I have a web app vulnerable to sqli:
Type: inline query but also blind
web server operating system: Windows 8 or 2012
web application technology: ASP.NET, ASP.NET 2.0.50727, Microsoft IIS 8.0
back-end DBMS: Microsoft SQL Server 2008
I've been able to pull user names, their hashes, and over 100 db names no problem. But I can't seem to extract anything more as the app is constantly timing out. Does anyone have any suggestions besides increasing --timeout? Since it's also blind I threw in --no-cast --text-only --predict-output which has always seemed to help in the past when dealing with blind. Sqlmap identified it as inline, as indicated, but also indicated blind and inline during a previous test.
Payload: http://blablahblah.com/frmviewreport.aspx?blah=(SELECT CHAR(113)+CHAR(112)+CHAR(106)+CHAR(98)+CHAR(113)+(SELECT (CASE WHEN (9405=9405) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(120)+CHAR(118)+CHAR(118)+CHAR(113))&RT=blah&SpeciesID=All&yearid=All&blahid=All
I am running the latest edition of Kali as my primary OS.
Thanks for your help!
thank you! xoxo
Hey there again. After running -v 3 I get this message: (Incorrect syntax near 'GRAM'.)
After doing some testing I noticed something very strange. When submitting a normal query without any syntax errors, the application timesouts. However when I modify the query to include an ', the app does NOT time out. Hmm??
For example: http://blahblahblah.com/frmviewreport.aspx?id=All&RT=All&SpeciesID=All&yearid=All&blahid=All <------- nothing wrong with syntax, application timing out.
http://blahblahblah.com/frmviewreport.aspx?id='&RT=All&SpeciesID=All&yearid=All&blah=All <------- incorrect syntax but not timing out
Do you have any insight? Thanks!
Maybe you are trying to retrieve the large dataset (I can see All everywhere) and that large dataset is causing the timeouts. Try to use something different (but valid) instead of All