SQL Injection Attack - Listing the Database Contents on Non-Oracle Database

Description:
We take a look at how to extract database schema using a non-oracle database.

We group together non-oracle databases because they make use of the information_schema.xxxx table schema names, whereas Oracle database have a different naming convention.

We use a UNION attack to first select table_name column from information_schema.tables and then use the same vector to select the list of columns associated with that table name from the information_schema.columns table.

We use the extract table and column names to craft an SQL UNION injection attack that extracts the username and password of the administrator account.

Support This Channel
======================

Please like and subscribe, it means a lot!

Please buy me a coffee so I can continue to make content.
https://buymeacoffee.com/zenshell

My cybersec and webdev training site
https://www.zenshell.ninja

Join our Discord
https://discord.gg/yzpm7kSpgY