[Owasp-testing] Database Fingerprinting

daniel cuthbert daniel.cuthbert at owasp.org
Wed Dec 16 11:44:15 EST 2009


have you tried blind injection to see if the app is indeed vulnerable in the
first place?

2009/12/16 Calderon, Juan Carlos (GE, Corporate, consultant) <
juan.calderon at ge.com>

> Have you considered that authentication might be LDAP? You might need a
> LDAP injection instead of SQL, although similar they are not the same.
>
> Also, try
> - commenting using # instead of -- for old MySql
> - using or 1=1 -- (no quotes) in case of numeric user id
> - using or ''||'1' = '1' -- for identifying oracle
> - closing parenthesis ' or 1=1) for applications filtering --
> - using other operators ' or 'a' like 'a' -- for operator filtering
> - and many more on
> http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
> - if nothing works try more sophisticated filter evasion techniques
> http://www.steve-shead.com/2009/08/11/cross-site-scripting-cheat-sheet/
> - And you might want to read the OWASP Sql Injection prevention Cheat Sheet
> as you might be facing some of the countermeasures there
> http://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
>
> If you are able to make one successful request the others are pretty much
> simpler
>
> Regards,
> Juan C Calderon
>
> -----Original Message-----
> From: owasp-testing-bounces at lists.owasp.org [mailto:
> owasp-testing-bounces at lists.owasp.org] On Behalf Of Zaki Akhmad
> Sent: Miércoles, 16 de Diciembre de 2009 01:57 a.m.
> To: owasp-testing
> Subject: Re: [Owasp-testing] Database Fingerprinting
>
> Thanks for all the responses
>
> I haven't got any error messages. This site doesn't have many form except:
> - authentication: userid and password
> - quantity of the goods
>
> I have tried both, inserting SQL injection command and it failed.
> Sigh, this web applicationis good at handling input.
>
> How do I do sqlmap to authenticated page?
>
> This site has dynamic GET parameters. This web application automatically
> redirects to its home address if I hit this URL[1] without being succesfully
> authenticated.
>
> -za,
> [1]https://tralalaxxx.com/?act=shop&page=5
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-testing/attachments/20091216/140f5b3b/attachment-0001.html 


More information about the Owasp-testing mailing list