Difference between revisions of "SQL Injection Cookbook template"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 
__TOC__
 
__TOC__
 
=Reconnaissance=
 
=Reconnaissance=
==Meta-data==
+
==Tables==
Data about data
+
 
===List of table names===
 
===List of table names===
How to get a list of table names
 
 
===List of columns for a specific table===
 
===List of columns for a specific table===
 
===Information about the indexes of a specific table===
 
===Information about the indexes of a specific table===

Revision as of 14:07, 13 January 2007

Contents

Reconnaissance

Tables

List of table names

List of columns for a specific table

Information about the indexes of a specific table

Stored Procedures

List of stored procedures

Parameters for stored procedures

Source code of stored procedures

System data

List of database users

Database user permissions

Database server settings

Operating System version

OS environment variables

Query attacks & tricks

Data type casting

String-based queries with no quote characters

SQL tautology attacks