search

sqlmapproject / sqlmap

Automatic SQL injection and database takeover tool
http://sqlmap.org
Other
32.51k stars 5.71k forks source link

SQLmap not detecting sql injection #4433

Closed Mr-x2020 closed 3 years ago

Mr-x2020 commented 3 years ago

I scanned a web application using Acunetix Vulnerability Scanner and found several Boolean based sql injection vulnerabilities in my application and it gaves me the name of one of the databases.

SQL

But when I want to use Sqlmap to extract all the databases, I used all levels of '--level'/'--risk' options and it doesn't give me anything

`C:\Users\Home\Desktop\OrganiZen\All-in-One 03-10-2020\sqlmap-master>python sqlmap.py -r "C:\Users\Home\Desktop\OrganiZen\All-in-One 03-10-2020\request.txt" -p tf --time-sec=20 --dbms=mysql --dbs --level=5 

   __H__

["]__ _ {1.4.11.8#dev} | -| . [(] | .'| . | || [,]|||_,| | ||V... || http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 13:35:53 /2020-11-20/

[13:35:53] [INFO] parsing HTTP request from 'C:\Users\Home\Desktop\OrganiZen\All-in-One 03-10-2020\request.txt' [13:35:54] [INFO] testing connection to the target URL got a 302 redirect to 'http://url/login.php?tf=licence&stat=error'. Do you want to follow? [Y/n] n [13:35:56] [INFO] testing if the target URL content is stable [13:35:57] [WARNING] heuristic (basic) test shows that GET parameter 'tf' might not be injectable [13:35:57] [INFO] heuristic (XSS) test shows that GET parameter 'tf' might be vulnerable to cross-site scripting (XSS) attacks [13:35:57] [INFO] testing for SQL injection on GET parameter 'tf' [13:35:57] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [13:35:57] [WARNING] reflective value(s) found and filtering out [13:36:29] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (subquery - comment)' [13:36:47] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (comment)' [13:36:59] [INFO] testing 'Boolean-based blind - Parameter replace (original value)' [13:37:00] [INFO] testing 'Boolean-based blind - Parameter replace (DUAL)' [13:37:00] [INFO] testing 'Boolean-based blind - Parameter replace (DUAL - original value)' [13:37:01] [INFO] testing 'Boolean-based blind - Parameter replace (CASE)' [13:37:01] [INFO] testing 'Boolean-based blind - Parameter replace (CASE - original value)' [13:37:02] [INFO] testing 'HAVING boolean-based blind - WHERE, GROUP BY clause' [13:37:22] [INFO] testing 'Generic inline queries' [13:37:22] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (MySQL comment)' [13:37:30] [INFO] testing 'MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause' [13:37:46] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)' [13:38:01] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT)' [13:38:17] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (boolint)' [13:38:38] [INFO] testing 'MySQL boolean-based blind - Parameter replace (MAKE_SET)' [13:38:38] [INFO] testing 'MySQL boolean-based blind - Parameter replace (MAKE_SET - original value)' [13:38:38] [INFO] testing 'MySQL boolean-based blind - Parameter replace (ELT)' [13:38:39] [INFO] testing 'MySQL boolean-based blind - Parameter replace (ELT - original value)' [13:38:39] [INFO] testing 'MySQL boolean-based blind - Parameter replace (boolint)' [13:38:40] [INFO] testing 'MySQL boolean-based blind - Parameter replace (bool*int - original value)' [13:38:41] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause' [13:38:41] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)' [13:38:42] [INFO] testing 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause' [13:38:42] [INFO] testing 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)' [13:38:42] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Stacked queries' [13:38:53] [INFO] testing 'MySQL < 5.0 boolean-based blind - Stacked queries' [13:38:53] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)' [13:39:11] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXP)' [13:39:21] [INFO] testing 'MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)' [13:39:30] [INFO] testing 'MySQL >= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)' [13:39:41] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)' [13:39:52] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)' [13:40:21] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)' [13:40:31] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)' [13:40:41] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)' [13:40:51] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (BIGINT UNSIGNED)' [13:40:51] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (EXP)' [13:40:51] [INFO] testing 'MySQL >= 5.6 error-based - Parameter replace (GTID_SUBSET)' [13:40:52] [INFO] testing 'MySQL >= 5.7.8 error-based - Parameter replace (JSON_KEYS)' [13:40:52] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)' [13:40:54] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)' [13:40:54] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)' [13:40:54] [INFO] testing 'MySQL >= 5.5 error-based - ORDER BY, GROUP BY clause (BIGINT UNSIGNED)' [13:40:54] [INFO] testing 'MySQL >= 5.5 error-based - ORDER BY, GROUP BY clause (EXP)' [13:40:54] [INFO] testing 'MySQL >= 5.6 error-based - ORDER BY, GROUP BY clause (GTID_SUBSET)' [13:40:55] [INFO] testing 'MySQL >= 5.7.8 error-based - ORDER BY, GROUP BY clause (JSON_KEYS)' [13:40:55] [INFO] testing 'MySQL >= 5.0 error-based - ORDER BY, GROUP BY clause (FLOOR)' [13:40:55] [INFO] testing 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (EXTRACTVALUE)' [13:40:55] [INFO] testing 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (UPDATEXML)' [13:40:56] [INFO] testing 'MySQL >= 4.1 error-based - ORDER BY, GROUP BY clause (FLOOR)' [13:40:56] [INFO] testing 'MySQL inline queries' [13:40:56] [INFO] testing 'MySQL >= 5.0.12 stacked queries (comment)' [13:41:02] [INFO] testing 'MySQL >= 5.0.12 stacked queries' [13:41:09] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP - comment)' [13:41:16] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP)' [13:41:27] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query - comment)' [13:41:31] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query)' [13:41:40] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)' [13:41:53] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP)' [13:42:02] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP - comment)' [13:42:10] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP - comment)' [13:42:15] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (heavy query)' [13:42:26] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (heavy query - comment)' [13:42:35] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind' [13:42:44] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (comment)' [13:42:50] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP)' [13:42:59] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP - comment)' [13:43:09] [INFO] testing 'MySQL AND time-based blind (ELT)' [13:43:20] [INFO] testing 'MySQL AND time-based blind (ELT - comment)' [13:43:26] [INFO] testing 'MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE)' [13:43:34] [INFO] testing 'MySQL >= 5.1 time-based blind (heavy query - comment) - PROCEDURE ANALYSE (EXTRACTVALUE)' [13:43:39] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace' [13:43:39] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace (substraction)' [13:43:39] [INFO] testing 'MySQL < 5.0.12 time-based blind - Parameter replace (heavy queries)' [13:43:39] [INFO] testing 'MySQL time-based blind - Parameter replace (bool)' [13:43:39] [INFO] testing 'MySQL time-based blind - Parameter replace (ELT)' [13:43:39] [INFO] testing 'MySQL time-based blind - Parameter replace (MAKE_SET)' [13:43:40] [INFO] testing 'MySQL >= 5.0.12 time-based blind - ORDER BY, GROUP BY clause' [13:43:40] [INFO] testing 'MySQL < 5.0.12 time-based blind - ORDER BY, GROUP BY clause (heavy query)' it is recommended to perform only basic UNION tests if there is not at least one other (potential) technique found. Do you want to reduce the number of requests? [Y/n] n [13:46:23] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' [13:49:37] [INFO] testing 'Generic UNION query (random number) - 1 to 10 columns' [13:52:06] [INFO] testing 'Generic UNION query (NULL) - 11 to 20 columns' [13:53:40] [INFO] testing 'Generic UNION query (random number) - 11 to 20 columns' [13:54:46] [INFO] testing 'Generic UNION query (NULL) - 21 to 30 columns' [13:55:53] [INFO] testing 'Generic UNION query (random number) - 21 to 30 columns' [13:57:00] [INFO] testing 'Generic UNION query (NULL) - 31 to 40 columns' [13:58:01] [INFO] testing 'Generic UNION query (random number) - 31 to 40 columns' [13:59:09] [INFO] testing 'Generic UNION query (NULL) - 41 to 50 columns' [14:00:13] [INFO] testing 'Generic UNION query (random number) - 41 to 50 columns' [14:01:29] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns' [14:03:01] [INFO] testing 'MySQL UNION query (random number) - 1 to 10 columns' [14:04:38] [INFO] testing 'MySQL UNION query (NULL) - 11 to 20 columns' [14:06:02] [INFO] testing 'MySQL UNION query (random number) - 11 to 20 columns' [14:07:16] [INFO] testing 'MySQL UNION query (NULL) - 21 to 30 columns' [14:08:27] [INFO] testing 'MySQL UNION query (random number) - 21 to 30 columns' [14:09:33] [INFO] testing 'MySQL UNION query (NULL) - 31 to 40 columns' [14:10:59] [INFO] testing 'MySQL UNION query (random number) - 31 to 40 columns' [14:12:05] [INFO] testing 'MySQL UNION query (NULL) - 41 to 50 columns' [14:13:19] [INFO] testing 'MySQL UNION query (random number) - 41 to 50 columns' [14:14:30] [WARNING] GET parameter 'tf' does not seem to be injectable [14:14:30] [CRITICAL] all tested parameters do not appear to be injectable. Try to increase values for '--level'/'--risk' options if you wish to perform more tests. If you suspect that there is some kind of protection mechanism involved (e.g. WAF) maybe you could try to use option '--tamper' (e.g. '--tamper=space2comment') and/or switch '--random-agent'

[*] ending @ 14:14:30 /2020-11-20/`

hastalamuerte commented 3 years ago

try maybe to set original value in -r txt , and check the waf (tamper) , also try agree with redirect , and check you connection (vpn etc).

stamparm commented 3 years ago

Please inspect manually what's going on before raising this kind of "issues"