Re: [sqlmap-users] Some way to cancel others tests?
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Some way to cancel others tests?
|
From: Miroslav S. <mir...@gm...> - 2010-12-18 10:48:00
|
Hi David. Now there is a Ctrl+C check inside of detection mode for this kind of stuff: ... [11:45:44] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE clause' [11:45:46] [WARNING] Ctrl+C detected in detection phase How do you want to proceed? [(S)kip current test/(a)bort detection/(q)uit] ... Skip current test will literary skip the current test and start the other, abort detection will abort detection phase and use the information gathered till then, while quit will abruptly stop the execution of the program. For time based "tests" there will be a "delay" between Ctrl+C pressed and the presented question, but it will be presented for sure. Kind regards On Wed, Dec 1, 2010 at 8:35 PM, David Guimaraes <sk...@gm...> wrote: > Is there any way to make sqlmap not conduct further tests on the site? > (stacked, error, time-based, etc.). > > The problem is that during the identification of types of sqli allowed, it > hangs on a test and terminates the program without allowing me to exploit > the flaw. > > Example: > > Revision: 2468 > > $ ./sqlmap.py -u "http://www.vuln.xxx.br/path/vulnphp.php?vulnparam=1766" -p > vulnparam --threads 20 --dbs -v 2 > > sqlmap/0.9-dev - automatic SQL injection and database takeover tool > http://sqlmap.sourceforge.net > > [*] starting at: 17:23:43 > > [17:23:43] [DEBUG] cleaning up configuration parameters > [17:23:43] [DEBUG] setting the HTTP timeout > [17:23:43] [DEBUG] setting the HTTP method to GET > [17:23:43] [DEBUG] setting the UNION query SQL injection range of columns > [17:23:43] [DEBUG] creating HTTP requests opener object > [17:23:43] [INFO] using > '/home/xxx/sqlmap-dev/output/www.vuln.xxx.br/session' as session file > [17:23:43] [INFO] testing connection to the target url > [17:23:44] [WARNING] the testable parameter 'vulnparam' you provided is not > into the Cookie > [17:23:44] [INFO] testing if the url is stable, wait a few seconds > [17:23:46] [INFO] url is stable > [17:23:49] [INFO] heuristics shows that GET parameter 'vulnparam' might be > injectable (possible DBMS: MySQL) > [17:23:49] [INFO] testing sql injection on GET parameter 'vulnparam' > [17:23:49] [INFO] testing 'AND boolean-based blind - WHERE clause' > sqlmap got a 302 redirect to /home/l.php - What target address do you want > to use from now on? http://www.vuln.xxx.br:80/path/vulnphp.php (default) or > provide another target address based also on the redirection got from the > application > >> > [17:23:52] [DEBUG] setting match ratio for current parameter to default > value 0.900 > [17:23:58] [INFO] GET parameter 'vulnparam' is 'AND boolean-based blind - > WHERE clause' injectable > [17:23:58] [DEBUG] skipping test 'OR boolean-based blind - WHERE clause' > because the risk is higher than the provided > [17:23:58] [DEBUG] skipping test 'MySQL >= 5.0 boolean-based blind - GROUP > BY and ORDER BY clauses' because the level is higher than the provided > [17:23:58] [DEBUG] skipping test 'MySQL < 5.0 boolean-based blind - GROUP BY > and ORDER BY clauses' because the level is higher than the provided > [17:23:58] [DEBUG] skipping test 'Microsoft SQL Server/Sybase boolean-based > blind - ORDER BY clause' because the level is higher than the provided > [17:23:58] [DEBUG] skipping test 'Oracle boolean-based blind - ORDER BY > clause' because the level is higher than the provided > [17:23:58] [DEBUG] skipping test 'Generic boolean-based blind - GROUP BY and > ORDER BY clauses' because the level is higher than the provided > [17:23:58] [DEBUG] skipping test 'MySQL >= 5.0 boolean-based blind - GROUP > BY and ORDER BY clauses' because the level is higher than the provided > [17:23:58] [DEBUG] skipping test 'MySQL < 5.0 boolean-based blind - GROUP BY > and ORDER BY clauses' because the level is higher than the provided > [17:23:58] [DEBUG] skipping test 'Microsoft SQL Server/Sybase boolean-based > blind - ORDER BY clause' because the level is higher than the provided > [17:23:58] [DEBUG] skipping test 'Oracle boolean-based blind - ORDER BY > clause' because the level is higher than the provided > [17:23:58] [DEBUG] skipping test 'Generic boolean-based blind - GROUP BY and > ORDER BY clauses' because the level is higher than the provided > [17:23:58] [INFO] testing 'MySQL >= 5.0 error-based - WHERE clause' > [17:23:59] [INFO] GET parameter 'vulnparam' is 'MySQL >= 5.0 error-based - > WHERE clause' injectable > [17:24:00] [DEBUG] skipping test 'PostgreSQL error-based - WHERE clause' > because the back-end DBMS identified is MySQL > [17:24:00] [DEBUG] skipping test 'Microsoft SQL Server/Sybase error-based - > WHERE clause' because the back-end DBMS identified is MySQL > [17:24:00] [DEBUG] skipping test 'Oracle error-based - WHERE clause' because > the back-end DBMS identified is MySQL > [17:24:00] [DEBUG] skipping test 'MySQL >= 5.0 error-based - GROUP BY and > ORDER BY clauses' because the level is higher than the provided > [17:24:00] [DEBUG] skipping test 'PostgreSQL error-based - GROUP BY and > ORDER BY clauses' because the level is higher than the provided > [17:24:00] [DEBUG] skipping test 'Microsoft SQL Server/Sybase error-based - > ORDER BY clause' because the level is higher than the provided > [17:24:00] [DEBUG] skipping test 'Oracle error-based - ORDER BY clause' > because the level is higher than the provided > [17:24:00] [DEBUG] skipping test 'MySQL >= 5.0 error-based - GROUP BY and > ORDER BY clauses' because the level is higher than the provided > [17:24:00] [DEBUG] skipping test 'PostgreSQL error-based - GROUP BY and > ORDER BY clauses' because the level is higher than the provided > [17:24:00] [DEBUG] skipping test 'Microsoft SQL Server/Sybase error-based - > ORDER BY clause' because the level is higher than the provided > [17:24:00] [DEBUG] skipping test 'Oracle error-based - ORDER BY clause' > because the level is higher than the provided > [17:24:00] [INFO] testing 'MySQL > 5.0.11 stacked queries' > [17:24:00] [DEBUG] skipping test 'MySQL < 5.0.12 stacked queries' because > the level is higher than the provided > [17:24:00] [DEBUG] skipping test 'PostgreSQL > 8.1 stacked queries' because > the back-end DBMS identified is MySQL > [17:24:00] [DEBUG] skipping test 'PostgreSQL < 8.2 stacked queries - exists > function' because the level is higher than the provided > [17:24:00] [DEBUG] skipping test 'PostgreSQL < 8.2 stacked queries - Glibc' > because the level is higher than the provided > [17:24:00] [DEBUG] skipping test 'Microsoft SQL Server/Sybase stacked > queries' because the back-end DBMS identified is MySQL > [17:24:00] [DEBUG] skipping test 'Oracle stacked queries' because the level > is higher than the provided > [17:24:00] [DEBUG] skipping test 'Oracle stacked queries' because the level > is higher than the provided > [17:24:00] [DEBUG] skipping test 'Oracle stacked queries' because the level > is higher than the provided > [17:24:00] [DEBUG] skipping test 'SQLite > 2.0 stacked queries' because the > level is higher than the provided > [17:24:00] [DEBUG] skipping test 'Firebird stacked queries' because the > level is higher than the provided > [17:24:00] [INFO] testing 'MySQL > 5.0.11 AND time-based blind' > [17:24:40] [CRITICAL] unable to connect to the target url or proxy, sqlmap > is going to retry the request > [17:25:11] [CRITICAL] unable to connect to the target url or proxy, sqlmap > is going to retry the request > [17:25:42] [CRITICAL] unable to connect to the target url or proxy, sqlmap > is going to retry the request > [17:26:13] [CRITICAL] unable to connect to the target url or proxy > > [*] shutting down at: 17:26:13 > > David > > ------------------------------------------------------------------------------ > Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! > Tap into the largest installed PC base & get more eyes on your game by > optimizing for Intel(R) Graphics Technology. Get started today with the > Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. > http://p.sf.net/sfu/intelisp-dev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
