Results 1 to 3 of 3

Thread: sqlmap - SQL injection Scanner

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Feb 2011
    Posts
    1

    Default sqlmap - SQL injection Scanner

    Hi,

    I have a question according to nmap. I intstaklled a local Webserver to test sqlmap. I installed a site which is vulnerable to SQL Injection. When i test the injection maually. I get an MySQL Error.

    http://localhost/mymarket/shopping/index.php?id=1'
    Code:
    Can't execute query
    SELECT id, name, description FROM categories WHERE parent_id = 1\' AND id > 1
    MySQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\' AND id > 1' at line 1
    
    This script cannot continue, terminating.
    But when i want to try this with sqlmap i get no results:
    Code:
    sqlmap.py -u "http://localhost/mymarket/shopping/index.php?id=1'"
    
        sqlmap/0.8 - automatic SQL injection and database takeover tool
        http://sqlmap.sourceforge.net
    [*] starting at: 17:07:44
    
    [17:07:44] [INFO] testing connection to the target url
    [17:07:45] [INFO] testing if the url is stable, wait a few seconds
    [17:07:46] [INFO] url is stable
    [17:07:46] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic
    [17:07:46] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
    [17:07:46] [INFO] testing if Cookie parameter 'mymarket' is dynamic
    [17:07:46] [WARNING] Cookie parameter 'mymarket' is not dynamic
    [17:07:46] [INFO] testing if GET parameter 'id' is dynamic
    [17:07:46] [INFO] confirming that GET parameter 'id' is dynamic
    [17:07:46] [WARNING] GET parameter 'id' is not dynamic
    [*] shutting down at: 17:07:46
    When i try it without the single quote ' i get:
    Code:
    sqlmap.py -u "http://localhost/mymarket/shopping/index.php?id=1"
    
        sqlmap/0.8 - automatic SQL injection and database takeover tool
        http://sqlmap.sourceforge.net
    [*] starting at: 17:09:16
    
    [17:09:16] [INFO] testing connection to the target url
    [17:09:16] [INFO] testing if the url is stable, wait a few seconds
    [17:09:18] [INFO] url is stable
    [17:09:18] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic
    [17:09:18] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
    [17:09:18] [INFO] testing if Cookie parameter 'mymarket' is dynamic
    [17:09:18] [WARNING] Cookie parameter 'mymarket' is not dynamic
    [17:09:18] [INFO] testing if GET parameter 'id' is dynamic
    [17:09:18] [INFO] confirming that GET parameter 'id' is dynamic
    [17:09:18] [INFO] GET parameter 'id' is dynamic
    [17:09:18] [INFO] testing sql injection on GET parameter 'id' with 0 parenthesis
    [17:09:18] [INFO] testing unescaped numeric injection on GET parameter 'id'
    [17:09:18] [INFO] GET parameter 'id' is not unescaped numeric injectable
    [17:09:18] [INFO] testing single quoted string injection on GET parameter 'id'
    [17:09:18] [INFO] GET parameter 'id' is not single quoted string injectable
    [17:09:18] [INFO] testing LIKE single quoted string injection on GET parameter 'id'
    [17:09:18] [INFO] GET parameter 'id' is not LIKE single quoted string injectable
    [17:09:18] [INFO] testing double quoted string injection on GET parameter 'id'
    [17:09:18] [INFO] GET parameter 'id' is not double quoted string injectable
    [17:09:18] [INFO] testing LIKE double quoted string injection on GET parameter 'id'
    [17:09:18] [INFO] GET parameter 'id' is not LIKE double quoted string injectable
    [17:09:18] [INFO] GET parameter 'id' is not injectable with 0 parenthesis
    [17:09:18] [INFO] testing sql injection on GET parameter 'id' with 1 parenthesis
    [17:09:18] [INFO] testing unescaped numeric injection on GET parameter 'id'
    [17:09:18] [INFO] GET parameter 'id' is not unescaped numeric injectable
    [17:09:18] [INFO] testing single quoted string injection on GET parameter 'id'
    [17:09:18] [INFO] GET parameter 'id' is not single quoted string injectable
    [17:09:18] [INFO] testing LIKE single quoted string injection on GET parameter 'id'
    [17:09:18] [INFO] GET parameter 'id' is not LIKE single quoted string injectable
    [17:09:18] [INFO] testing double quoted string injection on GET parameter 'id'
    [17:09:18] [INFO] GET parameter 'id' is not double quoted string injectable
    [17:09:18] [INFO] testing LIKE double quoted string injection on GET parameter 'id'
    [17:09:18] [INFO] GET parameter 'id' is not LIKE double quoted string injectable
    [17:09:18] [INFO] GET parameter 'id' is not injectable with 1 parenthesis
    [17:09:18] [INFO] testing sql injection on GET parameter 'id' with 2 parenthesis
    [17:09:18] [INFO] testing unescaped numeric injection on GET parameter 'id'
    [17:09:18] [INFO] GET parameter 'id' is not unescaped numeric injectable
    [17:09:18] [INFO] testing single quoted string injection on GET parameter 'id'
    [17:09:18] [INFO] GET parameter 'id' is not single quoted string injectable
    [17:09:18] [INFO] testing LIKE single quoted string injection on GET parameter 'id'
    [17:09:18] [INFO] GET parameter 'id' is not LIKE single quoted string injectable
    [17:09:18] [INFO] testing double quoted string injection on GET parameter 'id'
    [17:09:18] [INFO] GET parameter 'id' is not double quoted string injectable
    [17:09:18] [INFO] testing LIKE double quoted string injection on GET parameter 'id'
    [17:09:18] [INFO] GET parameter 'id' is not LIKE double quoted string injectable
    [17:09:18] [INFO] GET parameter 'id' is not injectable with 2 parenthesis
    [17:09:18] [INFO] testing sql injection on GET parameter 'id' with 3 parenthesis
    [17:09:18] [INFO] testing unescaped numeric injection on GET parameter 'id'
    [17:09:18] [INFO] GET parameter 'id' is not unescaped numeric injectable
    [17:09:18] [INFO] testing single quoted string injection on GET parameter 'id'
    [17:09:18] [INFO] GET parameter 'id' is not single quoted string injectable
    [17:09:18] [INFO] testing LIKE single quoted string injection on GET parameter 'id'
    [17:09:18] [INFO] GET parameter 'id' is not LIKE single quoted string injectable
    [17:09:18] [INFO] testing double quoted string injection on GET parameter 'id'
    [17:09:18] [INFO] GET parameter 'id' is not double quoted string injectable
    [17:09:18] [INFO] testing LIKE double quoted string injection on GET parameter 'id'
    [17:09:18] [INFO] GET parameter 'id' is not LIKE double quoted string injectable
    [17:09:18] [INFO] GET parameter 'id' is not injectable with 3 parenthesis
    [17:09:18] [WARNING] GET parameter 'id' is not injectable
    [*] shutting down at: 17:09:18
    I tried a lot but nothing works. Do you have any hints?

    Thanks a lot!

  2. #2
    Junior Member pigtail23's Avatar
    Join Date
    Jun 2010
    Location
    black hole
    Posts
    41

    Default AW: sqlmap - SQL injection Scanner

    try it without ' ... http://localhost/mymarket/shopping/index.php?id=1 or use a higher level if u have 0.9-dev. ./sqlmap -u http://localhost/mymarket/shopping/index.php?id=1 --level=5


    edit: i see u have 0.8. have u tryed to inject with union, time based or something else?
    Last edited by pigtail23; 02-25-2011 at 01:19 PM.

  3. #3
    Junior Member Liuser's Avatar
    Join Date
    Apr 2010
    Posts
    58

    Default Re: AW: sqlmap - SQL injection Scanner

    To add onto pigtail23, You should do an svn checkout of .9-dev. It looks like the algorithms for sql injection is better than .8. I tested both .8 and .9 on an identified vulnerable web app and .8 missed the injection completely while .9 picked it up.

    $ svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev

Similar Threads

  1. Help with SQLMap
    By Dudeman02379 in forum Experts Forum
    Replies: 0
    Last Post: 01-16-2011, 06:43 AM
  2. Sqlmap Parte 1 - Extraccion de Datos
    By Rodolfo in forum BT Videos - ES
    Replies: 0
    Last Post: 08-11-2010, 08:39 AM
  3. sqlmap --os-pwn difficulties
    By signat in forum Experts Forum
    Replies: 0
    Last Post: 05-20-2010, 04:02 PM
  4. SQLMAP is too slow
    By SilverSpam in forum OLD Newbie Area
    Replies: 2
    Last Post: 03-01-2010, 09:17 AM
  5. VNC Auth scanner
    By netpumber in forum OLD BackTrack v2.0 Final
    Replies: 1
    Last Post: 05-29-2007, 08:16 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •