Paid Advertising is
ha.ckers sla.cking
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
[SqlMap] How to Exploit Sqlia AND/OR time-based blind?
Posted by: Nerder
Date: March 25, 2013 09:04AM

Hello everybody,

I found 2 different SQLIA in a website.
The Sqlia is POST method type and affected the login form.
The first one is:

Type:boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
Payload: account=-4241' OR (1251=1251)#&password=test

This one is pretty simple query, but return something strange, cause if i try for example to login with a specific accont and bypass the login looks like impossibile for me, cause with this query i grant the access of the last user register on the DB. I need some help for structure the query much better and bypass the login with all the user that i want.

The second one is:

Type: AND/OR time-based blind
Title: MySQL < 5.0.12 AND time-based blind (heavy query)
Payload: account=test' AND 1939=BENCHMARK(5000000,MD5(0x7463556e)) AND 'kpiJ'='kpiJ&password=test

This one works good, but not good enough, cause is pretty slow and sometimes sqlmap lost somechar.
With this one i was able to get some good information from the DB like (DBS, TABLES) but right now i need to get the COLUMNS, and after that the DATA, and i need something faster and clear.

Someone can help me to structure the best command line for setting up in the best way sqlmap for my needs?

Thx in advance.

(Dont ask me for the Link cause i cant share or provide in pvt as well)

Options: ReplyQuote

Sorry, only registered users may post in this forum.