• <i id='ZBB58'><tr id='ZBB58'><dt id='ZBB58'><q id='ZBB58'><span id='ZBB58'><b id='ZBB58'><form id='ZBB58'><ins id='ZBB58'></ins><ul id='ZBB58'></ul><sub id='ZBB58'></sub></form><legend id='ZBB58'></legend><bdo id='ZBB58'><pre id='ZBB58'><center id='ZBB58'></center></pre></bdo></b><th id='ZBB58'></th></span></q></dt></tr></i><div id='ZBB58'><tfoot id='ZBB58'></tfoot><dl id='ZBB58'><fieldset id='ZBB58'></fieldset></dl></div>

    1. <tfoot id='ZBB58'></tfoot>

      <small id='ZBB58'></small><noframes id='ZBB58'>

        <bdo id='ZBB58'></bdo><ul id='ZBB58'></ul>
      <legend id='ZBB58'><style id='ZBB58'><dir id='ZBB58'><q id='ZBB58'></q></dir></style></legend>

        带有 DBMS_ASSERT 的 Oracle SQL 注入块

        Oracle SQL Injection Block with DBMS_ASSERT(带有 DBMS_ASSERT 的 Oracle SQL 注入块)

          • <legend id='PQZgk'><style id='PQZgk'><dir id='PQZgk'><q id='PQZgk'></q></dir></style></legend>
            <tfoot id='PQZgk'></tfoot>
              <tbody id='PQZgk'></tbody>
                  <bdo id='PQZgk'></bdo><ul id='PQZgk'></ul>

                  <small id='PQZgk'></small><noframes id='PQZgk'>

                  <i id='PQZgk'><tr id='PQZgk'><dt id='PQZgk'><q id='PQZgk'><span id='PQZgk'><b id='PQZgk'><form id='PQZgk'><ins id='PQZgk'></ins><ul id='PQZgk'></ul><sub id='PQZgk'></sub></form><legend id='PQZgk'></legend><bdo id='PQZgk'><pre id='PQZgk'><center id='PQZgk'></center></pre></bdo></b><th id='PQZgk'></th></span></q></dt></tr></i><div id='PQZgk'><tfoot id='PQZgk'></tfoot><dl id='PQZgk'><fieldset id='PQZgk'></fieldset></dl></div>

                • 本文介绍了带有 DBMS_ASSERT 的 Oracle SQL 注入块的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

                  问题描述

                  此代码触发错误

                  <前>query_string := 'SELECT '||dbms_assert.sql_object_name(trim(both ' ' from return_field))||' FROM '||dbms_assert.schema_name(trim(both ' ' from_schema))||'.'||dbms_assert.sql_object_name(trim(''' from_table))||' WHERE '||dbms_assert.sql_object_name(key_field) ||' = '||key_value;EXECUTE IMMEDIATE query_string into return_result;

                  无效的 sql 对象.

                  从文档中我觉得表中的任何对象都是 sql 对象??
                  这里有什么问题吗?

                  考虑在 oracle 10g 中的以下功能

                  在 10g 上下文中考虑以下函数

                  <前>创建或替换功能 scott.tab_lookup (key_field CHAR,键值字符,from_schema CHAR,from_table CHAR,返回字段字符,return_type CHAR)返回 VARCHAR2 是结果_a varchar2(1000);查询字符串 VARCHAR2(4000);/*版本0.5*/开始query_string := 'SELECT '||dbms_assert.qualified_sql_name(trim(from_table||'.'||return_field))||' FROM '||dbms_assert.schema_name(trim(from_schema))||'.'||dbms_assert.sql_object_name(trim(from_table))||' WHERE '||dbms_assert.qualified_sql_name(from_table||'.'||key_field) ||' = '||key_value;IF(return_type = 'SQL') THENresult_a := query_string;别的立即执行 query_string--使用键值进入result_a;万一;返回 (result_a);例外什么时候NO_DATA_FOUND THEN返回(空);什么时候TOO_MANY_ROWS THENRETURN('**ERR_DUPLICATE**');当别人然后/*ORA-44001 INVALID_SCHEMA_NAMEORA-44002 INVALID_OBJECT_NAMEORA-44003 INVALID_SQL_NAMEORA-44004 INVALID_QUALIFIED_SQL_NAME*/如果 SQLCODE = -44001 那么RETURN('*ERR_INVALID_SCHEMA*');ELSIF SQLCODE = -44002 THENRETURN('*ERR_INVALID_OBJECT*');ELSIF SQLCODE = -44003 THENRETURN('*ERR_INVALID_SQL_NAME*');ELSIF SQLCODE = -44004 THENRETURN('*ERR_INVALID_QALIFIED_SQLNAME*');万一;return ('*ERR_'||sqlcode);结尾;/

                  我收到ERR_INVALID_OBJECT

                  <前>-- 获取生成的 SQL 作为值选择 scott.tab_lookup('ID',1,'TEST','TEST_TABLE','TEST_DESC','SQL') from dual;- -或者--- 获取从数据库字段返回的值选择 scott.tab_lookup('ID',1,'TEST','TEST_TABLE','TEST_DESC','') from dual;

                  我的桌子就像

                  <前>TEST_TABLE====================ID , TEST_DESC===================='11' , '测试 1''12', '测试 5000''13', '测试输入值''14' , '垃圾值''50' , '测试值 50'

                  此表在测试"模式中,我与 SCOTT 建立了联系并且 SCOTT 有对 TEST.TEST_TABLE 的 GRANT SELECT 进行 scott"

                  我仍然收到错误

                  ERR_INVALID_OBJECT

                  解决方案

                  query_string := 'SELECT '||dbms_assert.qualified_sql_name(trim(from_schema||'.'||from_table||'.'||return_field))||' FROM '||dbms_assert.schema_name(trim(from_schema))||'.'||dbms_assert.sql_object_name(trim(from_table))||' WHERE '||dbms_assert.qualified_sql_name(from_schema||'.'||from_table||'.'||key_field) ||' = '||key_value;EXECUTE IMMEDIATE query_string into return_result;

                  来自文档..

                  • ENQUOTE_LITERAL - 引用字符串文字
                  • ENQUOTE_NAME - 用双引号将名称括起来
                  • NOOP - 不做任何检查就返回值
                  • QUALIFIED_SQL_NAME - 验证输入字符串是否为限定的 SQL 名称
                  • SCHEMA_NAME - 函数验证输入字符串是否为现有模式名称
                  • SIMPLE_SQL_NAME - 验证输入字符串是一个简单的 SQL 名称
                  • SQL_OBJECT_NAME - 验证输入参数字符串是现有 SQL 对象的合格 SQL 标识符

                  this code is firing errors

                    query_string := 'SELECT '||dbms_assert.sql_object_name(trim(both ' ' from return_field))|| 
                                     ' FROM '||dbms_assert.schema_name(trim(both ' ' from from_schema))||
                                          '.'||dbms_assert.sql_object_name(trim(both ' ' from from_table))||  
                                    ' WHERE '||dbms_assert.sql_object_name(key_field) || ' = '||key_value;
                  
                  
                  
                   EXECUTE IMMEDIATE query_string into return_result;
                  

                  invalid sql object.

                  from the documentation i feel any object in table is an sql object??
                  whats wrong here ?

                  consider following function in oracle 10g

                  Consider the following function in 10g context

                      CREATE OR REPLACE FUNCTION scott.tab_lookup (key_field CHAR,
                                                         key_value CHAR,
                                                         from_schema CHAR,
                                                         from_table CHAR,
                                                         return_field CHAR,
                                                         return_type CHAR)
                      RETURN VARCHAR2 IS
                      result_a varchar2(1000);
                      query_string VARCHAR2(4000);
                  
                      /*version 0.5*/
                      BEGIN
                  
                      query_string := 'SELECT '||dbms_assert.qualified_sql_name(trim(from_table||'.'||return_field))|| 
                                         ' FROM '||dbms_assert.schema_name(trim(from_schema))||
                                              '.'||dbms_assert.sql_object_name(trim(from_table))||  
                                        ' WHERE '||dbms_assert.qualified_sql_name(from_table||'.'||key_field) || ' = '||key_value;
                  
                        IF(return_type = 'SQL') THEN
                           result_a := query_string;
                        ELSE
                           EXECUTE IMMEDIATE query_string 
                           --USING key_value  
                           into result_a;
                        END IF;
                  
                        RETURN (result_a);
                      EXCEPTION 
                      WHEN 
                          NO_DATA_FOUND THEN 
                             RETURN(NULL);
                      WHEN
                          TOO_MANY_ROWS THEN 
                             RETURN('**ERR_DUPLICATE**');
                      WHEN OTHERS
                      THEN 
                      /*
                      ORA-44001   INVALID_SCHEMA_NAME 
                      ORA-44002   INVALID_OBJECT_NAME
                      ORA-44003   INVALID_SQL_NAME
                      ORA-44004   INVALID_QUALIFIED_SQL_NAME
                      */
                          IF    SQLCODE = -44001 THEN 
                                RETURN('*ERR_INVALID_SCHEMA*');
                          ELSIF SQLCODE = -44002 THEN 
                                RETURN('*ERR_INVALID_OBJECT*');
                          ELSIF SQLCODE = -44003 THEN 
                                RETURN('*ERR_INVALID_SQL_NAME*');
                          ELSIF SQLCODE = -44004 THEN 
                                RETURN('*ERR_INVALID_QALIFIED_SQLNAME*');
                          end if;         
                          return ('*ERR_'||sqlcode);
                      END;
                      /
                  
                  

                  i am getting ERR_INVALID_OBJECT

                  --to get the Genrated SQL as Value  
                  
                      Select scott.tab_lookup('ID',1,'TEST','TEST_TABLE','TEST_DESC','SQL') from dual;
                  
                  -- -or-
                  
                  -- to get the value returned from database field
                  
                      Select scott.tab_lookup('ID',1,'TEST','TEST_TABLE','TEST_DESC','') from dual;
                  
                  

                  my table is like

                  
                      TEST_TABLE  
                      ====================
                      ID   , TEST_DESC
                      ====================
                      '11' , 'TEST 1'
                      '12' , 'TEST 5000'
                      '13' , 'TEST INPUT VALUE'
                      '14' , 'JUNK VALUE'
                      '50' , 'TEST VALUE 50'
                  
                  

                  this table is in 'TEST' schema and i am connected with SCOTT and SCOTT has 'GRANT SELECT on TEST.TEST_TABLE to scott'

                  still i get error

                  ERR_INVALID_OBJECT

                  解决方案

                  query_string := 'SELECT '||dbms_assert.qualified_sql_name(trim(from_schema||'.'||from_table||'.'||return_field))|| 
                                     ' FROM '||dbms_assert.schema_name(trim(from_schema))||
                                          '.'||dbms_assert.sql_object_name(trim(from_table))||  
                                    ' WHERE '||dbms_assert.qualified_sql_name(from_schema||'.'||from_table||'.'||key_field) || ' = '||key_value;
                  
                  
                  
                   EXECUTE IMMEDIATE query_string into return_result;
                  

                  From Docs..

                  • ENQUOTE_LITERAL - Enquotes a string literal
                  • ENQUOTE_NAME - Encloses a name in double q- uotes
                  • NOOP - Returns the value without any checking
                  • QUALIFIED_SQL_NAME - Verifies that the input string is a qualified SQL name
                  • SCHEMA_NAME - Function Verifies that the input string is an existing schema name
                  • SIMPLE_SQL_NAME - Verifies that the input string is a simple SQL name
                  • SQL_OBJECT_NAME - Verifies that the input parameter string is a qualified SQL identifier of an existing SQL object

                  这篇关于带有 DBMS_ASSERT 的 Oracle SQL 注入块的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

                  本站部分内容来源互联网,如果有图片或者内容侵犯了您的权益,请联系我们,我们会在确认后第一时间进行删除!

                  相关文档推荐

                  How to redirect the output of DBMS_OUTPUT.PUT_LINE to a file?(如何将 DBMS_OUTPUT.PUT_LINE 的输出重定向到文件?)
                  How do I get column datatype in Oracle with PL-SQL with low privileges?(如何使用低权限的 PL-SQL 在 Oracle 中获取列数据类型?)
                  Get a list of all functions and procedures in an Oracle database(获取 Oracle 数据库中所有函数和过程的列表)
                  Why cannot I create triggers on objects owned by SYS?(为什么我不能在 SYS 拥有的对象上创建触发器?)
                  Returning result even for elements in IN list that don#39;t exist in table(即使对于表中不存在的 IN 列表中的元素也返回结果)
                  Reset Sequence in oracle 11g(oracle 11g 中的重置序列)
                    <bdo id='i8n7u'></bdo><ul id='i8n7u'></ul>
                  • <legend id='i8n7u'><style id='i8n7u'><dir id='i8n7u'><q id='i8n7u'></q></dir></style></legend><tfoot id='i8n7u'></tfoot>

                              <tbody id='i8n7u'></tbody>
                          • <small id='i8n7u'></small><noframes id='i8n7u'>

                          • <i id='i8n7u'><tr id='i8n7u'><dt id='i8n7u'><q id='i8n7u'><span id='i8n7u'><b id='i8n7u'><form id='i8n7u'><ins id='i8n7u'></ins><ul id='i8n7u'></ul><sub id='i8n7u'></sub></form><legend id='i8n7u'></legend><bdo id='i8n7u'><pre id='i8n7u'><center id='i8n7u'></center></pre></bdo></b><th id='i8n7u'></th></span></q></dt></tr></i><div id='i8n7u'><tfoot id='i8n7u'></tfoot><dl id='i8n7u'><fieldset id='i8n7u'></fieldset></dl></div>