[sqlmap-users] error or bug
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] error or bug
|
From: Jonatah R. <jon...@ho...> - 2013-06-12 00:40:29
|
Hello guys, i made 3 attempts injection, all 3 have unequal information, one said there was no injection, the other said through heuristics to be Firebird DBMS, and the DBMS be another SAP MaxDB. I also tested it with --tamper, and --string, as stated sqlmap, stated that it was a false positive. It would be a bug or error?
Love information, more and more, I'm hungry :-).
sqlmap.py -u "https://website/action/link?id=value" --fingerprint --threads=10 --technique=B
sqlmap/1.0-dev-42a8234 - automatic SQL injection and database takeover tool http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 20:42:06
[20:42:06] [INFO] testing connection to the target URL[20:42:06] [INFO] heuristics detected web page charset 'ascii'[20:42:06] [INFO] testing if the target URL is stable. This can take a coulpe of seconds[20:42:08] [INFO] testing if GET parameter 'id' is dynamic[20:42:08] [WARNING] GET parameter 'id' does not appear dynamic[20:42:09] [WARNING] heuristic <basic> test shows that GET parameter 'id' might not be injectable[20:42:09] [INFO] testing for SQL injection on GET parameter 'id'[20:42:09] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'[20:42:14] [INFO] GET parameter 'id' seems to be 'AND boolean-based blind - WHERE or HAVING clause' injectable <with --string="0.0001">[20:42:18] [INFO] heuristic <extended> test shows that the back-end DBMS could be 'Firebird'do you want to include all tests for 'Firebird' extending provided level <1> and risk <1>? [Y/n] y[20:42:26] [INFO] checking if the injection point on GET parameter 'id' is a false positive[20:42:27] [WARNING] false positive or unexploitable injection point detected[20:42:27] [WARNING] there is a possibility that the character '>' is filtered by the back-end server. You can try to rerun with '--tamper=between'[20:42:27] [WARNING] GET parameter 'id' is not injectable[20:42:27] [CRITICAL] all teste parameters appear to be not injectable. Try to increase '--level'/'--risk' values to perform more tests. Rerun without providing the option '--technique'. Also, you can try to rerun by providing a valid value for option '--string' as perhaps the string you have choosen does not match exclusively True responses
[*] shutting down at 20:42:27 |
