Difference between revisions of "SQL Injection Cookbook template"

From OWASP
Jump to: navigation, search
Line 5: Line 5:
 
===Create a table===
 
===Create a table===
 
===List of columns for a specific table===
 
===List of columns for a specific table===
===Information about the indexes of a specific table===
+
===View table permissions===
===Create a index===
+
===Change table permissions===
 
==Stored Procedures==
 
==Stored Procedures==
 
===List of stored procedures or functions===
 
===List of stored procedures or functions===
Line 16: Line 16:
 
==Users==
 
==Users==
 
===List of database users===
 
===List of database users===
 +
===List of database administrators===
 
===Database user permissions===
 
===Database user permissions===
 
===Create a new user===
 
===Create a new user===
 
===Change a user password===
 
===Change a user password===
==Database server settings==
+
==Settings==
 +
===View database server settings===
 +
===Change database server settings===
 
==Host Operating System==
 
==Host Operating System==
 
===Operating System version===
 
===Operating System version===
Line 28: Line 31:
 
==Data type casting==
 
==Data type casting==
 
==String-based queries with no quote characters==
 
==String-based queries with no quote characters==
 
=Attacks=
 
==SQL tautology attacks==
 

Revision as of 14:55, 13 January 2007

Database objects

Tables

List of table names

Create a table

List of columns for a specific table

View table permissions

Change table permissions

Stored Procedures

List of stored procedures or functions

Parameters for a stored procedure or function

Source code of a stored procedure or function

Create a stored procedure or function

System data

Users

List of database users

List of database administrators

Database user permissions

Create a new user

Change a user password

Settings

View database server settings

Change database server settings

Host Operating System

Operating System version

OS environment variables

Execute OS shell commands

Queries

Data type casting

String-based queries with no quote characters