New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[DEBUG] got HTTP error code: 500 on boolean-based blind #607

Closed
asadmalik786 opened this Issue Feb 13, 2014 · 7 comments

Comments

Projects
None yet
3 participants
@asadmalik786

asadmalik786 commented Feb 13, 2014

Hello , i need some help in doing blind sql injections and i'm facing this error "[DEBUG] got HTTP error code: 500 (Internal Server Error)" when sqlmap checks payloads against url.

My Target is:-
Server: Microsoft-IIS/7.5
Retrieved x-powered-by header: ASP.NET
Retrieved x-aspnet-version header: 2.0.50727

I USED THESE SWITCHES WITH SQLMAP.

-v 4 --parse-errors --banner --dbs --random-agent --level=5 --risk=3

and it shows HTTP 500 Error as shown below.
[...]
[07:11:15] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[07:11:15] [WARNING] parsed DBMS error message: 'System.ArgumentException: parsing "Page=2)..[""']'(" - Too many )'s.'
[07:11:15] [WARNING] heuristic (basic) test shows that GET parameter 'Page' might not be injectable
[07:11:15] [INFO] testing for SQL injection on GET parameter 'Page'
[07:11:15] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[07:11:15] [PAYLOAD] 2) AND 8998=5058
[..]

Target is confirm vulnerable to blind Sql Injections, bug found by acunetix and Uniscan project.kindly help me regarding this that how can i do perfect injection using sqlmap. i tried --hex but didn't succeed.

PS : i got this from NIKTO.
Server banner has changed from 'Microsoft-IIS/7.5' to 'Microsoft-HTTPAPI/2.0' which may suggest a WAF, load balancer or proxy is in place.

waiting for your reply.

@stamparm

This comment has been minimized.

Member

stamparm commented Feb 13, 2014

got HTTP error code: 500 (Internal Server Error) is a normal behavior in testing phase. Please try to exploit it manually and you'll see what does it mean.

@stamparm stamparm closed this Feb 13, 2014

@asadmalik786

This comment has been minimized.

asadmalik786 commented Feb 13, 2014

Alright , but at the end it didn't succeed. it shows this error on level=1 to level=5 with risk=3

[06:20:30] [WARNING] GET parameter 'Page' is not injectable
[06:20:30] [CRITICAL] all tested parameters appear to be not injectable. Try to increase '--level'/'--risk' values to perform more tests. Also, you can try to rerun by providing either a valid value for option '--string' (or '--regexp')
[06:20:30] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 59 times

i cant do this manually. is their is another suggestions to complete this.i was thinking that it might be some waf installed.

@stamparm

This comment has been minimized.

Member

stamparm commented Feb 13, 2014

You have a bad premise. If software like Acunetix says that something is injectable (most probably of that error message), you can't take it as granted. Please try to exploit it manually and come back later.

@asadmalik786

This comment has been minimized.

asadmalik786 commented Feb 13, 2014

the Uniscan project http://uniscan.sourceforge.net/ also identified that its blind sqli.
anyway, the thing you cleared here that their is no WAF. i will try to do it manually !
thanks

@asadmalik786

This comment has been minimized.

asadmalik786 commented Feb 14, 2014

@stamparm Bro , i have checked it manually , its blind Sql Injection wait for delay in post content,i have checked it manually!!.The testing Post parameters are in user name form field, which is ..

username'; waitfor delay '00:00:10' --

by doing this it get respond after 10 seconds, now plz help me to do the rest of the queries using sqlmap, in order to get database.

waiting for your reply thanks.

@asadmalik786

This comment has been minimized.

asadmalik786 commented Feb 14, 2014

thanks i got it !

@bb1ox1bb

This comment has been minimized.

bb1ox1bb commented Dec 7, 2015

asadmalik786

so maby u can share you exp how did u finished that attack?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment