[sqlmap-users] bug: -g uses wrong session file
Brought to you by:
inquisb
From: Kasper F. <th...@ma...> - 2010-03-15 11:32:29
|
Hello sqlmap users. It seems that sqlmap i using the wrong session file if a hosts on the google dorks are vulnerable and the vulnerability is used. The next vulnerable host will use the same session file! [12:14:17] [INFO] testing url <A>/index.php?id=67,0,0,1,0,0 [12:14:17] [INFO] using 'C:\Users\foens\Desktop\sqlmap\output\<A>\session' as session file [12:14:17] [INFO] testing connection to the target url ... [12:14:20] [INFO] testing if the url is stable, wait a few seconds [12:14:27] [WARNING] url is not stable, sqlmap will base the page comparison on a sequence matcher, if no dynamic nor injectable parameters are detected, refer to user's manual paragraph 'Page comparison' and provide a string or regular expression to match on [12:14:27] [INFO] testing sql injection on GET parameter 'id' with 0 parenthesis ... ... [12:19:46] [INFO] GET parameter 'id' is double quoted string injectable with 3 parenthesis do you want to exploit this SQL injection? [Y/n] y [12:20:36] [INFO] testing for parenthesis on injectable parameter [12:21:00] [INFO] the injectable parameter requires 3 parenthesis [12:21:00] [INFO] testing MySQL [12:21:08] [WARNING] the back-end DMBS is not MySQL [12:21:08] [INFO] testing Oracle [12:21:17] [WARNING] the back-end DMBS is not Oracle [12:21:17] [INFO] testing PostgreSQL [12:21:26] [WARNING] the back-end DMBS is not PostgreSQL [12:21:26] [INFO] testing Microsoft SQL Server [12:21:34] [INFO] confirming Microsoft SQL Server [12:21:43] [INFO] the back-end DBMS is Microsoft SQL Server web application technology: Apache 1.3.41, PHP 5.2.13 back-end DBMS: Microsoft SQL Server 2000 ... ... GET <B>/edb_og_internet/hardware/index.php?id=32 do you want to test this url? [Y/n/q] > y [12:25:10] [INFO] testing url <B>/edb_og_internet/hardware/index.php?id=32 [12:25:10] [INFO] using 'C:\Users\foens\Desktop\sqlmap\output\<A>\session' as session file I have anonyminized the hosts. /Kasper |