Mirrors/CTF-Writeups
2
0
Fork 0
mirror of https://github.com/AbdullahRizwan101/CTF-Writeups synced 2024-11-10 06:34:17 +00:00
Code Issues Projects Releases Packages Wiki Activity
CTF-Writeups/Portswigger/SQLi-Labs/Lab8.md
ARZ 825a53f080
Add files via upload
2021-06-11 00:04:56 +05:00

2 KiB
Raw Blame History

Portswigger SQLi-Lab 8

SQL injection attack, listing the database contents on Oracle

This labs is similar to lab#7 in which we listed the tables in postgresql database but now we are presented with oracle database on web application in which category a GET paramter is vulnerable to sqli

Knowing the database is orcale we can first try blind sqli

It works , now we need to identifiy the number of columns

Here we get an error which means there are only 2 columns in the table, so now let's identify the version for that we need to supply a table name and for query the version we specify v$version table which is a builtin table having information for version of oracle database

Gifts' union select banner,null from v$version --

Perfect now let's try leak table names

all_tables is similar to information.schema.tables which we have seen in postgresql which holds inforamtion all tables in database

Gifts' union select table_name,null from all_tables--

Now we need to retrieve the column names for the table USERS_BDRDAO

Gifts' union select column_name,null from all_tab_columns where table_name = 'USERS_BDRDAO' --

Gifts' union select USERNAME_ZYPQTA ,PASSWORD_INGWFD from USERS_BDRDAO --

And we got the credentials now we just need to login with the adminstartor account and we'll complete this lab