Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

? #5851

Closed
vrxvrx opened this issue Feb 3, 2025 · 1 comment
Closed

? #5851

vrxvrx opened this issue Feb 3, 2025 · 1 comment
Labels
bug report

Comments

@vrxvrx
Copy link

vrxvrx commented Feb 3, 2025

[13:00:00] [INFO] testing 'MySQL < 5.0.12 OR time-based blind (BENCHMARK)'
[13:00:00] [INFO] testing 'MySQL > 5.0.12 OR time-based blind (heavy query)'
[13:00:01] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (BENCHMARK - comment)'
[13:00:01] [INFO] testing 'MySQL > 5.0.12 AND time-based blind (heavy query - comment)'
[13:00:01] [INFO] testing 'MySQL < 5.0.12 OR time-based blind (BENCHMARK - comment)'
[13:00:01] [INFO] testing 'MySQL > 5.0.12 OR time-based blind (heavy query - comment)'
[13:00:02] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind'
[13:00:02] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (comment)'
[13:00:02] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP)'
[13:00:02] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP - comment)'
[13:00:03] [INFO] testing 'MySQL AND time-based blind (ELT)'
[13:00:03] [INFO] testing 'MySQL OR time-based blind (ELT)'
[13:00:03] [INFO] testing 'MySQL AND time-based blind (ELT - comment)'
[13:00:03] [INFO] testing 'MySQL OR time-based blind (ELT - comment)'
[13:00:04] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[13:00:04] [INFO] testing 'PostgreSQL > 8.1 OR time-based blind'
[13:00:04] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind (comment)'
[13:00:04] [INFO] testing 'PostgreSQL > 8.1 OR time-based blind (comment)'
[13:00:05] [INFO] testing 'PostgreSQL AND time-based blind (heavy query)'
[13:00:05] [INFO] testing 'PostgreSQL OR time-based blind (heavy query)'
[13:00:05] [INFO] testing 'PostgreSQL AND time-based blind (heavy query - comment)'
[13:00:06] [INFO] testing 'PostgreSQL OR time-based blind (heavy query - comment)'
[13:00:06] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind (IF)'
[13:00:06] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind (IF - comment)'
[13:00:06] [INFO] testing 'Microsoft SQL Server/Sybase AND time-based blind (heavy query)'
[13:00:07] [INFO] testing 'Microsoft SQL Server/Sybase OR time-based blind (heavy query)'
[13:00:07] [INFO] testing 'Microsoft SQL Server/Sybase AND time-based blind (heavy query - comment)'
[13:00:07] [INFO] testing 'Microsoft SQL Server/Sybase OR time-based blind (heavy query - comment)'
[13:00:07] [INFO] testing 'Oracle AND time-based blind'
[13:00:08] [INFO] testing 'Oracle OR time-based blind'
[13:00:08] [INFO] testing 'Oracle AND time-based blind (comment)'
[13:00:08] [INFO] testing 'Oracle OR time-based blind (comment)'
[13:00:08] [INFO] testing 'Oracle AND time-based blind (heavy query)'
[13:00:09] [INFO] testing 'Oracle OR time-based blind (heavy query)'
[13:00:09] [INFO] testing 'Oracle AND time-based blind (heavy query - comment)'
[13:00:09] [INFO] testing 'Oracle OR time-based blind (heavy query - comment)'
[13:00:09] [INFO] testing 'IBM DB2 AND time-based blind (heavy query)'
[13:00:10] [INFO] testing 'IBM DB2 OR time-based blind (heavy query)'
[13:00:10] [INFO] testing 'IBM DB2 AND time-based blind (heavy query - comment)'
[13:00:10] [INFO] testing 'IBM DB2 OR time-based blind (heavy query - comment)'
[13:00:10] [INFO] testing 'SQLite > 2.0 AND time-based blind (heavy query)'
[13:00:11] [INFO] testing 'SQLite > 2.0 OR time-based blind (heavy query)'
[13:00:11] [INFO] testing 'SQLite > 2.0 AND time-based blind (heavy query - comment)'
[13:00:11] [INFO] testing 'SQLite > 2.0 OR time-based blind (heavy query - comment)'
[13:00:12] [INFO] testing 'Firebird >= 2.0 AND time-based blind (heavy query)'
[13:00:12] [INFO] testing 'Firebird >= 2.0 OR time-based blind (heavy query)'
[13:00:12] [INFO] testing 'Firebird >= 2.0 AND time-based blind (heavy query - comment)'
[13:00:12] [INFO] testing 'Firebird >= 2.0 OR time-based blind (heavy query - comment)'
[13:00:13] [INFO] testing 'SAP MaxDB AND time-based blind (heavy query)'
[13:00:13] [INFO] testing 'SAP MaxDB OR time-based blind (heavy query)'
[13:00:13] [INFO] testing 'SAP MaxDB AND time-based blind (heavy query - comment)'
[13:00:13] [INFO] testing 'SAP MaxDB OR time-based blind (heavy query - comment)'
[13:00:14] [INFO] testing 'HSQLDB >= 1.7.2 AND time-based blind (heavy query)'
[13:00:14] [INFO] testing 'HSQLDB >= 1.7.2 OR time-based blind (heavy query)'
[13:00:14] [INFO] testing 'HSQLDB >= 1.7.2 AND time-based blind (heavy query - comment)'
[13:00:14] [INFO] testing 'HSQLDB >= 1.7.2 OR time-based blind (heavy query - comment)'
[13:00:15] [INFO] testing 'HSQLDB > 2.0 AND time-based blind (heavy query)'
[13:00:15] [INFO] testing 'HSQLDB > 2.0 OR time-based blind (heavy query)'
[13:00:15] [INFO] testing 'HSQLDB > 2.0 AND time-based blind (heavy query - comment)'
[13:00:15] [INFO] testing 'HSQLDB > 2.0 OR time-based blind (heavy query - comment)'
[13:00:16] [INFO] testing 'Informix AND time-based blind (heavy query)'
[13:00:16] [INFO] testing 'Informix OR time-based blind (heavy query)'
[13:00:16] [INFO] testing 'Informix AND time-based blind (heavy query - comment)'
[13:00:16] [INFO] testing 'Informix OR time-based blind (heavy query - comment)'
[13:00:17] [INFO] testing 'ClickHouse AND time-based blind (heavy query)'
[13:00:17] [INFO] testing 'ClickHouse OR time-based blind (heavy query)'
[13:00:17] [INFO] testing 'MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE)'
[13:00:18] [INFO] testing 'MySQL >= 5.1 time-based blind (heavy query - comment) - PROCEDURE ANALYSE (EXTRACTVALUE)'
[13:00:18] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace'
[13:00:18] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace (substraction)'
[13:00:18] [INFO] testing 'MySQL < 5.0.12 time-based blind - Parameter replace (BENCHMARK)'
[13:00:18] [INFO] testing 'MySQL > 5.0.12 time-based blind - Parameter replace (heavy query - comment)'
[13:00:18] [INFO] testing 'MySQL time-based blind - Parameter replace (bool)'
[13:00:18] [INFO] testing 'MySQL time-based blind - Parameter replace (ELT)'
[13:00:18] [INFO] testing 'MySQL time-based blind - Parameter replace (MAKE_SET)'
[13:00:18] [INFO] testing 'PostgreSQL > 8.1 time-based blind - Parameter replace'
[13:00:18] [INFO] testing 'PostgreSQL time-based blind - Parameter replace (heavy query)'
[13:00:18] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind - Parameter replace (heavy queries)'
[13:00:18] [INFO] testing 'Oracle time-based blind - Parameter replace (DBMS_LOCK.SLEEP)'
[13:00:18] [INFO] testing 'Oracle time-based blind - Parameter replace (DBMS_PIPE.RECEIVE_MESSAGE)'
[13:00:18] [INFO] testing 'Oracle time-based blind - Parameter replace (heavy queries)'
[13:00:18] [INFO] testing 'SQLite > 2.0 time-based blind - Parameter replace (heavy query)'
[13:00:18] [INFO] testing 'Firebird time-based blind - Parameter replace (heavy query)'
[13:00:18] [INFO] testing 'SAP MaxDB time-based blind - Parameter replace (heavy query)'
[13:00:18] [INFO] testing 'IBM DB2 time-based blind - Parameter replace (heavy query)'
[13:00:18] [INFO] testing 'HSQLDB >= 1.7.2 time-based blind - Parameter replace (heavy query)'
[13:00:18] [INFO] testing 'HSQLDB > 2.0 time-based blind - Parameter replace (heavy query)'
[13:00:18] [INFO] testing 'Informix time-based blind - Parameter replace (heavy query)'
[13:00:18] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
[13:00:24] [INFO] testing 'Generic UNION query (random number) - 1 to 20 columns'
[13:00:32] [INFO] testing 'Generic UNION query (NULL) - 21 to 40 columns'
[13:00:39] [INFO] testing 'Generic UNION query (random number) - 21 to 40 columns'
[13:00:46] [INFO] testing 'Generic UNION query (NULL) - 41 to 60 columns'
[13:00:52] [INFO] testing 'Generic UNION query (random number) - 41 to 60 columns'
[13:01:00] [INFO] testing 'Generic UNION query (NULL) - 61 to 80 columns'
[13:01:06] [INFO] testing 'Generic UNION query (random number) - 61 to 80 columns'
[13:01:14] [INFO] testing 'Generic UNION query (NULL) - 81 to 100 columns'
[13:01:21] [INFO] testing 'Generic UNION query (random number) - 81 to 100 columns'
[13:01:29] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'
[13:01:35] [INFO] testing 'MySQL UNION query (random number) - 1 to 20 columns'
[13:01:43] [INFO] testing 'MySQL UNION query (NULL) - 21 to 40 columns'
[13:01:49] [INFO] testing 'MySQL UNION query (random number) - 21 to 40 columns'
[13:01:56] [INFO] testing 'MySQL UNION query (NULL) - 41 to 60 columns'
[13:02:02] [INFO] testing 'MySQL UNION query (random number) - 41 to 60 columns'
[13:02:09] [INFO] testing 'MySQL UNION query (NULL) - 61 to 80 columns'
[13:02:16] [INFO] testing 'MySQL UNION query (random number) - 61 to 80 columns'
[13:02:23] [INFO] testing 'MySQL UNION query (NULL) - 81 to 100 columns'
[13:02:30] [INFO] testing 'MySQL UNION query (random number) - 81 to 100 columns'
[13:02:37] [INFO] checking if the injection point on GET parameter 'filter_category' is a false positive
[13:02:38] [WARNING] false positive or unexploitable injection point detected
[13:02:38] [WARNING] GET parameter 'filter_category' does not seem to be injectable
[13:02:38] [INFO] testing if parameter 'User-Agent' is dynamic
[13:02:38] [WARNING] parameter 'User-Agent' does not appear to be dynamic
[13:02:38] [WARNING] heuristic (basic) test shows that parameter 'User-Agent' might not be injectable
[13:02:39] [INFO] testing for SQL injection on parameter 'User-Agent'
[13:02:39] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[13:02:43] [INFO] parameter 'User-Agent' appears to be 'AND boolean-based blind - WHERE or HAVING clause' injectable
[13:02:43] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)'
[13:02:43] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (BIGINT UNSIGNED)'
[13:02:43] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXP)'
[13:02:44] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (EXP)'
[13:02:44] [INFO] testing 'MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)'
[13:02:44] [INFO] testing 'MySQL >= 5.6 OR error-based - WHERE or HAVING clause (GTID_SUBSET)'
[13:02:44] [INFO] testing 'MySQL >= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)'
[13:02:45] [INFO] testing 'MySQL >= 5.7.8 OR error-based - WHERE or HAVING clause (JSON_KEYS)'
[13:02:45] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[13:02:45] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[13:02:45] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[13:02:46] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[13:02:46] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[13:02:46] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[13:02:46] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[13:02:47] [INFO] testing 'MySQL >= 4.1 OR error-based - WHERE or HAVING clause (FLOOR)'
[13:02:47] [INFO] testing 'MySQL OR error-based - WHERE or HAVING clause (FLOOR)'
[13:02:47] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[13:02:48] [INFO] testing 'PostgreSQL OR error-based - WHERE or HAVING clause'
[13:02:48] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN)'
[13:02:48] [INFO] testing 'Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (IN)'
[13:02:49] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (CONVERT)'
[13:02:49] [INFO] testing 'Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (CONVERT)'
[13:02:49] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (CONCAT)'
[13:02:49] [INFO] testing 'Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (CONCAT)'
[13:02:50] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[13:02:50] [INFO] testing 'Oracle OR error-based - WHERE or HAVING clause (XMLType)'
[13:02:50] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS)'
[13:02:50] [INFO] testing 'Oracle OR error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS)'
[13:02:51] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)'
[13:02:51] [INFO] testing 'Oracle OR error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)'
[13:02:51] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (DBMS_UTILITY.SQLID_TO_SQLHASH)'
[13:02:51] [INFO] testing 'Oracle OR error-based - WHERE or HAVING clause (DBMS_UTILITY.SQLID_TO_SQLHASH)'
[13:02:52] [INFO] testing 'Firebird AND error-based - WHERE or HAVING clause'
[13:02:52] [INFO] testing 'Firebird OR error-based - WHERE or HAVING clause'
[13:02:52] [INFO] testing 'MonetDB AND error-based - WHERE or HAVING clause'
[13:02:52] [INFO] testing 'MonetDB OR error-based - WHERE or HAVING clause'
[13:02:53] [INFO] testing 'Vertica AND error-based - WHERE or HAVING clause'
[13:02:53] [INFO] testing 'Vertica OR error-based - WHERE or HAVING clause'
[13:02:53] [INFO] testing 'IBM DB2 AND error-based - WHERE or HAVING clause'
[13:02:53] [INFO] testing 'IBM DB2 OR error-based - WHERE or HAVING clause'
[13:02:54] [INFO] testing 'ClickHouse AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause'
[13:02:54] [INFO] testing 'ClickHouse OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause'
[13:02:54] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)'
[13:02:54] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (BIGINT UNSIGNED)'
[13:02:54] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (EXP)'
[13:02:54] [INFO] testing 'MySQL >= 5.6 error-based - Parameter replace (GTID_SUBSET)'
[13:02:54] [INFO] testing 'MySQL >= 5.7.8 error-based - Parameter replace (JSON_KEYS)'
[13:02:54] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'
[13:02:54] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)'
[13:02:54] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)'
[13:02:54] [INFO] testing 'PostgreSQL error-based - Parameter replace'
[13:02:54] [INFO] testing 'PostgreSQL error-based - Parameter replace (GENERATE_SERIES)'
[13:02:54] [INFO] testing 'Microsoft SQL Server/Sybase error-based - Parameter replace'
[13:02:54] [INFO] testing 'Microsoft SQL Server/Sybase error-based - Parameter replace (integer column)'
[13:02:54] [INFO] testing 'Oracle error-based - Parameter replace'
[13:02:54] [INFO] testing 'Firebird error-based - Parameter replace'
[13:02:54] [INFO] testing 'IBM DB2 error-based - Parameter replace'
[13:02:54] [INFO] testing 'Microsoft SQL Server/Sybase error-based - Stacking (EXEC)'
[13:02:55] [INFO] testing 'Generic inline queries'
[13:02:55] [INFO] testing 'MySQL inline queries'
[13:02:55] [INFO] testing 'PostgreSQL inline queries'
[13:02:55] [INFO] testing 'Microsoft SQL Server/Sybase inline queries'
[13:02:56] [INFO] testing 'Oracle inline queries'
[13:02:56] [INFO] testing 'SQLite inline queries'
[13:02:56] [INFO] testing 'Firebird inline queries'
[13:02:56] [INFO] testing 'ClickHouse inline queries'
[13:02:57] [INFO] testing 'MySQL >= 5.0.12 stacked queries (comment)'
[13:02:57] [INFO] testing 'MySQL >= 5.0.12 stacked queries'
[13:02:57] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP - comment)'
[13:02:57] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP)'
[13:02:58] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK - comment)'
[13:02:58] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK)'
[13:02:58] [INFO] testing 'PostgreSQL > 8.1 stacked queries (comment)'
[13:02:58] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
[13:02:58] [INFO] testing 'PostgreSQL stacked queries (heavy query - comment)'
[13:02:59] [INFO] testing 'PostgreSQL stacked queries (heavy query)'
[13:02:59] [INFO] testing 'PostgreSQL < 8.2 stacked queries (Glibc - comment)'
[13:02:59] [INFO] testing 'PostgreSQL < 8.2 stacked queries (Glibc)'
[13:03:00] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (comment)'
[13:03:00] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (DECLARE - comment)'
[13:03:00] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
[13:03:00] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (DECLARE)'
[13:03:01] [INFO] testing 'Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE - comment)'
[13:03:01] [INFO] testing 'Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE)'
[13:03:01] [INFO] testing 'Oracle stacked queries (heavy query - comment)'
[13:03:01] [INFO] testing 'Oracle stacked queries (heavy query)'
[13:03:02] [INFO] testing 'Oracle stacked queries (DBMS_LOCK.SLEEP - comment)'
[13:03:02] [INFO] testing 'Oracle stacked queries (DBMS_LOCK.SLEEP)'
[13:03:02] [INFO] testing 'Oracle stacked queries (USER_LOCK.SLEEP - comment)'
[13:03:02] [INFO] testing 'Oracle stacked queries (USER_LOCK.SLEEP)'
[13:03:02] [INFO] testing 'IBM DB2 stacked queries (heavy query - comment)'
[13:03:02] [INFO] testing 'IBM DB2 stacked queries (heavy query)'
[13:03:02] [INFO] testing 'SQLite > 2.0 stacked queries (heavy query - comment)'
[13:03:03] [INFO] testing 'SQLite > 2.0 stacked queries (heavy query)'
[13:03:03] [INFO] testing 'Firebird stacked queries (heavy query - comment)'
[13:03:03] [INFO] testing 'Firebird stacked queries (heavy query)'
[13:03:03] [INFO] testing 'SAP MaxDB stacked queries (heavy query - comment)'
[13:03:04] [INFO] testing 'SAP MaxDB stacked queries (heavy query)'
[13:03:04] [INFO] testing 'HSQLDB >= 1.7.2 stacked queries (heavy query - comment)'
[13:03:04] [INFO] testing 'HSQLDB >= 1.7.2 stacked queries (heavy query)'
[13:03:04] [INFO] testing 'HSQLDB >= 2.0 stacked queries (heavy query - comment)'
[13:03:05] [INFO] testing 'HSQLDB >= 2.0 stacked queries (heavy query)'
[13:03:05] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[13:03:05] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (query SLEEP)'
[13:03:05] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP)'
[13:03:06] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (SLEEP)'
[13:03:06] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP - comment)'
[13:03:06] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (SLEEP - comment)'
[13:03:07] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP - comment)'
[13:03:07] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (query SLEEP - comment)'
[13:03:07] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (BENCHMARK)'
[13:03:07] [INFO] testing 'MySQL > 5.0.12 AND time-based blind (heavy query)'
[13:03:08] [INFO] testing 'MySQL < 5.0.12 OR time-based blind (BENCHMARK)'
[13:03:08] [INFO] testing 'MySQL > 5.0.12 OR time-based blind (heavy query)'
[13:03:08] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (BENCHMARK - comment)'
[13:03:08] [INFO] testing 'MySQL > 5.0.12 AND time-based blind (heavy query - comment)'
[13:03:09] [INFO] testing 'MySQL < 5.0.12 OR time-based blind (BENCHMARK - comment)'
[13:03:09] [INFO] testing 'MySQL > 5.0.12 OR time-based blind (heavy query - comment)'
[13:03:09] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind'
[13:03:09] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (comment)'
[13:03:10] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP)'
[13:03:10] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP - comment)'
[13:03:10] [INFO] testing 'MySQL AND time-based blind (ELT)'
[13:03:10] [INFO] testing 'MySQL OR time-based blind (ELT)'
[13:03:11] [INFO] testing 'MySQL AND time-based blind (ELT - comment)'
[13:03:11] [INFO] testing 'MySQL OR time-based blind (ELT - comment)'
[13:03:11] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[13:03:11] [INFO] testing 'PostgreSQL > 8.1 OR time-based blind'
[13:03:12] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind (comment)'
[13:03:12] [INFO] testing 'PostgreSQL > 8.1 OR time-based blind (comment)'
[13:03:12] [INFO] testing 'PostgreSQL AND time-based blind (heavy query)'
[13:03:12] [INFO] testing 'PostgreSQL OR time-based blind (heavy query)'
[13:03:13] [INFO] testing 'PostgreSQL AND time-based blind (heavy query - comment)'
[13:03:13] [INFO] testing 'PostgreSQL OR time-based blind (heavy query - comment)'
[13:03:13] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind (IF)'
[13:03:13] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind (IF - comment)'
[13:03:14] [INFO] testing 'Microsoft SQL Server/Sybase AND time-based blind (heavy query)'
[13:03:14] [INFO] testing 'Microsoft SQL Server/Sybase OR time-based blind (heavy query)'
[13:03:14] [INFO] testing 'Microsoft SQL Server/Sybase AND time-based blind (heavy query - comment)'
[13:03:14] [INFO] testing 'Microsoft SQL Server/Sybase OR time-based blind (heavy query - comment)'
[13:03:15] [INFO] testing 'Oracle AND time-based blind'
[13:03:15] [INFO] testing 'Oracle OR time-based blind'
[13:03:15] [INFO] testing 'Oracle AND time-based blind (comment)'
[13:03:15] [INFO] testing 'Oracle OR time-based blind (comment)'
[13:03:16] [INFO] testing 'Oracle AND time-based blind (heavy query)'
[13:03:16] [INFO] testing 'Oracle OR time-based blind (heavy query)'
[13:03:16] [INFO] testing 'Oracle AND time-based blind (heavy query - comment)'
[13:03:16] [INFO] testing 'Oracle OR time-based blind (heavy query - comment)'
[13:03:17] [INFO] testing 'IBM DB2 AND time-based blind (heavy query)'
[13:03:17] [INFO] testing 'IBM DB2 OR time-based blind (heavy query)'
[13:03:17] [INFO] testing 'IBM DB2 AND time-based blind (heavy query - comment)'
[13:03:17] [INFO] testing 'IBM DB2 OR time-based blind (heavy query - comment)'
[13:03:18] [INFO] testing 'SQLite > 2.0 AND time-based blind (heavy query)'
[13:03:18] [INFO] testing 'SQLite > 2.0 OR time-based blind (heavy query)'
[13:03:18] [INFO] testing 'SQLite > 2.0 AND time-based blind (heavy query - comment)'
[13:03:18] [INFO] testing 'SQLite > 2.0 OR time-based blind (heavy query - comment)'
[13:03:19] [INFO] testing 'Firebird >= 2.0 AND time-based blind (heavy query)'
[13:03:19] [INFO] testing 'Firebird >= 2.0 OR time-based blind (heavy query)'
[13:03:19] [INFO] testing 'Firebird >= 2.0 AND time-based blind (heavy query - comment)'
[13:03:19] [INFO] testing 'Firebird >= 2.0 OR time-based blind (heavy query - comment)'
[13:03:19] [INFO] testing 'SAP MaxDB AND time-based blind (heavy query)'
[13:03:20] [INFO] testing 'SAP MaxDB OR time-based blind (heavy query)'
[13:03:20] [INFO] testing 'SAP MaxDB AND time-based blind (heavy query - comment)'
[13:03:20] [INFO] testing 'SAP MaxDB OR time-based blind (heavy query - comment)'
[13:03:20] [INFO] testing 'HSQLDB >= 1.7.2 AND time-based blind (heavy query)'
[13:03:21] [INFO] testing 'HSQLDB >= 1.7.2 OR time-based blind (heavy query)'
[13:03:21] [INFO] testing 'HSQLDB >= 1.7.2 AND time-based blind (heavy query - comment)'
[13:03:21] [INFO] testing 'HSQLDB >= 1.7.2 OR time-based blind (heavy query - comment)'
[13:03:22] [INFO] testing 'HSQLDB > 2.0 AND time-based blind (heavy query)'
[13:03:22] [INFO] testing 'HSQLDB > 2.0 OR time-based blind (heavy query)'
[13:03:22] [INFO] testing 'HSQLDB > 2.0 AND time-based blind (heavy query - comment)'
[13:03:22] [INFO] testing 'HSQLDB > 2.0 OR time-based blind (heavy query - comment)'
[13:03:22] [INFO] testing 'Informix AND time-based blind (heavy query)'
[13:03:23] [INFO] testing 'Informix OR time-based blind (heavy query)'
[13:03:23] [INFO] testing 'Informix AND time-based blind (heavy query - comment)'
[13:03:23] [INFO] testing 'Informix OR time-based blind (heavy query - comment)'
[13:03:23] [INFO] testing 'ClickHouse AND time-based blind (heavy query)'
[13:03:24] [INFO] testing 'ClickHouse OR time-based blind (heavy query)'
[13:03:24] [INFO] testing 'MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE)'
[13:03:24] [INFO] testing 'MySQL >= 5.1 time-based blind (heavy query - comment) - PROCEDURE ANALYSE (EXTRACTVALUE)'
[13:03:24] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace'
[13:03:24] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace (substraction)'
[13:03:24] [INFO] testing 'MySQL < 5.0.12 time-based blind - Parameter replace (BENCHMARK)'
[13:03:24] [INFO] testing 'MySQL > 5.0.12 time-based blind - Parameter replace (heavy query - comment)'
[13:03:24] [INFO] testing 'MySQL time-based blind - Parameter replace (bool)'
[13:03:24] [INFO] testing 'MySQL time-based blind - Parameter replace (ELT)'
[13:03:24] [INFO] testing 'MySQL time-based blind - Parameter replace (MAKE_SET)'
[13:03:24] [INFO] testing 'PostgreSQL > 8.1 time-based blind - Parameter replace'
[13:03:24] [INFO] testing 'PostgreSQL time-based blind - Parameter replace (heavy query)'
[13:03:24] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind - Parameter replace (heavy queries)'
[13:03:24] [INFO] testing 'Oracle time-based blind - Parameter replace (DBMS_LOCK.SLEEP)'
[13:03:24] [INFO] testing 'Oracle time-based blind - Parameter replace (DBMS_PIPE.RECEIVE_MESSAGE)'
[13:03:24] [INFO] testing 'Oracle time-based blind - Parameter replace (heavy queries)'
[13:03:24] [INFO] testing 'SQLite > 2.0 time-based blind - Parameter replace (heavy query)'
[13:03:24] [INFO] testing 'Firebird time-based blind - Parameter replace (heavy query)'
[13:03:24] [INFO] testing 'SAP MaxDB time-based blind - Parameter replace (heavy query)'
[13:03:24] [INFO] testing 'IBM DB2 time-based blind - Parameter replace (heavy query)'
[13:03:24] [INFO] testing 'HSQLDB >= 1.7.2 time-based blind - Parameter replace (heavy query)'
[13:03:24] [INFO] testing 'HSQLDB > 2.0 time-based blind - Parameter replace (heavy query)'
[13:03:24] [INFO] testing 'Informix time-based blind - Parameter replace (heavy query)'
[13:03:24] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
[13:03:30] [INFO] testing 'Generic UNION query (random number) - 1 to 20 columns'
[13:03:35] [INFO] testing 'Generic UNION query (NULL) - 21 to 40 columns'
[13:03:41] [INFO] testing 'Generic UNION query (random number) - 21 to 40 columns'
[13:03:46] [INFO] testing 'Generic UNION query (NULL) - 41 to 60 columns'
[13:03:51] [INFO] testing 'Generic UNION query (random number) - 41 to 60 columns'
[13:03:57] [INFO] testing 'Generic UNION query (NULL) - 61 to 80 columns'
[13:04:02] [INFO] testing 'Generic UNION query (random number) - 61 to 80 columns'
[13:04:08] [INFO] target URL appears to be UNION injectable with 70 columns
[13:04:08] [WARNING] applying generic concatenation (CONCAT)
[13:05:20] [WARNING] if UNION based SQL injection is not detected, please consider and/or try to force the back-end DBMS (e.g. '--dbms=mysql')
[13:05:20] [INFO] testing 'Generic UNION query (NULL) - 81 to 100 columns'
[13:05:25] [INFO] testing 'Generic UNION query (random number) - 81 to 100 columns'
[13:07:05] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'
[13:07:10] [INFO] testing 'MySQL UNION query (random number) - 1 to 20 columns'
[13:07:15] [INFO] testing 'MySQL UNION query (NULL) - 21 to 40 columns'
[13:07:21] [INFO] testing 'MySQL UNION query (random number) - 21 to 40 columns'
[13:07:27] [INFO] testing 'MySQL UNION query (NULL) - 41 to 60 columns'
[13:07:32] [INFO] testing 'MySQL UNION query (random number) - 41 to 60 columns'
[13:07:38] [INFO] testing 'MySQL UNION query (NULL) - 61 to 80 columns'
[13:07:43] [INFO] testing 'MySQL UNION query (random number) - 61 to 80 columns'
[13:07:49] [INFO] testing 'MySQL UNION query (NULL) - 81 to 100 columns'
[13:07:54] [INFO] testing 'MySQL UNION query (random number) - 81 to 100 columns'
[13:08:00] [INFO] checking if the injection point on User-Agent parameter 'User-Agent' is a false positive
[13:08:00] [WARNING] false positive or unexploitable injection point detected
[13:08:00] [WARNING] parameter 'User-Agent' does not seem to be injectable
[13:08:00] [INFO] testing if parameter 'Referer' is dynamic
[13:08:00] [WARNING] parameter 'Referer' does not appear to be dynamic
[13:08:01] [WARNING] heuristic (basic) test shows that parameter 'Referer' might not be injectable
[13:08:01] [INFO] testing for SQL injection on parameter 'Referer'
[13:08:01] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[13:08:02] [INFO] parameter 'Referer' appears to be 'AND boolean-based blind - WHERE or HAVING clause' injectable

i tako u krug,jel je injectable ili ne ?
@stamparm
Copy link
Member

stamparm commented Feb 5, 2025

ne

@stamparm stamparm closed this as completed Feb 5, 2025
@vrxvrx vrxvrx changed the title gde gresim ? ? Feb 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug report
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stamparm @vrxvrx