Re: [sqlmap-users] Reporting: Unknown web page charset
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Reporting: Unknown web page charset
|
From: Miroslav S. <mir...@gm...> - 2015-05-25 14:02:14
|
Hi Daniel. Thank you for your report. This should be "patched" long time ago. Please update to the latest revision from our GitHub repository to have it up to date (https://github.com/sqlmapproject/sqlmap/). Kind regards, Miroslav Stampar On Sat, May 23, 2015 at 9:34 PM, Daniel Devereux < dan...@gm...> wrote: > *Reporting* > [20:21:53] [WARNING] unknown web page charset 'gbk2312'. Please report by > e-mail to sql...@li.... > > *Command* > sqlmap -g inurl:"showpro.asp?id=" --random-agent --batch --passwords > > *Terminal Readout* > GET http://www.sh-sinap.com/en/Showpro.asp?id=6 > do you want to test this URL? [Y/n/q] > > Y > [20:21:30] [INFO] testing URL 'http://www.sh-sinap.com/en/Showpro.asp?id=6 > ' > [20:21:40] [INFO] testing connection to the target URL > [20:21:46] [INFO] testing if the target URL is stable. This can take a > couple of seconds > [20:21:50] [INFO] target URL is stable > [20:21:50] [INFO] testing if GET parameter 'id' is dynamic > [20:21:51] [WARNING] GET parameter 'id' does not appear dynamic > [20:21:52] [WARNING] heuristic (basic) test shows that GET parameter 'id' > might not be injectable > [20:21:52] [INFO] testing for SQL injection on GET parameter 'id' > [20:21:52] [INFO] testing 'AND boolean-based blind - WHERE or HAVING > clause' > *[20:21:53] [WARNING] unknown web page charset 'gbk2312'. Please report by > e-mail to sql...@li... > <sql...@li...>.* > [20:21:53] [INFO] heuristics detected web page charset 'GB2312' > [20:22:08] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING > clause' > [20:22:20] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING > clause' > [20:22:28] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - > WHERE or HAVING clause' > [20:22:39] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause > (XMLType)' > [20:22:46] [INFO] testing 'MySQL inline queries' > [20:22:47] [INFO] testing 'PostgreSQL inline queries' > [20:22:51] [INFO] testing 'Microsoft SQL Server/Sybase inline queries' > [20:22:53] [INFO] testing 'Oracle inline queries' > [20:22:55] [INFO] testing 'SQLite inline queries' > [20:22:56] [INFO] testing 'MySQL > 5.0.11 stacked queries' > [20:22:56] [CRITICAL] there is considerable lagging in connection > response(s). Please use as high value for option '--time-sec' as possible > (e.g. 10 or more) > [20:23:07] [INFO] testing 'PostgreSQL > 8.1 stacked queries' > [20:23:16] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries' > [20:23:25] [INFO] testing 'MySQL > 5.0.11 AND time-based blind' > [20:23:32] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' > sqlmap got a 302 redirect to 'http://www.sh-sinap.com:80/en/Showpro.asp'. > Do you want to follow? [Y/n] Y > [20:23:39] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind' > [20:23:47] [INFO] testing 'Oracle AND time-based blind' > [20:24:00] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns' > [20:25:38] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' > [20:25:38] [WARNING] using unescaped version of the test because of zero > knowledge of the back-end DBMS. You can try to explicitly set it using > option '--dbms' > [20:27:14] [CRITICAL] connection timed out to the target URL or proxy. > sqlmap is going to retry the request > [20:27:45] [CRITICAL] connection timed out to the target URL or proxy. > sqlmap is going to retry the request > [20:28:16] [CRITICAL] connection timed out to the target URL or proxy. > sqlmap is going to retry the request > [20:28:47] [CRITICAL] connection timed out to the target URL or proxy > [20:29:10] [WARNING] user aborted during detection phase > how do you want to proceed? [(S)kip current test/(e)nd detection > phase/(n)ext parameter/(c)hange verbosity/(q)uit] n > [20:29:22] [WARNING] GET parameter 'id' is not injectable > [20:29:22] [ERROR] all tested parameters appear to be not injectable. Try > to increase '--level'/'--risk' values to perform more tests. Also, you can > try to rerun by providing either a valid value for option '--string' (or > '--regexp'), skipping to the next URL > [20:29:22] [WARNING] HTTP error codes detected during run: > 500 (Internal Server Error) - 15 times > > Regards > Dan > > > ------------------------------------------------------------------------------ > One dashboard for servers and applications across Physical-Virtual-Cloud > Widest out-of-the-box monitoring support with 50+ applications > Performance metrics, stats and reports that give you Actionable Insights > Deep dive visibility with transaction tracing using APM Insight. > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
