sqlmap back-end DBMS not identified

robbtek · 04-15-2016, 03:13 AM

I test my application (php) for sql injection vulnerability.
I try this command:

./sqlmap -u "http://MY_SITE/loginform.php" --data="username=1&password=1" --threads=6 --level=5 --risk=3 --dbms MySQL --random-agent

...

[09:45:10] [INFO] POST parameter 'username' seems to be 'OR boolean-based blind - WHERE or HAVING clause' injectable
....
POST parameter 'username' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
sqlmap identified the following injection point(s) with a total of 576 HTTP(s) requests:
---
Parameter: username (POST)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: username=-7507) OR 8139=8139-- GQuQ&password=1
---
[09:45:32] [INFO] testing MySQL
[09:45:32] [WARNING] the back-end DBMS is not MySQL
[09:45:32] [CRITICAL] sqlmap was not able to fingerprint the back-end database management system. Support for this DBMS will be implemented at some point
[09:45:32] [WARNING] HTTP error codes detected during run:
403 (Forbidden) - 119 times

Im sure that is Mysql, why sqlmap dont recognize it? how can tune it with other option?

Thanks

mralk3 · 04-20-2016, 07:18 PM

You need to take another look at the documentation. Wrong switches in your string. Basically sqlmap doesn't know how to determine the DBMS because yours is formatted incorrectly.

Found here: https://github.com/sqlmapproject/sqlmap/wiki/Usage

Code:

Direct connection to the database

Option: -d

Run sqlmap against a single database instance. This option accepts a connection string in one of following forms:

    DBMS://USER:PASSWORD@DBMS_IP:DBMS_PORT/DATABASE_NAME (MySQL, Oracle, Microsoft SQL Server, PostgreSQL, etc.)
    DBMS://DATABASE_FILEPATH (SQLite, Microsoft Access, Firebird, etc.)

For example:

$ python sqlmap.py -d "mysql://admin:admin@192.168.21.17:3306/testdb" -f --bann\
er --dbs --users