py -u "http://target/sezione-3-sottosezione-6-pag-1*.htm"; >> --dbms=mysql --risk=5 --level=5 >> >> If I enter the URL in hand : >> >> http://target >> /sezione-3-sottosezione-6-pag-999999999999999999999999999999999999.htm >> >> The page returns me (among other things): >> >> Damn, Query fallita! >> errorno= 1064 >> error= You have an error in your SQL syntax; check the manual that >> corresponds to your MySQL server version for the right syntax to use near >> '8.0E+36,8' at line 1 >> query= SELECT * FROM `rel_contenuti_guida` WHERE id_rel = '6' AND attivo >> = '1' ORDER BY posizione ASC LIMIT 8.0E+36,8 >> >> at this point if I do: >> >> sqlmap.py -u "http://target/sezione-3-sottosezione-6-pag-1*.htm"; >> --dbms=mysql --invalid-bignum >> >> sqlmap me back: >> [WARNING] URI parameter '# 1 *' is not injectable >> >> -- >> >> *[image: Descrizione: Descrizione: image002] Rispetta l'ambiente. Non >> stampare questa mail se non è necessario* >> >> *Questa e-mail è riservata compresi gli eventuali allegati. In caso di >> ricezione per errore della presente e-mail siete pregati di darne >> comunicazione al mittente mediante e-mail di risposta e di cancellare >> immediatamente questo messaggio, essendo escluso il consenso in ordine a >> qualsiasi tipo di trattamento del suo contenuto e dei relativi allegati. * >> >> *Vi ringraziamo per la collaborazione. This e-mail and any attachments >> are confidential. If you have received this e-mail by mistake, please >> inform the sender immediately by reply e-mail and then delete it from your >> system. Any processing of this e-mail and its attachments is not >> authorized. **Thank you for your cooperation*. >> >> >> ------------------------------------------------------------------------------ >> CenturyLink Cloud: The Leader in Enterprise Cloud Services. >> Learn Why More Businesses Are Choosing CenturyLink Cloud For >> Critical Workloads, Development Environments & Everything In Between. >> Get a Quote or Start a Free Trial Today. >> >> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk >> _______________________________________________ >> sqlmap-users mailing list >> sqlmap-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > -- > Miroslav Stampar > http://about.me/stamparm > > > ------------------------------------------------------------------------------ > CenturyLink Cloud: The Leader in Enterprise Cloud Services. > Learn Why More Businesses Are Choosing CenturyLink Cloud For > Critical Workloads, Development Environments & Everything In Between. > Get a Quote or Start a Free Trial Today. > > http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > >
<<image002.jpg>>
------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
