SQL injection attack, listing the database contents on Oracle

https://portswigger.net/web-security/sql-injection/examining-the-database/lab-listing-database-contents-oracle

Level: Practitioner

• Now let's apply all our knowledge dumping an Oracle database.

• Remember that because is oracle is some different logic.

• Here we see all the tables on the DB that we can use.

• We can filter the contents by using a user from the DB.

• To list the Users, use the following payload in the image.

• Now use the user to filter by it.

• Im seeing an interesting columns so lets get its contents.

• Here I used this little trick to represent the content more fancy and get the contents of Users_XXXX.

• The difference between other databases from this is that you have different commands and its more special because of that.