Skip to content

How to turn off DYNAMIC CONTENT? - PAYLOAD=4251 #823

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
hackerson opened this issue Sep 10, 2014 · 6 comments
Closed

How to turn off DYNAMIC CONTENT? - PAYLOAD=4251 #823

hackerson opened this issue Sep 10, 2014 · 6 comments

Comments

@hackerson
Copy link

I need to know how to turn off Dynamic Content of SQLMAP when it goes to perform a test of a site with its own payload parameter in its own choice e.g 4 numbers: 4215 / ****.
The Dynamic Content test will ruin the injection point where you are injecting from.

In those tests (e.g. dinamicity as you've noticed) sqlmap has to change the value of the tested parameter to some random value to see if the page will change the content.
@stamparm
Copy link
Member

If the test for dynamic content ruins the test, then I am sure that you'll have far more problems with further phases of SQLI exploitation.

@stamparm
Copy link
Member

Put at https://github.com/sqlmapproject/sqlmap/blob/master/lib/controller/checks.py#L893 simple return like (your local file location should be something like sqlmap/lib/controller/checks.py):

def checkDynamicContent(firstPage, secondPage):
    """
    This function checks for the dynamic content in the provided pages
    """
    return  # <- insert this
    if kb.nullConnection:

@hackerson
Copy link
Author

didnt work, this is what i get back after perfoming what you mentioned above.

[06:44:33] [INFO] target URL is stable
[06:44:33] [INFO] testing if URI parameter '#1_' is dynamic
[06:44:33] [PAYLOAD] 7370
[06:44:33] [TRAFFIC OUT] HTTP request [#3]:
GET
Accept-language: en-us,en;q=0.5
Accept-encoding: gzip,deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
User-agent: sqlmap/1.0-dev-nongit-20140914 (http://sqlmap.org)
Accept-charset: ISO-8859-15,utf-8;q=0.7,_;q=0.7
Host:
Cookie: SESSfdc958e0a93da033e2e97ab666d92ca2=1c5cbd80358a29d926cb68d2f6a10f8
Pragma: no-cache
Cache-control: no-cache,no-store
Connection: close

[06:44:34] [TRAFFIC IN] HTTP response [#3](200 OK):
Content-length: 1035
X-powered-by: PHP/4.3.10-22
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Uri:
Server: Apache/2.0.54 (Debian GNU/Linux) PHP/4.3.10-22 mod_ssl/2.0.54 OpenSS
Connection: close
Pragma: no-cache
Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=
Date: Sun, 14 Sep 2014 04:44:12 GMT
Content-type: text/html

[06:44:34] [DEBUG] setting match ratio for current parameter to 0.328
[06:44:34] [INFO] confirming that URI parameter '#1_' is dynamic
[06:44:34] [PAYLOAD] 5505
[06:44:34] [TRAFFIC OUT] HTTP request [#4]:
GET /
Accept-language: en-us,en;q=0.5
Accept-encoding: gzip,deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
User-agent: sqlmap/1.0-dev-nongit-20140914 (http://sqlmap.org)
Accept-charset: ISO-8859-15,utf-8;q=0.7,_;q=0.7
Host:
Cookie: SESSfdc958e0a93da033e2e97ab666d92ca2=1c5cbd80358a29d926cb68d2f6a10f8
Pragma: no-cache
Cache-control: no-cache,no-store

@stamparm
Copy link
Member

You'll need to do lots of patching because (as said) sqlmap is doing lots of tests on parameters. There is a "dynamic page" checking and "dynamic parameter" checking.

def checkDynParam(place, parameter, value):
    """
    This function checks if the URL parameter is dynamic. If it is
    dynamic, the content of the page differs, otherwise the
    dynamicity might depend on another parameter.
    """
    return  # <- insert this (Line 859 sqlmap/lib/controller/checks.py)
    if kb.redirectChoice:
        return None

I won't post more patches (and I now that you'll need more)

@hackerson
Copy link
Author

stamparm, it still doesnt work.
File "C:\Users\NASA\Desktop\sqlmap-master\lib\controller\controller.py", line
from lib.controller.checks import checkSqlInjection
File "C:\Users\NASA\Desktop\sqlmap-master\lib\controller\checks.py", line 859
return #
^
IndentationError: unexpected indent

I would higly prefer a "--no-dynamic-checks" or it should stop putting in 5171 as payload, 4 digits.
And even when you put the "*" custom marker, it still want to do the silly tests.

Im one of those guys who watch how the website act manually, after that i determine how to put the best commands in sqlmap to activate the exploit, and this is the first exploit where it wont work as expected.

@stamparm
Copy link
Member

You've screwed number of spaces in that return command. Please do it properly.

There won't be any switch as your request from the beginning doesn't make any sense.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stamparm @hackerson