SQL injection attack, listing the database contents on Oracle
https://portswigger.net/web-security/sql-injection/examining-the-database/lab-listing-database-contents-oracle
Level: Practitioner
Now let's apply all our knowledge dumping an Oracle database.
Remember that because is oracle is some different logic.
Here we see all the tables on the DB that we can use.
We can filter the contents by using a user from the DB.
To list the Users, use the following payload in the image.
Now use the user to filter by it.
Im seeing an interesting columns so lets get its contents.
Here I used this little trick to represent the content more fancy and get the contents of Users_XXXX.
The difference between other databases from this is that you have different commands and its more special because of that.
PreviousSQL injection attack, listing the database contents on non-Oracle databasesNextBlind SQL injection with conditional responses
Last updated