EvilZone
Hacking and Security => Hacking and Security => : Kinez November 14, 2013, 05:29:49 PM
-
I scan a site with uniscan on backtrack 5 and find 2 vulnerabilities on section Blind SQL-i: http://website.com/search_apps/industry/index.html?N=D+AND+1=1 and don't know how to get some database from that. I try mysql and sqlbrute but it didn't work for me. Can someone help me with this i will be very helpful :)
-
I would normally delete this. But the question is not that bad, and you are not using an actual page, but a hypothetical URL, which is good. Nor is your English that bad.
Best solution: Lean SQL and SQL injection and perhaps some sort of web oriented language like PHP and you will understand this easily. However I do understand that you might not want to learn all of this just to do this little injection. Or maybe you do, in which case great!
Asap solution (booooo!): Check out sqlmap (http://sqlmap.org/). Its a automated SQL injection tool that will do all the work for you. I don't normally advice people to use tools without knowing the workings behind it, but oh well.
-
i'm very thankfull for your answer. My biggest problem is that when i try to use sqlmap in backtrack it needs url vith php?id=5 for example. But i only have as you see .html and i trying for 3 days to get it but i don't.
-
i'm very thankfull for your answer. My biggest problem is that when i try to use sqlmap in backtrack it needs url vith php?id=5 for example. But i only have as you see .html and i trying for 3 days to get it but i don't.
You can just as well use .index.html?n=D. SQLmap doesn't care about the file extension.
-
HOW!! in sqlmap i write python sqlmap.py -u www.website.com/search_apps/industry/index.html?n=D -dbs and got this error invalid target details, valid syntax is for instance 'mysql://USER:PASSWORD@DBMS_IP:DBMS_PORT/DATABASE_NAME'
-
HOW!! in sqlmap i write python sqlmap.py -u www.website.com/search_apps/industry/index.html?n=D -dbs and got this error invalid target details, valid syntax is for instance 'mysql://USER:PASSWORD@DBMS_IP:DBMS_PORT/DATABASE_NAME'
python sqlmap.py -u http://www.website.com/search_apps/industry/index.html?n=D --dbs
Works fine. You probably missed the http:// (not sure if its required, but one always uses http:// to describe a URL). and the --dbs instead of -dbs
-
Do you know any SQL? It's best to learn some basic SQL and php before trying injection. And if you want to dive straight into injecting, maybe try this ebook? It has some nice info http://www.mediafire.com/download/6psj7siy595gp1e/Advance+SQLI+e-book.pdf
-
Ande I do that and i got 3 errors 1:using unescaped version of the test because of zero knowledge of the back-end DBMS
2:GET Parametar N is not injectable
3:(CRITICAL) all parametars appear to be not injectable.
-
Do you know any SQL? It's best to learn some basic SQL and php before trying injection. And if you want to dive straight into injecting, maybe try this ebook? It has some nice info http://www.mediafire.com/download/6psj7siy595gp1e/Advance+SQLI+e-book.pdf (http://www.mediafire.com/download/6psj7siy595gp1e/Advance+SQLI+e-book.pdf)
Please use our dedicated upload service for better speeds and less crap (http://upload.evilzone.org (http://upload.evilzone.org)).
On a related note: http://evilzone.org/tutorials/sql-injection/ (http://evilzone.org/tutorials/sql-injection/)
Ande I do that and i got 3 errors 1:using unescaped version of the test because of zero knowledge of the back-end DBMS
2:GET Parametar N is not injectable
3:(CRITICAL) all parametars appear to be not injectable.
Then I guess it's not injectable. sqlmap is actually pretty accurate, however all tools can be wrong. Do you have anything to back up that the n parameter is in fact vulnerable?
-
Ok thanks I'm going to use that in the future. It was already uploaded by someone else just retrieved it from my bookmarks :D
-
Nothing man i try with level 5 and risk 3 but nothing get. If it is not injectable why then uniscan found that url?
-
Nothing man i try with level 5 and risk 3 but nothing get. If it is not injectable why then uniscan found that url?
Because, again, tools can be wrong. Its called false positives. Its why you cant trust tools 100% and why people (you) need to learn how it actually works in order to be sure.
-
ok man i will try to learn more. Thanks for your help :D
-
As mentioned by others I would strongly suggest that you learn some basics of sql injection. There's a lot of really good vulnerable by design web applications made for exactly this purpose. Another thing you should learn is filter evasion. Things like replacing 1 = 1 with 1 LIKE 1 etc.
When you run sqlmap I suggest you also add the verbosity (-v) option with at least value 3. This will print out all the queries and is really good for educational reasons. Dissect the queries and understand what each part is doing by reading about them in the database documentation. I've learned a lot about manual injections doing this.
Some vulnerable web applications:
- Damn Vulnerable Web Application (DVWA): http://www.dvwa.co.uk/ (http://www.dvwa.co.uk/)
- Exploit KB Vulnerable Web App: http://exploit.co.il/projects/vuln-web-app/ (http://exploit.co.il/projects/vuln-web-app/)
- SQLi-Labs: https://github.com/Audi-1/sqli-labs (https://github.com/Audi-1/sqli-labs)
- Mutillidae: http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10 (http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10)