sqlmap often has the need for the user to input the web server root's full path for things like uploading a shell, reading files, etc. I believe sqlmap has some built in techniques such as attempting to guess the path from known common configurations.
To expand on this I propose that sqlmap attempts to cause errors in the application by using known techniques as detailed here http://blog.dewhurstsecurity.com/2011/10/05/full-path-disclosure-fpd.html and here https://www.owasp.org/index.php/Full_Path_Disclosure
Here is some very high level pseudocode:
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""
# Main FPD class
class FullPathDisclosure():
def empty_array():
# Original: http://site.com/index.php?page=about
# Crafted: http://site.com/index.php?page[]=about
def invalid_session_cookie():
# Original: Cookie: PHPSESSID=ef7f786sd78f6ds78f6;
# Crafted: Cookie: PHPSESSID=;
# Crafted: Cookie: PHPSESSID=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA;
# Crafted: Cookie: PHPSESSID=.;
def direct_object_reference():
# Popular known pages that give FPD.
# http://localhost/wp/wp-includes/wp-db.php
def invalid_file_names():
# Original: http://www.host.com/default.aspx
# Crafted: http://www.host.com/default~.aspx
def parse_fpd():
# Extract FPD from errors using regex.
The crawler could also potentially use the FullPathDisclosure class to search each page it visits for FPD, just running regex against each page, and/or actively testing each page for empty arrays, etc.
If this could be implemented ; an "admin panel finder" could also finds its place.
What do you think ?
Very nice suggestion. Including the cloudflare protected website. Tge IT
team in my country are to lazy to update some security bugs to our gov
website. Even we send them the bugs. So we need to teach them some lesson.
One of our trusted gov website is vulnerable thru sqli and i found the
admin account but the cloud flare kick when i try to locate the location of
the admin panel..
Sorry for my poor english.
On 18 Jun 2016 02:31, "iwantaturboman" [email protected] wrote:
If this could be implemented ; an "admin panel finder" could also finds
its place.
What do you think ?—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
https://github.com/sqlmapproject/sqlmap/issues/1895#issuecomment-226846492,
or mute the thread
https://github.com/notifications/unsubscribe/AJlzx6VMVPZ2WPcYNBxp8DEBW9dv5tKTks5qMugKgaJpZM4ImYrk
.
Find admin panel is not related with sql inections. Try other tools for that.
Most helpful comment
Find admin panel is not related with sql inections. Try other tools for that.