Re: [sqlmap-users] UNHEX vs 0x in MySQL/MariaDB

Wed, 30 May 2018 06:53:49 -0700 


> On May 30, 2018, at 8:49 AM, Miroslav Stampar <miroslav.stam...@gmail.com> 
> wrote:
> 
> Hi.
> 
> Just added new tamper script to the HEAD. Please update and try 
> --tamper=0x2char
> 
> p.s. There is no need for unhex (as you'll see by running this new tamper 
> script)

Perfect, this works like a charm! Thanks for the quick update.

> 
> Kind regards,
> Miroslav Stampar
> 
> On Wed, May 30, 2018 at 12:49 PM, Brandon Perry <bperry.volat...@gmail.com 
> <mailto:bperry.volat...@gmail.com>> wrote:
> I’ve come across a SQL injection that uppercases the input, so that 0xaaaa 
> becomes 0XAAAA. This isn’t a valid hex value in MySQL since 0X is required to 
> use a lowercase x. I attempted to use a quick —eval argument to change the 
> syntax from 0x to X’’, but the single quotes in the X’' syntax end up being 
> escaped with double slashes so the syntax is still broken (X’’ -> X\\’\\’).
> 
> What are the chances a different encoding using UNHEX and CONCAT be used 
> instead of 0x when using BENCHMARK?
> 
> For instance:
> 
> BENCHMARK(5000000,MD5(0xaaaa))
> 
> Could be rewritten as:
> 
> BENCHMARK(5000000,MD5(UNHEX(CONCAT(CHAR(65),CHAR(65),CHAR(65),CHAR(65))
> 
> Perhaps this is attainable with a tamper script and I am missing it? This 
> would prevent the application from breaking the SQL syntax by changing 0x to 
> 0X.
> 
> Any thoughts are appreciated!
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot 
> <http://sdm.link/slashdot>
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net <mailto:sqlmap-users@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users 
> <https://lists.sourceforge.net/lists/listinfo/sqlmap-users>
> 
> 
> 
> 
> --
> Miroslav Stampar
> http://about.me/stamparm <http://about.me/stamparm>

Attachment: signature.asc
Description: Message signed with OpenPGP

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to