Portswigger SQLi-Lab 8

ARZ101
1 min readJun 26, 2021

--

SQL injection attack, listing the database contents on Oracle

This labs is similar to lab#7 in which we listed the tables in postgresql database but now we are presented with oracle database on web application in which category a GET paramter is vulnerable to sqli

Knowing the database is orcale we can first try blind sqli

It works , now we need to identifiy the number of columns

Here we get an error which means there are only 2 columns in the table, so now let's identify the version for that we need to supply a table name and for query the version we specify v$version table which is a builtin table having information for version of oracle database

Gifts' union select banner,null from v$version --

Perfect now let's try leak table names

all_tables is similar to information.schema.tables which we have seen in postgresql which holds inforamtion all tables in database

Gifts' union select table_name,null from all_tables--

Now we need to retrieve the column names for the table USERS_BDRDAO

Gifts' union select column_name,null from all_tab_columns where table_name = 'USERS_BDRDAO' --

--

--

ARZ101
ARZ101

Written by ARZ101

Smol Pentester| OSCP | CTF Player | UwU

No responses yet