Re: [sqlmap-users] Implement please?
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Implement please?
|
From: Bernardo D. A. G. <ber...@gm...> - 2010-03-19 08:48:11
|
Yesterday we committed on subversion the very early support for Microsoft Access, we will be working on it soon. Bernardo On Fri, Mar 19, 2010 at 05:05, Brandon <bmu...@gm...> wrote: > I was wondering if you can please implement Microsoft Access? > > C:\sqlmap8>sqlmap -u http://www.vulnsite.com/forum.asp?id=11 --current-user > -v 2 > > sqlmap/0.8 - automatic SQL injection and database takeover tool > http://sqlmap.sourceforge.net > > [*] starting at: 00:53:35 > > [00:53:35] [DEBUG] initializing the configuration > [00:53:35] [DEBUG] initializing the knowledge base > [00:53:35] [DEBUG] cleaning up configuration parameters > [00:53:35] [DEBUG] setting the HTTP timeout > [00:53:35] [DEBUG] setting the HTTP method to GET > [00:53:35] [DEBUG] creating HTTP requests opener object > [00:53:35] [DEBUG] parsing XML queries file > [00:53:35] [INFO] using 'C:\sqlmap8\output\www.vulnsite.com\session' as > session file > [00:53:35] [INFO] testing connection to the target url > [00:53:37] [INFO] testing if the url is stable, wait a few seconds > [00:53:41] [INFO] url is stable > [00:53:41] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic > [00:53:43] [WARNING] User-Agent parameter 'User-Agent' is not dynamic > [00:53:43] [INFO] testing if Cookie parameter 'ASPSESSIONIDASAAARCB' is > dynamic > [00:53:45] [WARNING] Cookie parameter 'ASPSESSIONIDASAAARCB' is not dynamic > [00:53:45] [INFO] testing if GET parameter 'forumid' is dynamic > [00:53:45] [DEBUG] got HTTP error code: 500 > [00:53:45] [DEBUG] setting match ratio to default value 0.900 > [00:53:45] [INFO] confirming that GET parameter 'forumid' is dynamic > [00:53:46] [DEBUG] got HTTP error code: 500 > [00:53:47] [DEBUG] got HTTP error code: 500 > [00:53:47] [INFO] GET parameter 'forumid' is dynamic > [00:53:47] [INFO] testing sql injection on GET parameter 'forumid' with 0 > parenthesis > [00:53:47] [INFO] testing unescaped numeric injection on GET parameter > 'forumid' > [00:53:49] [DEBUG] got HTTP error code: 500 > [00:53:49] [INFO] confirming unescaped numeric injection on GET parameter > 'forumid' > [00:53:50] [DEBUG] got HTTP error code: 500 > [00:53:50] [INFO] GET parameter 'forumid' is unescaped numeric injectable > with 0 parenthesis > [00:53:50] [INFO] testing for parenthesis on injectable parameter > [00:53:51] [DEBUG] got HTTP error code: 500 > [00:53:51] [DEBUG] got HTTP error code: 500 > [00:53:52] [DEBUG] got HTTP error code: 500 > [00:53:52] [INFO] the injectable parameter requires 0 parenthesis > [00:53:52] [INFO] testing MySQL > [00:53:53] [DEBUG] got HTTP error code: 500 > [00:53:53] [WARNING] the back-end DMBS is not MySQL > [00:53:53] [INFO] testing Oracle > [00:53:54] [DEBUG] got HTTP error code: 500 > [00:53:54] [WARNING] the back-end DMBS is not Oracle > [00:53:54] [INFO] testing PostgreSQL > [00:53:54] [DEBUG] got HTTP error code: 500 > [00:53:54] [WARNING] the back-end DMBS is not PostgreSQL > [00:53:54] [INFO] testing Microsoft SQL Server > [00:53:55] [DEBUG] got HTTP error code: 500 > [00:53:55] [WARNING] the back-end DMBS is not Microsoft SQL Server > [00:53:55] [ERROR] sqlmap was not able to fingerprint the back-end database > management system, > but from the HTML error page it was possible to determinate that > the back-end DBMS is Microsoft Access. Support for this DBMS will be > implemented > if you ask, just drop us an email > > [*] shutting down at: 00:53:55 > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
