Notes for an intranet oracle penetration

From kindlesbloghttp: key0.cn a week ago, it seems necessary to record the first thing to do is to find the site injection, but the error is displayed after the closed statement, the page does not have the corresponding field, and the error message is output, I am very depressed. Of course, at this time, everyone will think of the UTL_HTTP.request method, yes, but it is very inconvenient. Here I am

From kindle's blog http://key0.cn

I think it is necessary to record things a week ago.
First, find the site injection, but the error is displayed after the closed statement. There is no corresponding field on the page and the error message is output, which makes me very depressed. Of course, at this time, everyone will think of the UTL_HTTP.request method, yes, but it is very inconvenient. Here I am using another injection method that yueniu told me: Oracle Injecting With Display Error. For details, refer to utl_ina.DdR. get_host_name. The output problem is fixed. The steps are as follows: Create a java package, grant java I/O permission to the public, and create the linxru function.NcMd (): grant the public permission to linxruncmd. If you are lucky, you can directly obtain the system. Because the database is in the Intranet and the target is data, it is passed to sqluldr2.ExE. Execute ExportCommandAs follows:
User = username/password query = "SELECT * FROM ORDER_DETAIL" FIELD = 0 &TimeS; 09File= Test_tables.xLs