monsterhunterboy98
commented
5 years ago :(
Closed monsterhunterboy98 closed 5 years ago
monsterhunterboy98
commented
5 years ago :(
afeena
commented
5 years ago Please describe more info and send the command you've used (please don't use screenshots for reproduction steps, I don't see well what did you use, I assumed select @@Verison)
By default tanner uses sqlite3 , and this select command is not a valid command for this database, so nothing should happen. Tanner supports mysql and sqlite databases
And also additional info will be helpful: 1) Did you use your own tanner version? 2) What did you see in tanner log?
monsterhunterboy98
commented
5 years ago appended url for SQL injection on Glastopf: "Glastopf IP"/index.php/?q="select @@Version;"
Snare: "Snare IP"/?q="select @@Version;"
Nothing happened for Snare. I did the same command on my vulnerable MySQL instance it works fine.
1.I did not install tanner. I was able to replicate the LFI exploit without tanner so I went ahead and did the sql injection
afeena
commented
5 years ago @monsterhunterboy98 MySQL is not default db for SNARE. default is sqlite3. You can change this in config.
glaslos
commented
5 years ago Closing this for inactivity. I assume all questions have been answered.
I tried replicating the exploitation steps done on my Glastopf Instance on my newly installed Snare. I only manage to emulate LFI exploit on snare. However, when I tried the successful injections on Snare, it was not able to emulate it.
Glastopf:
Snare: Snare Simply refreshes the cloned page.
Is there a reference for all the supported vulnerabilities emulation for snare? As I only manage to emulate the LFI exploit