|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 101
Members: 0
Total: 101
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Oracle Injection {HELP}! |
|
Posted: Sat Jan 30, 2010 11:28 pm |
|
|
Injo |
Regular user |
|
|
Joined: Dec 20, 2009 |
Posts: 7 |
|
|
|
|
|
|
|
hello my friends,
how are u ?
i want to ask a little question about oracle injection
when i want to retrieve the table_name from all_tab_columns and specify the column_name by this injection query :
Code: | select table_name from all_tab_columns where column_name like 'id' |
there will be an error ==== i think this error because id isn't encoded so what is the coding method that i can use here ?
and also how i can use an alternative method for LIMIT OFFSET in oracle if the rownum doesn't work ?
the last question is how i can retrieve the columns from the tables by using the oracle injection ?
thanks a lot really i appreciate your answers ... |
|
|
|
|
Posted: Sun Jan 31, 2010 2:47 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
|
|
|
|
|
hello |
|
Posted: Sun Jan 31, 2010 9:55 pm |
|
|
Injo |
Regular user |
|
|
Joined: Dec 20, 2009 |
Posts: 7 |
|
|
|
|
|
|
|
thanks my friend
i really appreciate ur answer
see this demo site:
Code: | http://registration.kku.edu.sa/kku/facultiesstaffinfoservlet?instructorId=-1280%20UNION%20SELECT%201,column_name,null,null,null,null,7,null,null,null%20FROM%20user_tab_columns%20WHERE%20TABLE_NAME%20like%20%27%user%%27-- |
like u see here if i wrote the where function i got nothing even if i encode it
how i can complete this injection ?
sorry for being demandable my friend w8ing u... |
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|