"Or why ist this critical: [09:26:54] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request"
If something is not "connectable" then sqlmap is in "[CRITICAL]" state --- "Is there an overview about the different message-states (info, warning, critcal and so on) and the meaning of them?" No. I always thought that messages are more or less clear (at least majority of them) --- "Why ist the following message a warning: [09:25:52] [WARNING] GET parameter 'module' is not injectable" You are being warned that that same parameter that sqlmap tried to test/exploit it didn't succeed to do so. I am not sure what's the problem with this one (why are you bothered with this). --- On Mon, Jun 1, 2015 at 9:20 AM, <gr...@abwesend.de> wrote: > Hello, > > I want to test our written function. So i start testing with the following > command: > sqlmap.py -u " > https://SERVER/index.php?module=upload&func=checkUserForm&c_id=102"; > --banner --auth-type=Basic --auth-cred=name:password > > Now I'm wondering about the status of some messages. > > Why ist the following message a warning: > [09:25:52] [WARNING] GET parameter 'module' is not injectable > > Or why ist this critical: > [09:26:54] [CRITICAL] unable to connect to the target URL or proxy. sqlmap > is going to retry the request > > Is there an overview about the different message-states (info, warning, > critcal and so on) and the meaning of them? > > > A short listing of the whole output: > [09:24:49] [INFO] testing connection to the target URL > [09:24:51] [INFO] heuristics detected web page charset 'UTF-8' > [09:24:51] [WARNING] reflective value(s) found and filtering out > [09:24:51] [INFO] testing if the target URL is stable. This can take a > couple of seconds > [09:24:52] [INFO] target URL is stable > [09:24:52] [INFO] testing if GET parameter 'module' is dynamic > [09:24:52] [INFO] confirming that GET parameter 'module' is dynamic > [09:24:53] [WARNING] GET parameter 'module' does not appear dynamic > [09:24:53] [WARNING] heuristic (basic) test shows that GET parameter > 'module' might not be injectable > [09:24:53] [INFO] testing for SQL injection on GET parameter 'module' > [09:24:53] [INFO] testing 'AND boolean-based blind - WHERE or HAVING > clause' > [09:24:56] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Parameter > replace' > [09:24:57] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, > ORDER BY or GROUP BY clause' > [09:24:58] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING > clause' > [09:25:00] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - > WHERE or HAVING clause' > [09:25:01] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause > (XMLType)' > [09:25:03] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace' > [09:25:03] [INFO] testing 'MySQL inline queries' > [09:25:03] [INFO] testing 'PostgreSQL inline queries' > [09:25:04] [INFO] testing 'Microsoft SQL Server/Sybase inline queries' > [09:25:04] [INFO] testing 'MySQL > 5.0.11 stacked queries (SELECT - > comment)' > [09:25:05] [INFO] testing 'PostgreSQL > 8.1 stacked queries (comment)' > [09:25:07] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries > (comment)' > [09:25:08] [INFO] testing 'Oracle stacked queries > (DBMS_PIPE.RECEIVE_MESSAGE - comment)' > [09:25:10] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SELECT)' > [09:25:11] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' > [09:25:13] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind' > [09:25:14] [INFO] testing 'Oracle AND time-based blind' > [09:25:16] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' > [09:25:16] [WARNING] using unescaped version of the test because of zero > knowledge of the back-end DBMS. You can try to explicitly set it using > option > '--dbms' > [09:25:32] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns' > [09:25:52] [WARNING] GET parameter 'module' is not injectable > [09:25:52] [INFO] testing if GET parameter 'func' is dynamic > sqlmap got a 302 redirect to 'https://SERVER:443/index.php'. Do you want > to follow? [Y/n] n > [09:26:54] [ERROR] detected invalid data for declared content encoding > 'gzip' ('unpack requires a string argument of length 4') > [09:26:54] [WARNING] turning off page compression > [09:26:54] [CRITICAL] unable to connect to the target URL or proxy. sqlmap > is going to retry the request > [09:26:55] [INFO] confirming that GET parameter 'func' is dynamic > [09:26:55] [WARNING] GET parameter 'func' does not appear dynamic > [09:26:55] [WARNING] heuristic (basic) test shows that GET parameter > 'func' might not be injectable > ... > > > Thank you, > > regards Peter > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm
------------------------------------------------------------------------------
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
