Portswigger SQLi-Lab 8

SQL injection attack, listing the database contents on Oracle

This labs is similar to lab#7 in which we listed the tables in postgresql database but now we are presented with oracle database on web application in which a GET paramter is vulnerable to sqli

Knowing the database is orcale we can first try blind sqli

It works , now we need to identifiy the number of columns

Here we get an error which means there are only 2 columns in the table, so now let's identify the version for that we need to supply a table name and for query the version we specify table which is a builtin table having information for version of oracle database

Gifts' union select banner,null from v$version --

Perfect now let's try leak table names

is similar to which we have seen in postgresql which holds inforamtion all tables in database

Gifts' union select table_name,null from all_tables--

Now we need to retrieve the column names for the table

Gifts' union select column_name,null from all_tab_columns where table_name = 'USERS_BDRDAO' --

BS CS undergraduate | CTF Player