Ferruh Mavituna - Me, Myself and My Alter Ego... Ferruh Mavituna http://ferruh.mavituna.com Cmt, 20 Mar 2010 00:46:11 +0200 http://ferruh.mavituna.com http://ferruh.mavituna.com/rss/rss.gif http://ferruh.mavituna.com/oracle-sql-injection-cheat-sheet-oku/ harsh Çar, 10 Mar 2010 13:27:41 +0200 jhello...this is geat expierence /...... http://ferruh.mavituna.com/oracle-sql-injection-cheat-sheet-oku/ rem7ter Cmt, 22 Kas 2008 08:43:02 +0200 thanks!but not sure that is useful http://ferruh.mavituna.com/oracle-sql-injection-cheat-sheet-oku/ Deep Power Per, 16 Eki 2008 16:51:49 +0200 Ferruh abi iyi g&#252;zel de ingilizce.Ingilizcem o kadar iyi degildir.En iyisi sen bunu tr ye &#231;evir.Bir lise ogrencisi i&#231;in zor : )<br />Selametle... http://ferruh.mavituna.com/oracle-sql-injection-cheat-sheet-oku/ Ferruh Mavituna Sal, 02 Eki 2007 23:42:22 +0200 Alexandar,<br />Thanks for your comments. I'm quite new in ORACLE stuff. I updated current list according to your comments. http://ferruh.mavituna.com/oracle-sql-injection-cheat-sheet-oku/ Alexander Kornbrust Sal, 02 Eki 2007 22:18:19 +0200 Nice list but some of the statements are too complicated:<br /><br />e.g. <br /> SELECT username, FROM all_users UNION SELECT name, password FROM sys.user$<br />better: SELECT name, password FROM sys.user$ where type#=1<br /><br />or<br />use httpuritype instead of utl_http. utl_http is often removed from public. httpuritype works also and is not flagged by IDS:<br /> SELECT HTTPURITYPE('http://www.red-database-security.com').getXML() FROM DUAL;<br /><br />