Difference between revisions of "SQL Injection Cookbook template"
From OWASP
| Line 1: | Line 1: | ||
| − | + | __TOC__ | |
| + | =Reconnaissance= | ||
==Meta-data== | ==Meta-data== | ||
Data about data | Data about data | ||
| − | |||
===List of table names=== | ===List of table names=== | ||
How to get a list of table names | How to get a list of table names | ||
| − | |||
===List of columns for a specific table=== | ===List of columns for a specific table=== | ||
| + | ===Information about the indexes of a specific table=== | ||
| + | ==Stored Procedures== | ||
| + | ===List of stored procedures=== | ||
| + | ===Parameters for stored procedures=== | ||
| + | ===Source code of stored procedures=== | ||
| + | ==System data== | ||
| + | ===List of database users=== | ||
| + | ===Database user permissions=== | ||
| + | ===Database server settings=== | ||
| + | ===Operating System version=== | ||
| + | ===OS environment variables=== | ||
| − | + | =Query attacks & tricks= | |
| − | + | ==Data type casting== | |
| − | + | ==String-based queries with no quote characters== | |
| − | + | ==SQL tautology attacks== | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | Data type casting | ||
| − | |||
| − | String-based queries with no quote characters | ||
| − | |||
| − | SQL tautology attacks | ||
Revision as of 19:04, 13 January 2007
Contents
Reconnaissance
Meta-data
Data about data
List of table names
How to get a list of table names
