Wiki

User Tools

Site Tools

Trace:
hacking:sql_injection_cheat_sheet_oracle

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
hacking:sql_injection_cheat_sheet_oracle [2020/04/01 11:23] peterhacking:sql_injection_cheat_sheet_oracle [2020/07/15 09:30] (current) – external edit 127.0.0.1
Line 76: Line 76:
 SELECT UTL_HTTP.REQUEST('http://google.com') FROM dual; SELECT UTL_HTTP.REQUEST('http://google.com') FROM dual;
 </code>| </code>|
-|Command Execution | +|Command Execution |<code>
  
 [[http://www.0xdeadbeef.info/exploits/raptor_oraexec.sql|Java]] can be used to execute commands if it's installed. [[http://www.0xdeadbeef.info/exploits/raptor_oraexec.sql|Java]] can be used to execute commands if it's installed.
Line 82: Line 82:
 [[http://www.0xdeadbeef.info/exploits/raptor_oraextproc.sql|ExtProc]] can sometimes be used too, though it normally failed for me. :-( [[http://www.0xdeadbeef.info/exploits/raptor_oraextproc.sql|ExtProc]] can sometimes be used too, though it normally failed for me. :-(
 </code>| </code>|
-|Local File Access| +|Local File Access|<code>
- +
 [[http://www.0xdeadbeef.info/exploits/raptor_oraexec.sql|UTL_FILE]] can sometimes be used. Check that the following is non-null: [[http://www.0xdeadbeef.info/exploits/raptor_oraexec.sql|UTL_FILE]] can sometimes be used. Check that the following is non-null:
 SELECT value FROM v$parameter2 WHERE name = 'utl_file_dir'; SELECT value FROM v$parameter2 WHERE name = 'utl_file_dir';
Line 99: Line 98:
 SYSTEM SYSTEM
 SYSAUX SYSAUX
-</code>+</code>|
  
 ---- ----
hacking/sql_injection_cheat_sheet_oracle.1585740183.txt.gz · Last modified: 2020/07/15 09:30 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki