What’s the proper technique of extracting large amounts of data on an Oracle 12 SQL Server which is accessed through a blind SQL injection from a vulnerable website with no direct access to port 1521?
The ideas described in this document don’t work with this version:
Furthermore, server is behind a firewall and is running on a separate machine from the web server. Public IP of the server is unknown, and it’s possible that it is only accessible from the local network:
select sys_context ('USERENV', 'SERVER_HOST'): 'database2'
select utl_inaddr.get_host_address('database2') from dual: '10.55.100.3'
TCP/HTTP/DNS requests from SQL queries are blocked so I’m not able to do any reverse connections.
Any ideas?