Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Oracle Pentest

From: The Dead <th3d34d () gmail com>
Date: Tue, 4 Jan 2011 19:43:58 -0200
Force the database return error to you:

'||utl_inaddr.get_host_name((select user from dual))--

TH3D34D

On Sat, Jan 1, 2011 at 10:48 AM,  <maash.rajani () gmail com> wrote:

I found an injection point during a pentest project.
They are running an Oracle DBMS.

Simply tryin ' OR '1'='1' returned one single result. In trying to find the number of queries returned by the column 
i used:

' OR '1'='1' ORDER BY n--
Anything above 7 in the Order by query generates an error. So i assumed there were 7 columns being selected.

But then when i try
' OR '1'='1' UNION SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL --

i get an incorrect number of columns error. I tried anywhere upto 30 "NULLs", i keep getting the same error.

Any suggestions?

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------




------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: