Jump to content

Is someone ever succed in running sqlninja tool ?


Recommended Posts

Posted

Hello,

I would to initiate myself to sqlninja : http://sqlninja.sourceforge.net/

I already following this tutorial: http://techotweak.blogspot.fr/2015/05/what-is-sql-injection-and-how-to-use.html

But my injection is located at this url : http://192.168.1.1/DVWA/vulnerabilities/sqli/?

So I can't use the same file parameters ... and it fails :(

root@osboxes:~# sqlninja -mt -f sql_get.conf
Sqlninja rel. 0.2.6-r1
Copyright (C) 2006-2011 icesurfer <r00t@northernfortress.net>
[+] Parsing sql_get.conf...
[-] HTTP request not defined in sql_get.conf
    Are you sure you are not using a configuration file of a previous version?
    Starting from version 0.2.6, the syntax has changed. See documentation

Has someone ever succed in using this tool ? :)

Posted

unless they have updated it sqlninja is for MSSQL no MySQL so it won't work against DVWA.

 

what is in your config file?

Posted (edited)

Here is my sqlninja conf file for GET method :

root@osboxes:~# more sql_get.conf 
—httprequest_start—

GET http://192.168.1.1/DVWA/vulnerabilities/sqli/?
id=1&Submit=Submit#';__SQL2INJECT__HTTP/1.0
Host: 192.168.1.1
User-Agent: Mozilla/5.0 (X11; U; en-US; rv:1.7.13) Gecko/20060418Firefox/1.0.8
Accept: text/xml, application/xml, text/html; q=0.9, text/plain; q=0.8, image/png,*/*
Accept-Language: en-us, en; q=0.7, it;q=0.3
Accept-Charset: ISO-8859-15, utf-8; q=0.7,*;q=0.7
Content-Type: application/x-www-form-urlencoded
Cookie: security=low; PHPSESSID=k4ooe285n9nco1a3kj01p0hv93
Connection: close

—httprequest_end—

For this topology:

top5.png

But yes I am on MySQL, maybe it is the problem..

Edited by tot94
Posted

It won't successfully run against MySQL as it is looking for MSSQL errors and using MSSQL specific SQL commands.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...