Difference between revisions of "SQL Injection Cookbook template"

From OWASP
Jump to: navigation, search
Line 2: Line 2:
 
=Database objects=
 
=Database objects=
 
==Tables==
 
==Tables==
===List of table names===
+
===List table names===
 
===Create a table===
 
===Create a table===
===List of columns for a specific table===
+
===List columns for a specific table===
 
===View table permissions===
 
===View table permissions===
 
===Change table permissions===
 
===Change table permissions===
 +
 
==Stored procedures or functions==
 
==Stored procedures or functions==
===List of stored procedures or functions===
+
===List stored procedures or functions===
 
===Parameters for a stored procedure or function===
 
===Parameters for a stored procedure or function===
 
===Source code of a stored procedure or function===
 
===Source code of a stored procedure or function===
 
===Create a stored procedure or function===
 
===Create a stored procedure or function===
 +
  
 
=System data=
 
=System data=
Line 21: Line 23:
 
===Create a new user===
 
===Create a new user===
 
===Change a user password===
 
===Change a user password===
==Settings==
+
===Delete a user===
 +
 
 +
==Database server==
 
===View database server settings===
 
===View database server settings===
 
===Change database server settings===
 
===Change database server settings===
 +
===View database server processes===
 +
===Kill database server process===
 +
 
==Host Operating System==
 
==Host Operating System==
 
===Operating System version===
 
===Operating System version===
Line 32: Line 39:
 
===File uploads===
 
===File uploads===
  
=Unique database server features=
 
  
=Queries, attacks & filter evasions=
+
=Unique database platform features=
 +
 
 +
 
 +
=Queries=
 
==Strings
 
==Strings
 
===Valid string delimiters===
 
===Valid string delimiters===
 
===String concatenation===
 
===String concatenation===
 
===String-based queries with no quote characters===
 
===String-based queries with no quote characters===
==Tableless queries==
+
 
==Query comments==
+
==Query syntax==
==Query command delimiters==
+
===Acceptable whitespace===
==Data type casting==
+
===Tableless queries===
==Output to file==
+
===Query comments===
 +
===Query command delimiters===
 +
===Set operators===
 +
Set operators are used to combine the results from two different queries. The number of columns and order of column types must be identical for both queries. The general syntax is
 +
 
 +
<code>
 +
SELECT
 +
fname, lname
 +
FROM
 +
employees
 +
''SET_OPERATOR''
 +
SELECT
 +
fname, lname
 +
FROM
 +
customers
 +
</code>
 +
==Special queries==
 +
===Single column queries===
 +
===Single row queries===
 +
 
 +
==Functions, etc.==
 +
===Data type casting===
 +
===Query output to file===
 +
 
 +
=Attacks=
 +
==Breaking out of a query==
 +
===WHERE clauses===
 +
===FROM clauses===
 +
===Other parts of a SELECT===
 +
===INSERT statements===
 +
===UPDATE statements===
 +
 
 
==Timing attacks==
 
==Timing attacks==
 +
==SQL Tautologies==
  
 
=Data exfiltration=
 
=Data exfiltration=

Revision as of 01:17, 14 January 2007

Contents

Database objects

Tables

List table names

Create a table

List columns for a specific table

View table permissions

Change table permissions

Stored procedures or functions

List stored procedures or functions

Parameters for a stored procedure or function

Source code of a stored procedure or function

Create a stored procedure or function

System data

Users

Identify current user

List of database users

List of database administrators

Database user permissions

Create a new user

Change a user password

Delete a user

Database server

View database server settings

Change database server settings

View database server processes

Kill database server process

Host Operating System

Operating System version

OS environment variables

Execute OS shell commands

Read file contents

Arbitrary file writes

File uploads

Unique database platform features

Queries

==Strings

Valid string delimiters

String concatenation

String-based queries with no quote characters

Query syntax

Acceptable whitespace

Tableless queries

Query comments

Query command delimiters

Set operators

Set operators are used to combine the results from two different queries. The number of columns and order of column types must be identical for both queries. The general syntax is

SELECT fname, lname FROM employees SET_OPERATOR SELECT fname, lname FROM customers

Special queries

Single column queries

Single row queries

Functions, etc.

Data type casting

Query output to file

Attacks

Breaking out of a query

WHERE clauses

FROM clauses

Other parts of a SELECT

INSERT statements

UPDATE statements

Timing attacks

SQL Tautologies

Data exfiltration

E-mail

Web

General network