SQL Injection Attack - Listing the Database Contents on Oracle
Вставка
- Опубліковано 12 вер 2024
- Here we practice enumerating the database schema in an oracle database.
The objective is to use a UNION attack to retrieve the administrator password, but we are first required to establish the names of the tables and columns involved.
We make use of two of oracles schema tables, all_tables and all_tab_columns to enumerate key names from the database. We are then able to craft a UNION injection attack to retrieve the specific pieces of data from the database we are looking for.
A further vulnerability is uncovered when we realise that passwords have been stored in the database using plain text rather than represented as a hash.
