Update OracleSQL Injection.md

missing 'T' in the SELECT in the Oracle blind SQLI section
2024-12-04 18:40:41 +00:00 · 2022-07-20 13:34:27 +02:00 · 2022-07-20 13:34:27 +02:00 · 7ad7ae722d
commit 7ad7ae722d
parent d9921e370b
1 changed files with 3 additions and 3 deletions
--- a/Injection/OracleSQL
+++ b/Injection/OracleSQL
@ -68,8 +68,8 @@ SELECT owner, table_name FROM all_tab_columns WHERE column_name LIKE '%PASS%';
 | Version is 12.2	       | SELECT COUNT(*) FROM v$version WHERE banner LIKE 'Oracle%12.2%'; |
 | Subselect is enabled	 | SELECT 1 FROM dual WHERE 1=(SELECT 1 FROM dual) |
 | Table log_table exists | SELECT 1 FROM dual WHERE 1=(SELECT 1 from log_table); |
-| Column message exists in table log_table | SELEC COUNT(*) FROM user_tab_cols WHERE column_name = 'MESSAGE' AND table_name = 'LOG_TABLE'; |
-| First letter of first message is t | SELEC message FROM log_table WHERE rownum=1 AND message LIKE 't%'; |
+| Column message exists in table log_table | SELECT COUNT(*) FROM user_tab_cols WHERE column_name = 'MESSAGE' AND table_name = 'LOG_TABLE'; |
+| First letter of first message is t | SELECT message FROM log_table WHERE rownum=1 AND message LIKE 't%'; |

 ## Oracle SQL Time based

@ -111,4 +111,4 @@ SELECT PwnUtilFunc('ping -c 4 localhost') FROM dual;
 ## References

 * [NetSpi - SQL Wiki](https://sqlwiki.netspi.com/injectionTypes/errorBased/#oracle)
-* [ASDC12 - New and Improved Hacking Oracle From Web](https://owasp.org/www-pdf-archive/ASDC12-New_and_Improved_Hacking_Oracle_From_Web.pdf)
+* [ASDC12 - New and Improved Hacking Oracle From Web](https://owasp.org/www-pdf-archive/ASDC12-New_and_Improved_Hacking_Oracle_From_Web.pdf)