Форум АНТИЧАТ

Форум АНТИЧАТ (https://forum.antichat.xyz/index.php)
-   Песочница (https://forum.antichat.xyz/forumdisplay.php?f=189)
-   -   havij (https://forum.antichat.xyz/showthread.php?t=443122)

p8araDISE5 13.10.2016 16:23
При сканировании сайтов выдает непонятные символы,может это шифр папок или еще что..

Помогите пожалуйста новичку,может это и глупый вопрос,но сильно бейте

http://itmages.ru/image/view/5020832/78db2088

Sergey_AKs 17.10.2016 01:16
Точно такая же ситуация, надеюсь кто то подскажет решение для слива базы.

Zen1T21 17.10.2016 01:19
Юзайте лучше sqlmap

Sergey_AKs 17.10.2016 02:20
вот что я получил, подскажите что это и что делать?)

[01:09:43] [INFO] testing connection to the target URL

[01:09:43] [INFO] testing if the target URL is stable

[01:09:44] [WARNING] target URL is not stable. sqlmap will base the page comparison on a sequence matcher. If no dynamic nor injectable parameters are detected, or in case of junk results, refer to user's manual paragraph 'Page comparison' and provide a string or regular expression to match on

how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] c

[01:09:48] [INFO] testing if GET parameter 'adv' is dynamic

[01:09:48] [INFO] confirming that GET parameter 'adv' is dynamic

[01:09:48] [INFO] GET parameter 'adv' is dynamic

[01:09:48] [WARNING] heuristic (basic) test shows that GET parameter 'adv' might not be injectable

[01:09:49] [INFO] testing for SQL injection on GET parameter 'adv'

[01:09:49] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'

[01:09:52] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Parameter replace'

[01:09:52] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause'

[01:09:53] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'

[01:10:03] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'

[01:10:13] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'

[01:10:13] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace'

[01:10:13] [INFO] testing 'MySQL inline queries'

[01:10:13] [INFO] testing 'PostgreSQL inline queries'

[01:10:14] [INFO] testing 'Microsoft SQL Server/Sybase inline queries'

[01:10:14] [INFO] testing 'MySQL > 5.0.11 stacked queries (SELECT - comment)'

[01:10:14] [CRITICAL] considerable lagging has been detected in connection response(s). Please use as high value for option '--time-sec' as possible (e.g. 10 or more)

[01:10:17] [INFO] testing 'PostgreSQL > 8.1 stacked queries (comment)'

[01:10:21] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (comment)'

[01:10:31] [INFO] testing 'Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE - comment)'

[01:10:35] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SELECT)'

[01:10:36] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'

[01:10:39] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'

[01:10:43] [INFO] testing 'Oracle AND time-based blind'

[01:10:44] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'

[01:10:44] [WARNING] using unescaped version of the test because of zero knowledge of the back-end DBMS. You can try to explicitly set it using option '--dbms'

[01:11:33] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'

[01:12:03] [WARNING] GET parameter 'adv' is not injectable

[01:12:03] [CRITICAL] all tested parameters appear to be not injectable. Try to increase '--level'/'--risk' values to perform more tests. Also, you can try to rerun by providing either a valid value for option '--string' (or '--regexp') If you suspect that there is some kind of protection mechanism involved (e.g. WAF) maybe you could retry with an option '--tamper' (e.g. '--tamper=space2comment')

C:\sqlmap>

BigBear 17.10.2016 04:45
Цитата:
Сообщение от Sergey_AKs
Sergey_AKs said:

all tested parameters appear to be not injectable.
Либо нет инъекции, либо повысь --level=3 --risk=3

brown 20.10.2016 19:35
Могу помочь если хочешь.Линк в ЛС


Время: 12:30