How to analyze problems with sqlmap

WBOY
Release: 2023-05-27 13:07:56
forward
1572 people have browsed it

0x00 Overview

Recently, I encountered a strange phenomenon when using sqlmap for injection testing. The higher version of sqlmap cannot detect the injection, but the lower version can detect the injection and can The leaked data is not a false alarm. After comparative testing and checking the sqlmap source code, two small pitfalls were found.

0x01 Scenario reproduction

Injection point format: json
..."whereparams":[{"name":"keyWord","value": "test"}]}
Injectable parameters: value
sqlmap command:
python sqlmap.py -r sqlpk.txt –flush-session -vv
sqlmap v1.2.11 cannot be injected

How to analyze problems with sqlmap

sqlmap v1.2 was successfully injected

How to analyze problems with sqlmap

Similarly v1.2.10 cannot be injected. v1.1.12 can be injected

After analysis, the two pitfalls are as follows:
(1) The boundaries.xml of v1.2.11 (/v1.2.10/v1.2.9/master) no longer targets fuzzy queries (% ), while v1.2 (/v1.1.12/1.1.4/1.2.2) has.
(2) v1.2.11 (/v1.2.10/1.2.9/master) must manually set a certain parameter of json to * in order to inject this parameter (even if y-inject inside is selected), otherwise the payload will be directly Following json makes it impossible to inject, while v1.2 (/v1.1.12) can by default press Enter (y) to inject a certain parameter of json.

0x02 Detailed test

Pitfalls (1):
First understand the payload composition of sqlmap:

How to analyze problems with sqlmap

//Image source https://www.freebuf.com/colum...

Look at the test payload of v1.2:

How to analyze problems with sqlmap

Used payload: %' and 5731=5731 and '%'='
This is a very common search box injection
Look at the boundaries.xml of V1.2:

How to analyze problems with sqlmap

The boundaries.xml of v1.2.11 does not have an injection test for fuzzy queries!
https://github.com/sqlmapproj...
So add the fuzzy query injection test to the file of v1.2.11, and manually add * to the injection parameters (such as value), you can successfully inject !
Attached is the added version:
https://github.com/theLSA/sql...

How to analyze problems with sqlmap

pr got the reply because There were so many false positives that the relevant payload was removed, but recovery will be limited.
https://github.com/sqlmapproj...

Pitfalls (2):
Compare the payloads of v1.2 and v1.2.11:

How to analyze problems with sqlmap

It can be seen that v1.2.11 directly connects the payload to the end of json.
Manually add *
"whereparams":[{"name":"keyWord","value":"*"}]}
to the injection parameter value to successfully inject!

0x03 Conclusion

  1. I personally recommend adding a fuzzy query test payload. False positives are better than false negatives, and it is a very common fuzzy query injection. .

  2. When encountering json parameters, try to add them manually* (for some versions of sqlmap).

  3. It is recommended to add -vv when testing with sqlmap.

  4. Don’t rely too much on tools. Try to use manual testing of tools to be safer.

The above is the detailed content of How to analyze problems with sqlmap. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:yisu.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template