Difference between revisions of "SQL Injection Cookbook template"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 
__TOC__
 
__TOC__
=Reconnaissance=
+
=Database objects=
 
==Tables==
 
==Tables==
 
===List of table names===
 
===List of table names===
 +
===Create a table===
 
===List of columns for a specific table===
 
===List of columns for a specific table===
 
===Information about the indexes of a specific table===
 
===Information about the indexes of a specific table===
 +
===Create a index===
 
==Stored Procedures==
 
==Stored Procedures==
===List of stored procedures===
+
===List of stored procedures or functions===
===Parameters for stored procedures===
+
===Parameters for a stored procedure or function===
===Source code of stored procedures===
+
===Source code of a stored procedure or function===
==System data==
+
===Create a stored procedure or function===
 +
 
 +
=System data=
 +
==Users==
 
===List of database users===
 
===List of database users===
 
===Database user permissions===
 
===Database user permissions===
===Database server settings===
+
===Create a new user===
 +
===Change a user password===
 +
==Database server settings==
 +
==Host Operating System==
 
===Operating System version===
 
===Operating System version===
 
===OS environment variables===
 
===OS environment variables===
 +
====Execute OS shell commands====
  
=Query attacks & tricks=
+
=Queries=
 
==Data type casting==
 
==Data type casting==
 
==String-based queries with no quote characters==
 
==String-based queries with no quote characters==
 +
 +
=Attacks=
 
==SQL tautology attacks==
 
==SQL tautology attacks==
 +
 +
=Creating content=
 +
==Create a new table==
 +
==Create an index==
 +
==Create a new user==

Revision as of 14:14, 13 January 2007

Contents

Database objects

Tables

List of table names

Create a table

List of columns for a specific table

Information about the indexes of a specific table

Create a index

Stored Procedures

List of stored procedures or functions

Parameters for a stored procedure or function

Source code of a stored procedure or function

Create a stored procedure or function

System data

Users

List of database users

Database user permissions

Create a new user

Change a user password

Database server settings

Host Operating System

Operating System version

OS environment variables

Execute OS shell commands

Queries

Data type casting

String-based queries with no quote characters

Attacks

SQL tautology attacks

Creating content

Create a new table

Create an index

Create a new user