Difference between revisions of "SQL Injection Cookbook template"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 
+
__TOC__
 +
=Reconnaissance=
 
==Meta-data==
 
==Meta-data==
 
Data about data
 
Data about data
 
 
===List of table names===
 
===List of table names===
 
How to get a list of table names
 
How to get a list of table names
 
 
===List of columns for a specific table===
 
===List of columns for a specific table===
 +
===Information about the indexes of a specific table===
 +
==Stored Procedures==
 +
===List of stored procedures===
 +
===Parameters for stored procedures===
 +
===Source code of stored procedures===
 +
==System data==
 +
===List of database users===
 +
===Database user permissions===
 +
===Database server settings===
 +
===Operating System version===
 +
===OS environment variables===
  
Information about the indexes of a specific table
+
=Query attacks & tricks=
 
+
==Data type casting==
+
==String-based queries with no quote characters==
 
+
==SQL tautology attacks==
List of stored procedures
+
 
+
Parameters for stored procedures
+
 
+
Source code of stored procedures
+
 
+
+
 
+
List of database users
+
 
+
Database user permissions
+
 
+
Database server settings
+
 
+
+
 
+
+
 
+
How to perform:
+
 
+
Data type casting  
+
 
+
String-based queries with no quote characters
+
 
+
SQL tautology attacks
+

Revision as of 14:04, 13 January 2007

Contents

Reconnaissance

Meta-data

Data about data

List of table names

How to get a list of table names

List of columns for a specific table

Information about the indexes of a specific table

Stored Procedures

List of stored procedures

Parameters for stored procedures

Source code of stored procedures

System data

List of database users

Database user permissions

Database server settings

Operating System version

OS environment variables

Query attacks & tricks

Data type casting

String-based queries with no quote characters

SQL tautology attacks