Sqlmap Question:

I just started testing some of our company websites and found one of our websites that does have a sql injection problem…..  I used sqlmap to test the Vulnerability and was able to get a list of the databases (i.e. using “- - dbs”) . When I try to get list of tables from one of the listed databases on this host I get the following message “ [10:48:58] [CRITICAL] there is considerable lagging in connection response(s). Please use as high value for option '--time-sec' as possible (e.g. 400 or more)”.
I am using the following argument “sqlmap -u "http://website.com/Molds_Selector.aspx?mtype=BS-14%20&" -D  <database name>   --tables --time-sec 2000”  but end up getting the following error message below… Does anybody have an idea what I may be doing wrong…?

error message:
[10:53:48] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows <O/S Version>
web application technology: ASP.NET, ASP.NET 2.0.50727, Microsoft IIS 7.0
back-end DBMS: Microsoft SQL Server 2005
[10:53:48] [INFO] fetching tables for database: <DataBase Name>
[10:53:48] [INFO] fetching number of tables for database '<DataBase Name>'
[10:53:48] [INFO] resumed: 5
[10:53:48] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[10:53:48] [INFO] retrieved:
[10:54:02] [WARNING] reflective value(s) found and filtering out
[10:54:02] [WARNING] time-based comparison needs larger statistical model. Making a few dummy requests, please wait..
[10:54:22] [CRITICAL] there is considerable lagging in connection response(s). Please use as high value for option '--time-sec' as possible (e.g. 2000 or more)
[10:54:24] [WARNING] it is very important not to stress the network adapter's bandwidth during usage of time-based payloads

 [10:54:32] [INFO] retrieved:
[10:54:42] [INFO] retrieved:
[10:54:52] [INFO] retrieved:
[10:55:02] [INFO] retrieved:
[10:55:11] [INFO] retrieved:
[10:55:20] [INFO] retrieved:
[10:55:30] [INFO] retrieved:
[10:55:39] [INFO] retrieved:
[10:55:49] [WARNING] unable to retrieve the tables for database '<DataBaseName>'
[10:55:49] [CRITICAL] unable to retrieve the tables for any database
[10:55:49] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 70 times

[*] shutting down at 10:55:49
MikeSecurityAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Bob LearnedCommented:
Do you see any evidence of the 500 (Internal Server Error) errors on the server?
0
MikeSecurityAuthor Commented:
yes, I am getting 500 error message.  when I attempt to pull down tables from database...


error message blow:

[21:43:59] [DEBUG] got HTTP error code: 500 (Internal Server Error)
0
MikeSecurityAuthor Commented:
More Detail of the error messages....


22:07:24] [INFO] fetching tables for database: <DATABASE>
[22:07:24] [INFO] fetching number of tables for database '<DATABASE>'
[22:07:24] [DEBUG] resuming configuration option 'string' (14 GAGE X 2" WIDE CU STRIP)
[22:07:24] [INFO] resumed: 5
[22:07:24] [DEBUG] performed 0 queries in 0 seconds
[22:07:24] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[22:07:24] [INFO] retrieved:
[22:07:24] [DEBUG] declared web page charset 'utf-8'
[22:07:24] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:24] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:25] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:25] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:25] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:26] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:26] [DEBUG] got HTTP error code: 500 (Internal Server Error)

[22:07:26] [DEBUG] performed 7 queries in 2 seconds
[22:07:27] [WARNING] reflective value(s) found and filtering out
[22:07:27] [WARNING] time-based comparison needs larger statistical model. Making a few dummy requests, please wait..
[22:07:35] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:35] [WARNING] it is very important not to stress the network adapter's bandwidth during usage of time-based payloads
[22:07:35] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:36] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:36] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:36] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:36] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:37] [DEBUG] got HTTP error code: 500 (Internal Server Error)

[22:07:37] [DEBUG] performed 7 queries in 9 seconds
[22:07:37] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' and/or switch '--hex'
[22:07:37] [INFO] retrieved:
[22:07:37] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:37] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:38] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:38] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:38] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:39] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:39] [DEBUG] got HTTP error code: 500 (Internal Server Error)

[22:07:39] [DEBUG] performed 7 queries in 2 seconds
[22:07:39] [INFO] retrieved:
[22:07:39] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:40] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:40] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:40] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:41] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:41] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:41] [DEBUG] got HTTP error code: 500 (Internal Server Error)

[22:07:41] [DEBUG] performed 7 queries in 2 seconds
[22:07:41] [INFO] retrieved:
[22:07:42] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:42] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:42] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:43] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:43] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:43] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:44] [DEBUG] got HTTP error code: 500 (Internal Server Error)

[22:07:44] [DEBUG] performed 7 queries in 2 seconds
[22:07:44] [INFO] retrieved:
[22:07:44] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:45] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:45] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:45] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:46] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:46] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:46] [DEBUG] got HTTP error code: 500 (Internal Server Error)

[22:07:46] [DEBUG] performed 7 queries in 2 seconds
[22:07:46] [INFO] retrieved:
[22:07:47] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:47] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:47] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:48] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:48] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:48] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:49] [DEBUG] got HTTP error code: 500 (Internal Server Error)

[22:07:49] [DEBUG] performed 7 queries in 2 seconds
[22:07:49] [INFO] retrieved:
[22:07:49] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:49] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:50] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:50] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:50] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:51] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:51] [DEBUG] got HTTP error code: 500 (Internal Server Error)

[22:07:51] [DEBUG] performed 7 queries in 2 seconds
[22:07:51] [INFO] retrieved:
[22:07:51] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:52] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:52] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:52] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:53] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:53] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:53] [DEBUG] got HTTP error code: 500 (Internal Server Error)

[22:07:53] [DEBUG] performed 7 queries in 2 seconds
[22:07:53] [INFO] retrieved:
[22:07:54] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:54] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:54] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:55] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:55] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:55] [DEBUG] got HTTP error code: 500 (Internal Server Error)
[22:07:56] [DEBUG] got HTTP error code: 500 (Internal Server Error)

[22:07:56] [DEBUG] performed 7 queries in 2 seconds
[22:07:56] [WARNING] unable to retrieve the tables for database '<DATABASE>'
[22:07:56] [CRITICAL] unable to retrieve the tables for any database
[22:07:56] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 70 times
0
Bob LearnedCommented:
I am not sure where that message is coming from, but here are some ideas on how to track down 500 errors:

Working past 500–Internal server error
http://blogs.iis.net/rickbarber/archive/2013/02/18/working-past-500-internal-server-error.aspx

Look in Event Viewer.  Sometimes you can find the detailed error logged in there, particularly Application Event Viewer.
Setup Failed Request Tracing.  This will often give you details on the 500 error.  This is especially helpful if it is an intermittent 500 error.
Look through the web log files.   This is especially helpful for an intermittent 500 error.  You can often parse the log files to see if there is a trend with a specific page that is throwing a 500 error.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MikeSecurityAuthor Commented:
Thanks, that pointed me to in the direction I need to go..
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Analysis

From novice to tech pro — start learning today.