You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi @LasCC big appreciation for this wonderful extension.
Today I came across on a miss-written payload, which could cause people using the extension miss a valid SQLi attack.
It has to do with the oracle database section, more specifically 'Column Name Enumeration' payload which does not specify the all_tab_columns table as part for the SQLi.
The corrected version should be: "'UNION SELECT column_name,NULL FROM all_tab_columns where table_name="X" -- -"
The text was updated successfully, but these errors were encountered:
Hi @LasCC big appreciation for this wonderful extension.
Today I came across on a miss-written payload, which could cause people using the extension miss a valid SQLi attack.
It has to do with the oracle database section, more specifically 'Column Name Enumeration' payload which does not specify the all_tab_columns table as part for the SQLi.
The corrected version should be: "'UNION SELECT column_name,NULL FROM all_tab_columns where table_name="X" -- -"
The text was updated successfully, but these errors were encountered: