Pranaam to all 🙏
I was testing new payload to exploit error-based SQL injection when backend database is Oracle or PostgreSQL (will post about them in next blogpost).
Yeah, that was me at that moment =)) Let's have a look on it.
XDBURITYPE():
We can use XDBURITYPE() function to perform error-based SQL injection exploitation in case of Oracle database. This function is useful to exploit SQL injection when we have SQL Injection in following scenarios:
Select statement:
👉 Column name
👉 Where clause
👉 Like clause
Insert Query
Select Statement - Column name : Lets start with case of column name when user supplied data is getting pass as column name to Select statement. For example, below mentioned is the vulnerable SQL query:
In this situation, we can use below mentioned payload to execute SQL query and force Database to reveal the output in Database error message:
👉 Payload to extract the database version:
👉 Payload to extract the first table name:
Select Statement - Where Clause: now, let's talk about Where clause , when user supplied data is getting pass to where clause. We have below mentioned vulnerable SQL query:
In this situation, we can use below mentioned payload to execute SQL query and force Database to reveal its output in Database error message:
👉 Payload to extract the database version:
👉 Payload to extract the first table name:
Select Statement - Like Clause: Let's discuss the case when user supplied data is getting pass to like clause. We have below mentioned vulnerable SQL query:
To exploit SQL injection, we need to use payload in below mentioned style:
👉 Payload to extract the first table name:
Insert Query: Let's suppose we have below mentioned vulnerable SQL Insert query:
To exploit SQL injection, we need to use payload in below mentioned style:
👉 Payload to extract the first table name:
Great bblog
ReplyDelete