gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-12-30 06:30:27 -08:00
Code Issues Packages Projects Releases Wiki Activity

MSSQL, OracleSQL, PostgreSQL Substring Equivalent

Browse Source
This commit is contained in:
Swissky
2024-11-16 15:35:43 +01:00
parent 67af38aa4e
commit 9a908a15d2
4 changed files with 187 additions and 169 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
SQL Injection/OracleSQL Injection.md
View File

@@ -16,6 +16,7 @@
* [Oracle SQL List Tables](#oracle-sql-list-tables)
* [Oracle SQL Error Based](#oracle-sql-error-based)
* [Oracle SQL Blind](#oracle-sql-blind)
* [Oracle Blind With Substring Equivalent](#oracle-blind-with-substring-equivalent)
* [Oracle SQL Time Based](#oracle-sql-time-based)
* [Oracle SQL Out of Band](#oracle-sql-out-of-band)
* [Oracle SQL Command Execution](#oracle-sql-command-execution)
@@ -129,6 +130,13 @@ When the injection point is inside a string use : `'||PAYLOAD--`
| First letter of first message is t | `SELECT message FROM log_table WHERE rownum=1 AND message LIKE 't%';` |
### Oracle Blind With Substring Equivalent
| Function | Example |
| ----------- | ----------------------------------------- |
| `SUBSTR` | `SUBSTR('foobar', <START>, <LENGTH>)` |
## Oracle SQL Time Based
```sql