hacking:sql_injection:oracle:if_statement
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| hacking:sql_injection:oracle:if_statement [2020/04/16 21:21] – created peter | hacking:sql_injection:oracle:if_statement [2020/07/15 09:30] (current) – external edit 127.0.0.1 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Hacking - SQL Injection - Oracle - If Statement ====== | ====== Hacking - SQL Injection - Oracle - If Statement ====== | ||
| + | |||
| + | Get response based on an **if** statement. | ||
| + | |||
| + | This is one of the key points of Blind SQL Injection, also can be very useful to test simple stuff blindly and accurately. | ||
| <code sql> | <code sql> | ||
| BEGIN | BEGIN | ||
| - | IF condition THEN true-part; ELSE false-part; END IF; END; (O) | + | IF condition THEN true-part; ELSE false-part; END IF; |
| - | IF (1=1) THEN dbms_lock.sleep(3); | + | |
| + | IF (1=1) THEN dbms_lock.sleep(3); | ||
| END; | END; | ||
| </ | </ | ||
hacking/sql_injection/oracle/if_statement.1587072070.txt.gz · Last modified: 2020/07/15 09:30 (external edit)