Merge pull request #516 from jjeyanthan/patch-1

Update OracleSQL Injection.md
This commit is contained in:
Swissky 2022-07-20 19:31:11 +02:00 committed by GitHub
commit 820147466a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -68,8 +68,8 @@ SELECT owner, table_name FROM all_tab_columns WHERE column_name LIKE '%PASS%';
| Version is 12.2 | SELECT COUNT(*) FROM v$version WHERE banner LIKE 'Oracle%12.2%'; | | Version is 12.2 | SELECT COUNT(*) FROM v$version WHERE banner LIKE 'Oracle%12.2%'; |
| Subselect is enabled | SELECT 1 FROM dual WHERE 1=(SELECT 1 FROM dual) | | Subselect is enabled | SELECT 1 FROM dual WHERE 1=(SELECT 1 FROM dual) |
| Table log_table exists | SELECT 1 FROM dual WHERE 1=(SELECT 1 from log_table); | | Table log_table exists | SELECT 1 FROM dual WHERE 1=(SELECT 1 from log_table); |
| Column message exists in table log_table | SELEC COUNT(*) FROM user_tab_cols WHERE column_name = 'MESSAGE' AND table_name = 'LOG_TABLE'; | | Column message exists in table log_table | SELECT COUNT(*) FROM user_tab_cols WHERE column_name = 'MESSAGE' AND table_name = 'LOG_TABLE'; |
| First letter of first message is t | SELEC message FROM log_table WHERE rownum=1 AND message LIKE 't%'; | | First letter of first message is t | SELECT message FROM log_table WHERE rownum=1 AND message LIKE 't%'; |
## Oracle SQL Time based ## Oracle SQL Time based
@ -111,4 +111,4 @@ SELECT PwnUtilFunc('ping -c 4 localhost') FROM dual;
## References ## References
* [NetSpi - SQL Wiki](https://sqlwiki.netspi.com/injectionTypes/errorBased/#oracle) * [NetSpi - SQL Wiki](https://sqlwiki.netspi.com/injectionTypes/errorBased/#oracle)
* [ASDC12 - New and Improved Hacking Oracle From Web](https://owasp.org/www-pdf-archive/ASDC12-New_and_Improved_Hacking_Oracle_From_Web.pdf) * [ASDC12 - New and Improved Hacking Oracle From Web](https://owasp.org/www-pdf-archive/ASDC12-New_and_Improved_Hacking_Oracle_From_Web.pdf)