https://wiki.owasp.org/index.php?action=history&feed=atom&title=SQL_Injection_Cookbook_-_MySQL 2026-04-07T02:15:43Z Revision history for this page on the wiki MediaWiki 1.27.2 https://wiki.owasp.org/index.php?title=SQL_Injection_Cookbook_-_MySQL&diff=15461&oldid=prev 2007-01-17T01:08:48Z

<p></p> <p><b>New page</b></p><div>__TOC__<br /> =Database objects=<br /> ==Tables==<br /> ===List table names===<br /> ===List columns for a specific table===<br /> ===View table permissions===<br /> ===Change table permissions===<br /> ===Create a table===<br /> <br /> ==Stored procedures or functions==<br /> ===List stored procedures or functions===<br /> ===Parameters for a stored procedure or function===<br /> ===Source code of a stored procedure or function===<br /> ===Create a stored procedure or function===<br /> <br /> <br /> =System data=<br /> ==Users==<br /> ===Identify current user===<br /> ===List of database users===<br /> ===List of database administrators===<br /> ===Database user permissions===<br /> ===Create a new user===<br /> ===Change a user password===<br /> ===Delete a user===<br /> <br /> ==Database server==<br /> ===View database server settings===<br /> ===Change database server settings===<br /> ===View database server processes===<br /> ===Kill database server process===<br /> <br /> ==Host Operating System==<br /> ===Operating System version===<br /> ===OS environment variables===<br /> ===Execute OS shell command===<br /> ===Read file contents===<br /> ===Arbitrary file writes===<br /> ===File uploads===<br /> <br /> <br /> =Queries=<br /> ==Strings==<br /> ===Valid string delimiters===<br /> ===String concatenation===<br /> ===String-based queries with no quote characters===<br /> <br /> ==Query syntax==<br /> ===Result row count limiters===<br /> ===Acceptable whitespace===<br /> ===Tableless queries===<br /> ===Query comments===<br /> ===Command delimiters===<br /> ===Set operators===<br /> Set operators are used to combine the results from two different queries. The number of columns and order of column types must be identical for both queries. The general syntax is<br /> <br /> SELECT<br /> fname, lname<br /> FROM<br /> employees<br /> '''''SET_OPERATOR'''''<br /> SELECT<br /> fname, lname<br /> FROM<br /> customers<br /> <br /> ==Special queries==<br /> ===Single column queries===<br /> ===Single row queries===<br /> <br /> ==Functions, etc.==<br /> ===Data type casting===<br /> ===Query output to file===<br /> <br /> =Attacks=<br /> ==Breaking out of a query==<br /> ===WHERE clauses===<br /> ===FROM clauses===<br /> ===Other parts of a SELECT===<br /> ===INSERT statements===<br /> ===UPDATE statements===<br /> <br /> ==Inference and timing attacks==<br /> ==SQL Tautologies==<br /> A tautology is something that is inherently true. SQL tautologies are used when you want to force a query to return all results, basically ignoring any WHERE conditionals. Simple tautologies like &quot; OR 1=1&quot; are useful, but may be filtered out by some security tools. The table below offers a number of tautologies that filter writers (even on well known commercial tools) may not have considered.<br /> {| style=&quot;width:75%;&quot; border=&quot;1&quot; cellspacing=&quot;0&quot; cellpadding=&quot;5&quot;<br /> ! width=&quot;55%&quot;|Statement<br /> ! width=&quot;15%&quot;|Numeric<br /> (1 = 1)<br /> ! width=&quot;15%&quot;|String<br /> ('a' = 'a')<br /> ! width=&quot;15%&quot;|Binary<br /> (0x1 = 0x1)<br /> |-<br /> | '''''a''''' = '''''a'''''<br /> | align=&quot;center&quot; | X<br /> | align=&quot;center&quot; | X<br /> | align=&quot;center&quot; | X<br /> |}<br /> <br /> =Data exfiltration=<br /> ==E-mail==<br /> ==Web==<br /> ==General network==<br /> <br /> <br /> =Platform specific=<br /> ==Unique database platform features==<br /> ==Authoritative documentation resources==<br /> ==Links==</div>

Davidribyrne@yahoo.com