oracle sql injection using functions - nested queries not allowed
http://www.dba-oracle.com/t_display_os_variables_dbms_system_get_env.htm
http://psoug.org/reference/dbms_system.html
https://infocon.org/cons/Black%20Hat/Black%20Hat%20USA/Black%20Hat%20USA%202005/cd/BH_US_05-Fayo/Supporting%20Files/
https://dc414.org/download/confs/blackhat2005/BH_US_05_FAYO/SUPPORTING_FILES/
https://www.google.com/search?q=%22SQLI_uploadingAFile.sql%22&rlz=1C1CHFX_en__610__613&oq=%22SQLI_uploadingAFile.sql%22&aqs=chrome..69i57.3531j0j7&sourceid=chrome&es_sm=93&ie=UTF-8
https://www.blackhat.com/presentations/bh-usa-05/bh-us-05-fayo.pdf
http://download.oracle.com/oll/tutorials/SQLInjection/index.htm
http://dba.stackexchange.com/questions/97390/query-to-get-oracle-home-path-in-oracle-11g
http://stackoverflow.com/questions/11002746/what-is-the-difference-between-user-and-sys-contextuserenv-current-user
http://stackoverflow.com/questions/8114453/read-all-parameters-from-sys-context-userenv
http://www.morganslibrary.org/reference/sys_context.html
http://psoug.org/reference/sys_context.html
http://www.techonthenet.com/oracle/functions/sys_context.php
https://docs.oracle.com/cd/E11882_01/server.112/e41084/functions184.htm#SQLRF06117
http://docs.oracle.com/cd/B19306_01/server.102/b14200/functions165.htm
http://expertisenpuru.com/unable-to-unlock-user-showing-sp2-0640-not-connected-error-in-oracle/
https://media.blackhat.com/bh-us-10/whitepapers/Siddharth/BlackHat-USA-2010-Siddharth-Hacking-Oracle-from-the-Web-wp.pdf
http://blog.red-database-security.com/2009/01/17/tutorial-oracle-sql-injection-in-webapps-part-i/
http://docs.oracle.com/html/B14258_02/u_inaddr.htm
http://www.dba-oracle.com/t_get_ip_address_utl_inaddr_sys_context.htm
https://oracle-base.com/articles/misc/identifying-host-names-and-addresses
https://docs.oracle.com/cd/E17952_01/refman-5.1-en/string-functions.html#function_load-file
https://community.oracle.com/thread/3633577?start=0&tstart=0
http://stackoverflow.com/questions/14823382/read-text-file-to-insert-data-into-oracle-sql-table
http://www.panix.com/~eck/computer-fraud-act.html
https://web.archive.org/web/20150405072334/http://www.techonthenet.com/oracle/functions
http://www.techonthenet.com/oracle/questions/version.php
https://docs.oracle.com/cd/B28359_01/server.111/b28310/dba004.htm
https://community.oracle.com/thread/2250946
https://books.google.com/books?id=cDy2_QoQplEC&pg=PA142&lpg=PA142&dq=DBMS_SYSTEM.GET_ENV&source=bl&ots=5utmrUFvDN&sig=4amQ9dac6EfL2cZWOK8plD0GW40&hl=en&sa=X&ved=0CCIQ6AEwATgKahUKEwjF1Pm25fTIAhWFqx4KHUByCLw#v=onepage&q=load&f=false
http://stackoverflow.com/questions/5353810/how-to-inline-a-variable-in-pl-sql
http://stackoverflow.com/questions/1349936/default-value-of-a-variable-at-the-time-of-declaration-in-pl-sql
http://docs.oracle.com/cd/E19253-01/817-6223/chp-variables-5/index.html
https://books.google.com/books?id=cDy2_QoQplEC&pg=PA142&lpg=PA142&dq=DBMS_SYSTEM.GET_ENV&source=bl&ots=5utmrUFvDN&sig=4amQ9dac6EfL2cZWOK8plD0GW40&hl=en&sa=X&ved=0CCIQ6AEwATgKahUKEwjF1Pm25fTIAhWFqx4KHUByCLw#v=onepage&q=DBMS_SYSTEM.GET_ENV&f=false
http://blog.tanelpoder.com/2009/03/27/read-os-environment-variables-using-dbms_systemget_env/
http://stackoverflow.com/questions/20991187/how-can-read-environment-variable-with-sql-statement-in-oracle
http://datavirtualizer.com/finding-oracle-home/
http://www.sivakumardba.com/2012/04/how-to-find-oraclehome-path-with-in.html
http://www.orafaq.com/forum/t/73919/2/
http://www.experts-exchange.com/Database/Oracle/Q_24847164.html
http://flylib.com/books/en/2.680.1.64/1/
http://sabdarsyed.blogspot.com/2007/09/how-to-find-oraclehome-path-in-oracle.html
https://isc.sans.edu/forums/diary/Advanced+blind+SQL+injection+with+Oracle+examples/6409/
http://www.integrigy.com/files/Integrigy_Oracle_SQL_Injection_Attacks.pdf
https://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-sumit_siddharth-sql_injection_worm.pdf
http://docs.oracle.com/cd/B19306_01/server.102/b14200/functions165.htm
http://www.red-database-security.com/whitepaper/oracle_default_ports.html
https://leaksource.files.wordpress.com/2014/08/the-database-hackers-handbook.pdf
https://books.google.com/books?id=ZxEL-FO4u7wC&pg=PA197&lpg=PA197&dq=DBMS_SYSTEM.GET_ENV&source=bl&ots=6et3ueiD56&sig=gU4sO0luMzMx1BL7sdteIZ5dQQo&hl=en&sa=X&ved=0CDIQ6AEwBDgKahUKEwjF1Pm25fTIAhWFqx4KHUByCLw#v=onepage&q=DBMS_SYSTEM.GET_ENV&f=false
https://books.google.com/books?id=cDy2_QoQplEC&pg=PA142&lpg=PA142&dq=DBMS_SYSTEM.GET_ENV&source=bl&ots=5utmrUFvDN&sig=4amQ9dac6EfL2cZWOK8plD0GW40&hl=en&sa=X&ved=0CCIQ6AEwATgKahUKEwjF1Pm25fTIAhWFqx4KHUByCLw#v=onepage&q=DBMS_SYSTEM.GET_ENV&f=false
http://www.wavefrontcg.com/Blind%20SQL%20Injection-UBC.pdf
https://docs.oracle.com/html/B14399_01/app_port.htm
http://docs.oracle.com/cd/B19306_01/install.102/b14316/ports.htm
http://www.sqlinjectionwiki.com/Categories/3/oracle-sql-injection-cheat-sheet/
http://ferruh.mavituna.com/oracle-sql-injection-cheat-sheet-oku/#comments
http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
https://information.rapid7.com/rs/rapid7/images/R7%20SQL_Injection_Cheat_Sheet.v1.pdf
https://websec.ca/kb/sql_injection
http://oldmanlab.blogspot.com/2012/03/blind-oracle-sql-injection-using.html
http://www.oracle.com/technetwork/database/database-technologies/express-edition/downloads/index.html
http://www.red-database-security.com/whitepaper/oracle_default_ports.html
http://dba.stackexchange.com/questions/435/how-does-the-oracle-dual-table-work
http://psoug.org/reference/builtin_functions.html
http://www.techonthenet.com/oracle/functions/uid.php
https://asktom.oracle.com/pls/asktom/f?p=100:11:::::P11_QUESTION_ID:1562813956388
http://www.techonthenet.com/oracle/functions/user.php
http://dba.stackexchange.com/questions/81967/oracle-nested-query-with-group-by-and-having-clauses
http://www.techonthenet.com/oracle/subqueries.php
http://www.techonthenet.com/oracle/functions/translate.php
http://psoug.org/reference/dbms_system.html
https://infocon.org/cons/Black%20Hat/Black%20Hat%20USA/Black%20Hat%20USA%202005/cd/BH_US_05-Fayo/Supporting%20Files/
https://dc414.org/download/confs/blackhat2005/BH_US_05_FAYO/SUPPORTING_FILES/
https://www.google.com/search?q=%22SQLI_uploadingAFile.sql%22&rlz=1C1CHFX_en__610__613&oq=%22SQLI_uploadingAFile.sql%22&aqs=chrome..69i57.3531j0j7&sourceid=chrome&es_sm=93&ie=UTF-8
https://www.blackhat.com/presentations/bh-usa-05/bh-us-05-fayo.pdf
http://download.oracle.com/oll/tutorials/SQLInjection/index.htm
http://dba.stackexchange.com/questions/97390/query-to-get-oracle-home-path-in-oracle-11g
http://stackoverflow.com/questions/11002746/what-is-the-difference-between-user-and-sys-contextuserenv-current-user
http://stackoverflow.com/questions/8114453/read-all-parameters-from-sys-context-userenv
http://www.morganslibrary.org/reference/sys_context.html
http://psoug.org/reference/sys_context.html
http://www.techonthenet.com/oracle/functions/sys_context.php
https://docs.oracle.com/cd/E11882_01/server.112/e41084/functions184.htm#SQLRF06117
http://docs.oracle.com/cd/B19306_01/server.102/b14200/functions165.htm
http://expertisenpuru.com/unable-to-unlock-user-showing-sp2-0640-not-connected-error-in-oracle/
https://media.blackhat.com/bh-us-10/whitepapers/Siddharth/BlackHat-USA-2010-Siddharth-Hacking-Oracle-from-the-Web-wp.pdf
http://blog.red-database-security.com/2009/01/17/tutorial-oracle-sql-injection-in-webapps-part-i/
http://docs.oracle.com/html/B14258_02/u_inaddr.htm
http://www.dba-oracle.com/t_get_ip_address_utl_inaddr_sys_context.htm
https://oracle-base.com/articles/misc/identifying-host-names-and-addresses
https://docs.oracle.com/cd/E17952_01/refman-5.1-en/string-functions.html#function_load-file
https://community.oracle.com/thread/3633577?start=0&tstart=0
http://stackoverflow.com/questions/14823382/read-text-file-to-insert-data-into-oracle-sql-table
http://www.panix.com/~eck/computer-fraud-act.html
https://web.archive.org/web/20150405072334/http://www.techonthenet.com/oracle/functions
http://www.techonthenet.com/oracle/questions/version.php
https://docs.oracle.com/cd/B28359_01/server.111/b28310/dba004.htm
https://community.oracle.com/thread/2250946
https://books.google.com/books?id=cDy2_QoQplEC&pg=PA142&lpg=PA142&dq=DBMS_SYSTEM.GET_ENV&source=bl&ots=5utmrUFvDN&sig=4amQ9dac6EfL2cZWOK8plD0GW40&hl=en&sa=X&ved=0CCIQ6AEwATgKahUKEwjF1Pm25fTIAhWFqx4KHUByCLw#v=onepage&q=load&f=false
http://stackoverflow.com/questions/5353810/how-to-inline-a-variable-in-pl-sql
http://stackoverflow.com/questions/1349936/default-value-of-a-variable-at-the-time-of-declaration-in-pl-sql
http://docs.oracle.com/cd/E19253-01/817-6223/chp-variables-5/index.html
https://books.google.com/books?id=cDy2_QoQplEC&pg=PA142&lpg=PA142&dq=DBMS_SYSTEM.GET_ENV&source=bl&ots=5utmrUFvDN&sig=4amQ9dac6EfL2cZWOK8plD0GW40&hl=en&sa=X&ved=0CCIQ6AEwATgKahUKEwjF1Pm25fTIAhWFqx4KHUByCLw#v=onepage&q=DBMS_SYSTEM.GET_ENV&f=false
http://blog.tanelpoder.com/2009/03/27/read-os-environment-variables-using-dbms_systemget_env/
http://stackoverflow.com/questions/20991187/how-can-read-environment-variable-with-sql-statement-in-oracle
http://datavirtualizer.com/finding-oracle-home/
http://www.sivakumardba.com/2012/04/how-to-find-oraclehome-path-with-in.html
http://www.orafaq.com/forum/t/73919/2/
http://www.experts-exchange.com/Database/Oracle/Q_24847164.html
http://flylib.com/books/en/2.680.1.64/1/
http://sabdarsyed.blogspot.com/2007/09/how-to-find-oraclehome-path-in-oracle.html
https://isc.sans.edu/forums/diary/Advanced+blind+SQL+injection+with+Oracle+examples/6409/
http://www.integrigy.com/files/Integrigy_Oracle_SQL_Injection_Attacks.pdf
https://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-sumit_siddharth-sql_injection_worm.pdf
http://docs.oracle.com/cd/B19306_01/server.102/b14200/functions165.htm
http://www.red-database-security.com/whitepaper/oracle_default_ports.html
https://leaksource.files.wordpress.com/2014/08/the-database-hackers-handbook.pdf
https://books.google.com/books?id=ZxEL-FO4u7wC&pg=PA197&lpg=PA197&dq=DBMS_SYSTEM.GET_ENV&source=bl&ots=6et3ueiD56&sig=gU4sO0luMzMx1BL7sdteIZ5dQQo&hl=en&sa=X&ved=0CDIQ6AEwBDgKahUKEwjF1Pm25fTIAhWFqx4KHUByCLw#v=onepage&q=DBMS_SYSTEM.GET_ENV&f=false
https://books.google.com/books?id=cDy2_QoQplEC&pg=PA142&lpg=PA142&dq=DBMS_SYSTEM.GET_ENV&source=bl&ots=5utmrUFvDN&sig=4amQ9dac6EfL2cZWOK8plD0GW40&hl=en&sa=X&ved=0CCIQ6AEwATgKahUKEwjF1Pm25fTIAhWFqx4KHUByCLw#v=onepage&q=DBMS_SYSTEM.GET_ENV&f=false
http://www.wavefrontcg.com/Blind%20SQL%20Injection-UBC.pdf
https://docs.oracle.com/html/B14399_01/app_port.htm
http://docs.oracle.com/cd/B19306_01/install.102/b14316/ports.htm
http://www.sqlinjectionwiki.com/Categories/3/oracle-sql-injection-cheat-sheet/
http://ferruh.mavituna.com/oracle-sql-injection-cheat-sheet-oku/#comments
http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
https://information.rapid7.com/rs/rapid7/images/R7%20SQL_Injection_Cheat_Sheet.v1.pdf
https://websec.ca/kb/sql_injection
http://oldmanlab.blogspot.com/2012/03/blind-oracle-sql-injection-using.html
http://www.oracle.com/technetwork/database/database-technologies/express-edition/downloads/index.html
http://www.red-database-security.com/whitepaper/oracle_default_ports.html
http://dba.stackexchange.com/questions/435/how-does-the-oracle-dual-table-work
http://psoug.org/reference/builtin_functions.html
http://www.techonthenet.com/oracle/functions/uid.php
https://asktom.oracle.com/pls/asktom/f?p=100:11:::::P11_QUESTION_ID:1562813956388
http://www.techonthenet.com/oracle/functions/user.php
http://dba.stackexchange.com/questions/81967/oracle-nested-query-with-group-by-and-having-clauses
http://www.techonthenet.com/oracle/subqueries.php
http://www.techonthenet.com/oracle/functions/translate.php