pierre Posted June 24, 2016 Posted June 24, 2016 Hello, I would to initiate myself to sqlninja : http://sqlninja.sourceforge.net/ I already following this tutorial: http://techotweak.blogspot.fr/2015/05/what-is-sql-injection-and-how-to-use.html But my injection is located at this url : http://192.168.1.1/DVWA/vulnerabilities/sqli/? So I can't use the same file parameters ... and it fails :( root@osboxes:~# sqlninja -mt -f sql_get.conf Sqlninja rel. 0.2.6-r1 Copyright (C) 2006-2011 icesurfer <r00t@northernfortress.net> [+] Parsing sql_get.conf... [-] HTTP request not defined in sql_get.conf Are you sure you are not using a configuration file of a previous version? Starting from version 0.2.6, the syntax has changed. See documentation Has someone ever succed in using this tool ? :) Quote
digininja Posted June 24, 2016 Posted June 24, 2016 unless they have updated it sqlninja is for MSSQL no MySQL so it won't work against DVWA. what is in your config file? Quote
pierre Posted June 27, 2016 Author Posted June 27, 2016 (edited) Here is my sqlninja conf file for GET method : root@osboxes:~# more sql_get.conf —httprequest_start— GET http://192.168.1.1/DVWA/vulnerabilities/sqli/? id=1&Submit=Submit#';__SQL2INJECT__HTTP/1.0 Host: 192.168.1.1 User-Agent: Mozilla/5.0 (X11; U; en-US; rv:1.7.13) Gecko/20060418Firefox/1.0.8 Accept: text/xml, application/xml, text/html; q=0.9, text/plain; q=0.8, image/png,*/* Accept-Language: en-us, en; q=0.7, it;q=0.3 Accept-Charset: ISO-8859-15, utf-8; q=0.7,*;q=0.7 Content-Type: application/x-www-form-urlencoded Cookie: security=low; PHPSESSID=k4ooe285n9nco1a3kj01p0hv93 Connection: close —httprequest_end— For this topology: But yes I am on MySQL, maybe it is the problem.. Edited June 27, 2016 by tot94 Quote
digininja Posted June 27, 2016 Posted June 27, 2016 It won't successfully run against MySQL as it is looking for MSSQL errors and using MSSQL specific SQL commands. Quote
pierre Posted June 27, 2016 Author Posted June 27, 2016 (edited) Ok I'll will maybe look for an MSSQL server to exploit :) Edited June 27, 2016 by tot94 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.