LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.

Oracle SQL Injection | Database Recon

18 hours ago 7
BOOK THIS SPACE FOR AD
ARTICLE AD

AbhirupKonwar

DALL-E 3

This article will elaborate how I observe specific keywords and endpoints that helps in guessing the database type without any automated fingerprinting.

Find endpoints where most likely it will be interacting with the database for this endpoint to function.

site:domain.com "login"
site:domain.com -www "login"
site:domain.com -www "signin"
site:domain.com -www "password"
site:domain.com -www "reset"

Capture and intercept the request using Burpsuite

What do you observe here that is worth googling to narrow down the attack?

Now we minimize part by part by and search with some variations to get some information about what we are dealing with.

"/wd/plsql/" site:github.com
"/wd/plsql/" site:exploit-db.com
"/wd/plsql" poc exploit
"plsql" server

We save this endpoint along with the product used, when new CVE is assigned with public exploit, we immediately attack it (Only if in scope)

oracle sql server injection payloads site:github.com
oracle sql server injection payloads site:twitter.com
oracle sql server injection payloads site:x.com

Basic Googling: Sort/Filter by date and get the latest crawled results.

Check the complete video about where and how to inject the payloads with basic encoding.

Read Entire Article
  3. Oracle SQL Injection | Database Recon

Related

Single endpoint leads to two bounties!(400$)

Single endpoint leads to two bounties!(400$)

Breaking Boundaries: Discovering Session Invalidation Failures in User Roles

Breaking Boundaries: Discovering Session Invalidation Failures in User Roles

Google Warns of Samsung Zero-Day Exploited in the Wild

Google Warns of Samsung Zero-Day Exploited in the Wild

Critical Vulnerabilities Expose mbNET.mini and Helmholz Industrial Routers to Attacks

Critical Vulnerabilities Expose mbNET.mini and Helmholz Industrial Routers to Attacks

Ransomware Alert: Cicada3301 Emerges as Successor to BlackCat

Ransomware Alert: Cicada3301 Emerges as Successor to BlackCat

Security Flaw in Styra’s OPA Exposes NTLM Hashes to Remote Attackers

Security Flaw in Styra’s OPA Exposes NTLM Hashes to Remote Attackers

Trending

1. Arsenal vs Shakhtar Donetsk
2. Share market today
3. North Korean South Korea
4. Indian airlines bomb threats
5. Prithvi Shaw
6. China
7. BRICS
8. Hyundai share price India today
9. Anupam Kher
10. Godavari Biorefineries IPO

Popular

1-click RCE in Electron Applications

1-click RCE in Electron Applications

Install waybackurls on Kali Linux

Install waybackurls on Kali Linux

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Install DalFox on Kali Linux

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

BOOK THIS SPACE FOR AD
RIGHT SIDEBAR BOTTOM AD
Bengali (Bangladesh) Bengali (Bangladesh) · English (United States) English (United States) ·
About Us · Terms & Condition · Contact Us
© Security Alert 2024. All rights are reserved