** Thank you for using the HackerTarget.com Free SQL injection Scan ** Your SQL Injection scan results are listed below. For more information and other Vulnerability Scanning options please visit http://www.hackertarget.com. Please note that while SQLiX and Sqlmap are excellent tools that do a number of basic sql inection checks by checking your website, for a complete web application audit nothing can beat a manual audit by skilled penetration testers. Please check your results against your current web software to confirm vulnerabilities. Please contact info@hackertarget.com for more information, periodic Vulnerability Scanning is an important part of the security toolkit when running internet hosts and websites. ====================================================== -- SQLiX -- © Copyright 2006 Cedric COCHIN, All Rights Reserved. ====================================================== Analysing URL [http://test.acunetix.com/artists.php?artist=1] http://test.acunetix.com/artists.php?artist=1 [+] working on artist [+] Method: MS-SQL error message [+] Method: SQL error message [+] Method: MySQL comment injection [ERROR] Parameter doesn't impact content [+] Method: SQL Blind Integer Injection [FOUND] Blind SQL Injection: Integer based [FOUND] Database type: MySQL Server [INFO] Current function: version() [INFO] length: 31 5.0____________________________ 5.0________________________-log 5.0____Debian______________-log 5.0.___Debian______________-log 5.0.2__Debian______________-log 5.0.22_Debian______________-log 5.0.22-Debian______________-log 5.0.22-Debian______________-log 5.0.22-Debian_0____________-log 5.0.22-Debian_0u___________-log 5.0.22-Debian_0ub__________-log 5.0.22-Debian_0ubu_________-log 5.0.22-Debian_0ubun________-log 5.0.22-Debian_0ubunt_______-log 5.0.22-Debian_0ubuntu______-log 5.0.22-Debian_0ubuntu6_____-log 5.0.22-Debian_0ubuntu6.____-log 5.0.22-Debian_0ubuntu6.0___-log 5.0.22-Debian_0ubuntu6.06__-log 5.0.22-Debian_0ubuntu6.06._-log 5.0.22-Debian_0ubuntu6.06.6-log [FOUND] SQL Blind Integer Injection --- No results here means that SQLiX found no injection point --- --- Now sqlmap will test your url --- sqlmap/0.7rc1 by Bernardo Damele A. G. [*] starting at: 04:55:14 [04:55:14] [INFO] testing connection to the target url [04:55:15] [INFO] testing if the url is stable, wait a few seconds [04:55:16] [INFO] url is stable [04:55:16] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic [04:55:17] [WARNING] User-Agent parameter 'User-Agent' is not dynamic [04:55:17] [INFO] testing if GET parameter 'artist' is dynamic [04:55:18] [INFO] confirming that GET parameter 'artist' is dynamic [04:55:19] [INFO] GET parameter 'artist' is dynamic [04:55:19] [INFO] testing sql injection on GET parameter 'artist' with 0 parenthesis [04:55:19] [INFO] testing unescaped numeric injection on GET parameter 'artist' [04:55:20] [INFO] confirming unescaped numeric injection on GET parameter 'artist' [04:55:20] [INFO] GET parameter 'artist' is unescaped numeric injectable with 0 parenthesis [04:55:20] [INFO] testing for parenthesis on injectable parameter [04:55:22] [INFO] the injectable parameter requires 0 parenthesis [04:55:22] [ERROR] unhandled exception in sqlmap/0.7rc1, please copy the command line and the following text and send by e-mail to sqlmap-users@lists.sourceforge.net. The developer will fix it as soon as possible: sqlmap version: 0.7rc1 Python version: 2.5.2 Operating system: linux2 [*] shutting down at: 04:55:22