Sql проблема с впрыском Burpsuite - PullRequest
Новая
       29

Sql проблема с впрыском Burpsuite

0 голосов
/ 12 июня 2019

Я работаю над опросом сайта, когда сканирую сайт с помощью Burp, он возвращает информацию о том, что сайт уязвим для внедрения SQL, но я не могу воспроизвести его с помощью sqlmap

Сведения о проблемебыть уязвимым для атак SQL-инъекций.Полезная нагрузка 65254334 или 6399 = 06399-- была передана в параметре портала, и было возвращено сообщение об ошибке базы данных.Вам следует проверить содержимое сообщения об ошибке и обработку приложением других входных данных, чтобы убедиться в наличии уязвимости.

База данных выглядит как MySQL.

Включен запрос, найденный в burp, а также выходные данные некоторых сеансов SQLmap.

Что я делаю неправильно?Кто-нибудь может мне помочь?

Это команды, которые используются sqlmap -r portal.req --force-ssl --dbs --time-sec 8 sqlmap -r base.req --force-ssl --dbs --batch - случайный агент sqlmap -r portal.req --force-ssl --dbms mysql - время-сек 8 - уровень 5 --risk 3 - случайный агент --batch

Все заканчиваются тем же результатом "Ничего" 

  Issue Request
  GET /site/media/nl/portal.js?portal=165254334%20or%206399%3d06399-- 
  %20&_=_1123222212290099896yx261lkjxq1222 HTTP/1.1
  Host: myxxxxxx.xxxxx.xxxx.com
  Accept-Encoding: gzip, deflate
  Accept: */*
  Accept-Language: en
  User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; 
  x64; Trident/5.0)
  Connection: close
  Referer: https://myxxxx.xxxx.xxxx.com/login/
  Cookie: PHPSESSID=Removed; ASP.NET_SessionId=Removed; 
  sfcProduct=Removed

  Base Request 

  GET /site/media/nl/portal.js? 
  portal=1&_=_1123222212290099896yx261lkjxq1222 HTTP/1.1
  Host: myxxxxx.xxxxxx.xxxxxx.com
  Accept-Encoding: gzip, deflate
  Accept: */*
  Accept-Language: en
  User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; 
  x64; Trident/5.0)
  Connection: close
  Referer: https://myxxxxx.xxxxx.xxxxxx.com/login/
  Cookie: PHPSESSID=Removed; ASP.NET_SessionId=Removed; 
  sfcProduct=Removed

 [11:18:41] [INFO] parsing HTTP request from 'portal.req'
 [11:18:42] [WARNING] it appears that you have provided tainted parameter 
 values ('portal=165254334 or 6399=06399-- ') with most likely leftover 
 chars/statements from manual SQL injection test(s). Please, always use 
 only valid parameter values so sqlmap could be able to run properly
 are you really sure that you want to continue (sqlmap could have probl 
 ems)? [y/N] y
 [11:18:45] [INFO] testing connection to the target URL
 [11:18:45] [WARNING] there is a DBMS error found in the HTTP response 
 body which could interfere with the results of the tests
 [11:18:45] [INFO] testing if the target URL content is stable
 [11:18:47] [INFO] target URL content is stable
 [11:18:47] [INFO] testing if GET parameter 'portal' is dynamic
 [11:18:47] [INFO] GET parameter 'portal' appears to be dynamic
 [11:18:48] [INFO] heuristic (basic) test shows that GET parameter 
 'portal' might be injectable (possible DBMS: 'MySQL')
 [11:18:48] [INFO] heuristic (XSS) test shows that GET parameter 'portal' 
 might be vulnerable to cross-site scripting (XSS) attacks
 [11:18:48] [INFO] testing for SQL injection on GET parameter 'portal'
 for the remaining tests, do you want to include all tests for 'MySQL' 
 extending provided level (1) and risk (1) values? [Y/n] y
 [11:18:55] [INFO] testing 'AND boolean-based blind - WHERE or HAVING 
 clause'
 [11:18:56] [WARNING] reflective value(s) found and filtering out
 [11:19:00] [INFO] testing 'Boolean-based blind - Parameter replace 
 (original value)'
 [11:19:00] [INFO] testing 'AND boolean-based blind - WHERE or HAVING 
 clause (MySQL comment)'
 [11:19:13] [INFO] testing 'OR boolean-based blind - WHERE or HAVING 
 clause (MySQL comment)'
[11:19:25] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment)'
[11:19:38] [INFO] testing 'MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause'
[11:20:01] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)'
[11:20:24] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)'
[11:20:50] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT)'
[11:21:18] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT)'
[11:21:47] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)'
[11:22:10] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)'
[11:22:35] [INFO] testing 'MySQL boolean-based blind - Parameter replace (MAKE_SET)'
[11:22:36] [INFO] testing 'MySQL boolean-based blind - Parameter replace (MAKE_SET - original value)'
[11:22:37] [INFO] testing 'MySQL boolean-based blind - Parameter replace (ELT)'
[11:22:37] [INFO] testing 'MySQL boolean-based blind - Parameter replace (ELT - original value)'
[11:22:38] [INFO] testing 'MySQL boolean-based blind - Parameter replace (bool*int)'
[11:22:38] [INFO] testing 'MySQL boolean-based blind - Parameter replace (bool*int - original value)'
[11:22:39] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause'
[11:22:40] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)'
[11:22:41] [INFO] testing 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause'
[11:22:41] [INFO] testing 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)'
[11:22:41] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Stacked queries'
[11:22:54] [INFO] testing 'MySQL < 5.0 boolean-based blind - Stacked queries'
[11:22:54] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)'
[11:23:12] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (BIGINT UNSIGNED)'
[11:23:26] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXP)'
[11:23:41] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (EXP)'
[11:23:56] [INFO] testing 'MySQL >= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)'
[11:24:12] [INFO] testing 'MySQL >= 5.7.8 OR error-based - WHERE or HAVING clause (JSON_KEYS)'
[11:24:28] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[11:24:43] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[11:24:59] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[11:25:13] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[11:25:28] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[11:25:44] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[11:25:59] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[11:26:13] [INFO] testing 'MySQL >= 4.1 OR error-based - WHERE or HAVING clause (FLOOR)'
[11:26:28] [INFO] testing 'MySQL OR error-based - WHERE or HAVING clause (FLOOR)'
[11:26:35] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)'
[11:26:45] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (BIGINT UNSIGNED)'
[11:26:45] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (EXP)'
[11:26:46] [INFO] testing 'MySQL >= 5.7.8 error-based - Parameter replace (JSON_KEYS)'
[11:26:46] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'
[11:26:46] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)'
[11:26:47] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)'
[11:26:47] [INFO] testing 'MySQL >= 5.5 error-based - ORDER BY, GROUP BY clause (BIGINT UNSIGNED)'
[11:26:47] [INFO] testing 'MySQL >= 5.5 error-based - ORDER BY, GROUP BY clause (EXP)'
[11:26:48] [INFO] testing 'MySQL >= 5.7.8 error-based - ORDER BY, GROUP BY clause (JSON_KEYS)'
[11:26:49] [INFO] testing 'MySQL >= 5.0 error-based - ORDER BY, GROUP BY clause (FLOOR)'
[11:26:49] [INFO] testing 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (EXTRACTVALUE)'
[11:26:50] [INFO] testing 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (UPDATEXML)'
[11:26:50] [INFO] testing 'MySQL >= 4.1 error-based - ORDER BY, GROUP BY clause (FLOOR)'
[11:26:51] [INFO] testing 'MySQL inline queries'
[11:26:51] [INFO] testing 'MySQL > 5.0.11 stacked queries (comment)'
[11:26:57] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[11:27:08] [INFO] testing 'MySQL > 5.0.11 stacked queries (query SLEEP - comment)'
[11:27:15] [INFO] testing 'MySQL > 5.0.11 stacked queries (query SLEEP)'
[11:27:26] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query - comment)'
[11:27:32] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query)'
[11:27:42] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[11:27:56] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (query SLEEP)'
[11:28:09] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP)'
[11:28:23] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (SLEEP)'
[11:28:37] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP - comment)'
[11:28:46] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (SLEEP - comment)'
[11:28:54] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP - comment)'
[11:29:03] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (query SLEEP - comment)'
[11:29:12] [INFO] testing 'MySQL <= 5.0.11 AND time-based blind (heavy query)'
[11:29:26] [INFO] testing 'MySQL <= 5.0.11 OR time-based blind (heavy query)'
[11:29:41] [INFO] testing 'MySQL <= 5.0.11 AND time-based blind (heavy query - comment)'
[11:29:52] [INFO] testing 'MySQL <= 5.0.11 OR time-based blind (heavy query - comment)'
[11:30:01] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind'
[11:30:17] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (comment)'
[11:30:26] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP)'
[11:30:41] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP - comment)'
[11:30:50] [INFO] testing 'MySQL AND time-based blind (ELT)'
[11:31:04] [INFO] testing 'MySQL OR time-based blind (ELT)'
[11:31:21] [INFO] testing 'MySQL AND time-based blind (ELT - comment)'
[11:31:30] [INFO] testing 'MySQL OR time-based blind (ELT - comment)'
[11:31:41] [INFO] testing 'MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE)'
[11:31:51] [INFO] testing 'MySQL >= 5.1 time-based blind (heavy query - comment) - PROCEDURE ANALYSE (EXTRACTVALUE)'
[11:31:56] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace'
[11:31:57] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace (substraction)'
[11:31:57] [INFO] testing 'MySQL <= 5.0.11 time-based blind - Parameter replace (heavy queries)'
[11:31:57] [INFO] testing 'MySQL time-based blind - Parameter replace (bool)'
[11:31:57] [INFO] testing 'MySQL time-based blind - Parameter replace (ELT)'
[11:31:58] [INFO] testing 'MySQL time-based blind - Parameter replace (MAKE_SET)'
[11:31:58] [INFO] testing 'MySQL >= 5.0.12 time-based blind - ORDER BY, GROUP BY clause'
[11:31:59] [INFO] testing 'MySQL <= 5.0.11 time-based blind - ORDER BY, GROUP BY clause (heavy query)'
it is recommended to perform only basic UNION tests if there is not at least one other (potential) technique found. Do you want to reduce the number of requests? [Y/n] y
[12:12:28] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[12:12:31] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[12:13:28] [INFO] testing 'MySQL UNION query (random number) - 1 to 10 columns'
[12:13:47] [WARNING] GET parameter 'portal' does not seem to be injectable
[12:13:47] [INFO] testing if GET parameter '_' is dynamic
[12:13:48] [WARNING] GET parameter '_' does not appear to be dynamic
[12:13:48] [INFO] heuristic (basic) test shows that GET parameter '_' might be injectable (possible DBMS: 'MySQL')
[12:13:48] [INFO] testing for SQL injection on GET parameter '_'
[12:13:49] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[12:13:50] [INFO] testing 'Boolean-based blind - Parameter replace (original value)'
[12:13:50] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (MySQL comment)'
[12:13:58] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (MySQL comment)'
[12:14:11] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment)'
[12:14:58] [WARNING] there is a possibility that the target (or WAF/IPS) is dropping 'suspicious' requests
[12:14:58] [CRITICAL] connection timed out to the target URL. sqlmap is going to retry the request(s)
[12:15:03] [INFO] testing 'MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause'
[12:15:17] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)'
[12:15:29] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)'
[12:15:47] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT)'
[12:15:59] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT)'
[12:16:20] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)'
[12:16:31] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)'
[12:16:50] [INFO] testing 'MySQL boolean-based blind - Parameter replace (MAKE_SET)'
[12:16:50] [INFO] testing 'MySQL boolean-based blind - Parameter replace (MAKE_SET - original value)'
[12:16:50] [INFO] testing 'MySQL boolean-based blind - Parameter replace (ELT)'
[12:16:50] [INFO] testing 'MySQL boolean-based blind - Parameter replace (ELT - original value)'
[12:16:51] [INFO] testing 'MySQL boolean-based blind - Parameter replace (bool*int)'
[12:16:51] [INFO] testing 'MySQL boolean-based blind - Parameter replace (bool*int - original value)'
[12:16:51] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause'
[12:16:52] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)'
[12:16:52] [INFO] testing 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause'
[12:16:52] [INFO] testing 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)'
[12:16:52] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Stacked queries'
[12:16:59] [INFO] testing 'MySQL < 5.0 boolean-based blind - Stacked queries'
[12:16:59] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)'
[12:17:13] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (BIGINT UNSIGNED)'
[12:17:27] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXP)'
[12:17:42] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (EXP)'
[12:18:00] [INFO] testing 'MySQL >= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)'
[12:18:18] [INFO] testing 'MySQL >= 5.7.8 OR error-based - WHERE or HAVING clause (JSON_KEYS)'
[12:18:34] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[12:18:53] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[12:19:39] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[12:21:03] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[12:21:29] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[12:21:53] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[12:22:12] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[12:22:37] [INFO] testing 'MySQL >= 4.1 OR error-based - WHERE or HAVING clause (FLOOR)'
[12:22:55] [INFO] testing 'MySQL OR error-based - WHERE or HAVING clause (FLOOR)'
[12:23:07] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)'
[12:23:21] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (BIGINT UNSIGNED)'
[12:23:21] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (EXP)'
[12:23:21] [INFO] testing 'MySQL >= 5.7.8 error-based - Parameter replace (JSON_KEYS)'
[12:23:22] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'
[12:23:22] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)'
[12:23:22] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)'
[12:23:22] [INFO] testing 'MySQL >= 5.5 error-based - ORDER BY, GROUP BY clause (BIGINT UNSIGNED)'
[12:23:23] [INFO] testing 'MySQL >= 5.5 error-based - ORDER BY, GROUP BY clause (EXP)'
[12:23:24] [INFO] testing 'MySQL >= 5.7.8 error-based - ORDER BY, GROUP BY clause (JSON_KEYS)'
[12:23:24] [INFO] testing 'MySQL >= 5.0 error-based - ORDER BY, GROUP BY clause (FLOOR)'
[12:23:26] [INFO] testing 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (EXTRACTVALUE)'
[12:23:26] [INFO] testing 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (UPDATEXML)'
[12:23:27] [INFO] testing 'MySQL >= 4.1 error-based - ORDER BY, GROUP BY clause (FLOOR)'
[12:23:28] [INFO] testing 'MySQL inline queries'
[12:23:28] [INFO] testing 'MySQL > 5.0.11 stacked queries (comment)'
[12:23:38] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[12:23:51] [INFO] testing 'MySQL > 5.0.11 stacked queries (query SLEEP - comment)'
[12:24:00] [INFO] testing 'MySQL > 5.0.11 stacked queries (query SLEEP)'
[12:24:13] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query - comment)'
[12:24:21] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query)'
[12:24:33] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[12:24:52] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (query SLEEP)'
[12:25:11] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP)'
[12:25:35] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (SLEEP)'
[12:26:10] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP - comment)'
[12:26:37] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (SLEEP - comment)'
[12:26:53] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP - comment)'
[12:27:07] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (query SLEEP - comment)'
[12:27:21] [INFO] testing 'MySQL <= 5.0.11 AND time-based blind (heavy query)'
[12:27:37] [INFO] testing 'MySQL <= 5.0.11 OR time-based blind (heavy query)'
[12:27:52] [INFO] testing 'MySQL <= 5.0.11 AND time-based blind (heavy query - comment)'
[12:28:02] [INFO] testing 'MySQL <= 5.0.11 OR time-based blind (heavy query - comment)'
[12:28:11] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind'
[12:28:26] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (comment)'
[12:28:36] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP)'
[12:28:50] [INFO] testing 'MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP - comment)'
[12:29:00] [INFO] testing 'MySQL AND time-based blind (ELT)'
[12:29:14] [INFO] testing 'MySQL OR time-based blind (ELT)'
[12:29:28] [INFO] testing 'MySQL AND time-based blind (ELT - comment)'
[12:29:37] [INFO] testing 'MySQL OR time-based blind (ELT - comment)'
[12:29:47] [INFO] testing 'MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE)'
[12:29:57] [INFO] testing 'MySQL >= 5.1 time-based blind (heavy query - comment) - PROCEDURE ANALYSE (EXTRACTVALUE)'
[12:30:02] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace'
[12:30:03] [INFO] testing 'MySQL >= 5.0.12 time-based blind - Parameter replace (substraction)'
[12:30:03] [INFO] testing 'MySQL <= 5.0.11 time-based blind - Parameter replace (heavy queries)'
[12:30:03] [INFO] testing 'MySQL time-based blind - Parameter replace (bool)'
[12:30:03] [INFO] testing 'MySQL time-based blind - Parameter replace (ELT)'
[12:30:04] [INFO] testing 'MySQL time-based blind - Parameter replace (MAKE_SET)'
[12:30:04] [INFO] testing 'MySQL >= 5.0.12 time-based blind - ORDER BY, GROUP BY clause'
[12:30:04] [INFO] testing 'MySQL <= 5.0.11 time-based blind - ORDER BY, GROUP BY clause (heavy query)'
[12:30:05] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[12:30:08] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[12:30:28] [INFO] testing 'MySQL UNION query (random number) - 1 to 10 columns'
[12:30:49] [WARNING] GET parameter '_' does not seem to be injectable
[12:30:49] [CRITICAL] all tested parameters do not appear to be injectable. Try to increase values for '--level'/'--risk' options if you wish to perform more tests. As heuristic test turned out positive you are strongly advised to continue on with the tests. If you suspect that there is some kind of protection mechanism involved (e.g. WAF) maybe you could try to use option '--tamper' (e.g. '--tamper=space2comment') and/or switch '--random-agent'
[12:30:49] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 5304 times

_________________________________________________________________________
[15:10:13] [INFO] parsing HTTP request from 'base.req'
[15:10:14] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.10' from file '/usr/share/sqlmap/data/txt/user-agents.txt'
[15:10:14] [INFO] testing connection to the target URL
[15:10:22] [INFO] testing if the target URL content is stable
[15:10:31] [INFO] target URL content is stable
[15:10:31] [INFO] testing if GET parameter 'portal' is dynamic
[15:10:31] [WARNING] GET parameter 'portal' does not appear to be dynamic
[15:10:39] [WARNING] heuristic (basic) test shows that GET parameter 'portal' might not be injectable
[15:10:52] [INFO] testing for SQL injection on GET parameter 'portal'
[15:10:52] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[15:11:27] [INFO] testing 'Boolean-based blind - Parameter replace (original value)'
[15:11:28] [WARNING] reflective value(s) found and filtering out
[15:11:29] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[15:11:41] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[15:11:54] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN)'
[15:12:08] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[15:12:22] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'
[15:12:22] [INFO] testing 'MySQL inline queries'
[15:12:22] [INFO] testing 'PostgreSQL inline queries'
[15:12:23] [INFO] testing 'Microsoft SQL Server/Sybase inline queries'
[15:12:23] [INFO] testing 'PostgreSQL > 8.1 stacked queries (comment)'
[15:12:23] [CRITICAL] considerable lagging has been detected in connection response(s). Please use as high value for option '--time-sec' as possible (e.g. 10 or more)
[15:12:28] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (comment)'
[15:12:33] [INFO] testing 'Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE - comment)'
[15:12:38] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[15:12:44] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[15:12:53] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind (IF)'
[15:13:01] [INFO] testing 'Oracle AND time-based blind'
it is recommended to perform only basic UNION tests if there is not at least one other (potential) technique found. Do you want to reduce the number of requests? [Y/n] Y
[15:13:13] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[15:13:27] [WARNING] user aborted during detection phase
[15:14:44] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[15:15:30] [WARNING] GET parameter 'portal' does not seem to be injectable
[15:15:30] [INFO] testing if GET parameter '_' is dynamic
[15:15:33] [WARNING] GET parameter '_' does not appear to be dynamic
[15:15:35] [WARNING] heuristic (basic) test shows that GET parameter '_' might not be injectable
[15:15:43] [INFO] testing for SQL injection on GET parameter '_'
[15:15:43] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[15:16:00] [INFO] testing 'Boolean-based blind - Parameter replace (original value)'
[15:16:05] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[15:16:20] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[15:16:35] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN)'
[15:16:49] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[15:17:05] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'
[15:17:09] [INFO] testing 'MySQL inline queries'
[15:17:12] [INFO] testing 'PostgreSQL inline queries'
[15:17:16] [INFO] testing 'Microsoft SQL Server/Sybase inline queries'
[15:17:19] [INFO] testing 'PostgreSQL > 8.1 stacked queries (comment)'
[15:17:22] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (comment)'
[15:17:26] [INFO] testing 'Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE - comment)'
[15:17:29] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[15:17:34] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[15:17:38] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind (IF)'
[15:17:42] [INFO] testing 'Oracle AND time-based blind'
[15:17:46] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[15:18:11] [WARNING] GET parameter '_' does not seem to be injectable
[15:18:11] [CRITICAL] all tested parameters do not appear to be injectable. Try to increase values for '--level'/'--risk' options if you wish to perform more tests. If you suspect that there is some kind of protection mechanism involved (e.g. WAF) maybe you could try to use option '--tamper' (e.g. '--tamper=space2comment')
[15:18:11] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 7 times
...