http-sql-injection broken in Nmap 7.70 #1191
Comments
I'm seeing issues with detection of XSS as well. The course shows that I should be getting results:
If you want me to report this as a separate bug let me know. I think the problem is related. |
Thanks for the report! I have a few questions to help diagnose the problem:
Thanks. |
Regarding the XSS detection, it doesn't look like the vulnerable path is being requested. The |
Hi Daniel,
I can see that the vulnerable URL cat.php?id=1 is in the returned packet stream but there is no further effort by nmap to access these URLs. I suspect the issue is that spidering is not really happening, since I am not seeing any effort to inject anything. |
Hi Daniel, |
Hi Daniel,
|
Ignore the bit about not seeing it in wireshark. I am now... just a bit of a brain shortage. So I guess the only issue is it is not reported as being found despite performing the injection and receiving the error indicating an injection occured. |
The problem here was the error detection string generated by this instance of MySQL was missing in our DB. Remember that Nmap as a project can't ship larger databases so it is always a good idea to keep a larger list that you can use for these cases. In this case I will add two additional error strings taken from this VM to improve detection with the default DB and close this ticket. |
I was trying to follow an SQL injection tutorial (Web Application Penetration Testing course on Cybrary.it) which showed downloading a VM ISO from https://pentesterlab.com/exercises/from_sqli_to_shell. The tutorial showed using nmap to check for SQLI and in the video it returned lots of results. I have not been able to get it to work and I show using curl below to prove there is an SQLI on the target.
root@kali:~# nmap -debug -p80 --script http-sql-injection --script-args
'httpspider.maxpagecount=200,http-sql-injection.url=/cat.php' 10.0.0.21
root@kali:~# curl "10.0.0.21/cat.php?id=1'"
The text was updated successfully, but these errors were encountered: