Oracle 12 Blind SQL Injection Data Exfiltration or Priv Escalation

What’s the proper technique of extracting large amounts of data on an Oracle 12 SQL Server which is accessed through a blind SQL injection from a vulnerable website with no direct access to port 1521?

The ideas described in this document don’t work with this version:

Furthermore, server is behind a firewall and is running on a separate machine from the web server. Public IP of the server is unknown, and it’s possible that it is only accessible from the local network:

select sys_context ('USERENV', 'SERVER_HOST'): 'database2'
select utl_inaddr.get_host_address('database2') from dual: ''

TCP/HTTP/DNS requests from SQL queries are blocked so I’m not able to do any reverse connections.

Any ideas?

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.