[Owasp-testing] Database Fingerprinting
Calderon, Juan Carlos (GE, Corporate, consultant)
juan.calderon at ge.com
Wed Dec 16 09:55:57 EST 2009
Have you considered that authentication might be LDAP? You might need a LDAP injection instead of SQL, although similar they are not the same.
- commenting using # instead of -- for old MySql
- using or 1=1 -- (no quotes) in case of numeric user id
- using or ''||'1' = '1' -- for identifying oracle
- closing parenthesis ' or 1=1) for applications filtering --
- using other operators ' or 'a' like 'a' -- for operator filtering
- and many more on http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
- if nothing works try more sophisticated filter evasion techniques http://www.steve-shead.com/2009/08/11/cross-site-scripting-cheat-sheet/
- And you might want to read the OWASP Sql Injection prevention Cheat Sheet as you might be facing some of the countermeasures there http://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
If you are able to make one successful request the others are pretty much simpler
Juan C Calderon
From: owasp-testing-bounces at lists.owasp.org [mailto:owasp-testing-bounces at lists.owasp.org] On Behalf Of Zaki Akhmad
Sent: Miércoles, 16 de Diciembre de 2009 01:57 a.m.
Subject: Re: [Owasp-testing] Database Fingerprinting
Thanks for all the responses
I haven't got any error messages. This site doesn't have many form except:
- authentication: userid and password
- quantity of the goods
I have tried both, inserting SQL injection command and it failed.
Sigh, this web applicationis good at handling input.
How do I do sqlmap to authenticated page?
This site has dynamic GET parameters. This web application automatically redirects to its home address if I hit this URL without being succesfully authenticated.
Owasp-testing mailing list
Owasp-testing at lists.owasp.org
More information about the Owasp-testing