Hi All,
Could anybody help me with the following trouble? I installed w3af 1.0-rc4
on the fresh Debian 5 installation with Python 2.5.2 and all
required dependences. For the test I write simple php page with sql
injection vulnerability.
<html>
> <body>
>
> <?php
> mysql_connect('localhost', 'root', 'xxx');
> mysql_select_db('test');
> $id = $_GET['id'];
> if ($id) {
> $result = mysql_query("select * from name where id = '$id'");
> echo mysql_result($result, 0, 'name');
> } else {
> echo 'no id specified';
> }
> mysql_close();
> ?>
>
> </body>
> </html>
>
Then I run w3af and configure:
snowball:~/w3af# ./w3af_console
w3af>>> target set target http://calcifer/test/testdb.php?id=1
w3af>>> plugins audit sqli blindSqli
w3af>>> start
Auto-enabling plugin: grep.error500
Found 1 URLs and 1 different points of injection.
The list of URLs is:
- http://calcifer/test/testdb.php
The list of fuzzable requests is:
- http://calcifer/test/testdb.php | Method: GET | Parameters: (id="1")
A SQL error was found in the response supplied by the web application, the
> error is (only a fragment is shown): "supplied argument is not a valid
> MySQL". The error was found on response with id 16.
A SQL error was found in the response supplied by the web application, the
> error is (only a fragment is shown): "mysql_". The error was found on
> response with id 16.
SQL injection in a MySQL database was found at: "
> http://calcifer/test/testdb.php";, using HTTP method GET. The sent data
> was: "id=d'z"0". This vulnerability was found in the request with id 16.
Blind SQL injection was found at: "http://calcifer/test/testdb.php";, using
> HTTP method GET. The injectable parameter is: "id". This vulnerability was
> found in the requests with ids 22 and 23.
Finished scanning process.
w3af>>> exploit exploit * stopOnFirst
Executing sql_webshell.attack plugin to all vulnerabilities:
- Exploiting vulnerability with id:[22, 23]
Trying to exploit using vulnerability with id: [44, 45]. Please wait...
[WARN] remote database is not MySQL
[WARN] remote database is not PostgreSQL
[WARN] remote database is not Microsoft SQL Server
Trying to exploit using vulnerability with id: [51, 52]. Please wait...
[WARN] remote database is not MySQL
[WARN] remote database is not PostgreSQL
[WARN] remote database is not Microsoft SQL Server
Trying to exploit using vulnerability with id: [58, 59]. Please wait...
[WARN] remote database is not MySQL
[WARN] remote database is not PostgreSQL
[WARN] remote database is not Microsoft SQL Server
Trying to exploit using vulnerability with id: [65, 66]. Please wait...
[WARN] remote database is not MySQL
[WARN] remote database is not PostgreSQL
[WARN] remote database is not Microsoft SQL Server
Trying to exploit using vulnerability with id: [72, 73]. Please wait...
[WARN] remote database is not MySQL
[WARN] remote database is not PostgreSQL
[WARN] remote database is not Microsoft SQL Server
Failed to exploit vulnerability.
- Exploiting vulnerability with id:[16]
No [blind] SQL injection vulnerabilities have been found.
Hint #1: Try to find vulnerabilities using the audit plugins.
Hint #2: Use the set command to enter the values yourself, and then exploit
> it using fastExploit.
No exploitable vulnerabilities found.
> Executing sqlmap.attack plugin to all vulnerabilities:
- Exploiting vulnerability with id:[22, 23]
Trying to exploit using vulnerability with id: [184, 185]. Please wait...
[WARN] remote database is not MySQL
[WARN] remote database is not PostgreSQL
[WARN] remote database is not Microsoft SQL Server
Trying to exploit using vulnerability with id: [191, 192]. Please wait...
[WARN] remote database is not MySQL
[WARN] remote database is not PostgreSQL
[WARN] remote database is not Microsoft SQL Server
Trying to exploit using vulnerability with id: [198, 199]. Please wait...
[WARN] remote database is not MySQL
[WARN] remote database is not PostgreSQL
[WARN] remote database is not Microsoft SQL Server
Trying to exploit using vulnerability with id: [205, 206]. Please wait...
[WARN] remote database is not MySQL
[WARN] remote database is not PostgreSQL
[WARN] remote database is not Microsoft SQL Server
Trying to exploit using vulnerability with id: [212, 213]. Please wait...
[WARN] remote database is not MySQL
[WARN] remote database is not PostgreSQL
[WARN] remote database is not Microsoft SQL Server
Trying to exploit using vulnerability with id: [219, 220]. Please wait...
[WARN] remote database is not MySQL
[WARN] remote database is not PostgreSQL
[WARN] remote database is not Microsoft SQL Server
Trying to exploit using vulnerability with id: [226, 227]. Please wait...
[WARN] remote database is not MySQL
[WARN] remote database is not PostgreSQL
[WARN] remote database is not Microsoft SQL Server
Trying to exploit using vulnerability with id: [233, 234]. Please wait...
[WARN] remote database is not MySQL
[WARN] remote database is not PostgreSQL
[WARN] remote database is not Microsoft SQL Server
Trying to exploit using vulnerability with id: [240, 241]. Please wait...
[WARN] remote database is not MySQL
[WARN] remote database is not PostgreSQL
[WARN] remote database is not Microsoft SQL Server
Trying to exploit using vulnerability with id: [247, 248]. Please wait...
[WARN] remote database is not MySQL
[WARN] remote database is not PostgreSQL
[WARN] remote database is not Microsoft SQL Server
Failed to exploit vulnerability.
- Exploiting vulnerability with id:[16]
No [blind] SQL injection vulnerabilities have been found.
Hint #1: Try to find vulnerabilities using the audit plugins.
Hint #2: Use the set command to enter the values yourself, and then exploit
> it using fastExploit.
No exploitable vulnerabilities found.
> The following plugins weren't run because they can't exploit any of the
> previously discovered vulnerabilities: davShell, eval, fileUploadShell,
> osCommandingShell, remoteFileIncludeShell, localFileReader, rfiProxy,
> xssBeef
The script connected to mysql server 5.1.32, so "[WARN] remote database is
not MySQL" is false. I did the tests from debian 5, suse 11.3, win 7 with
the same result. Could anybody please help me to understand what I'm doing
wrong? Many thx in advance.
--
Rgds.
Sergey.
------------------------------------------------------------------------------
Increase Visibility of Your 3D Game App & Earn a Chance To Win $500!
Tap into the largest installed PC base & get more eyes on your game by
optimizing for Intel(R) Graphics Technology. Get started today with the
Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs.
http://p.sf.net/sfu/intelisp-dev2dev
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
