Revision as of 20:23, 13 January 2007

1 Database objects
- 1.1 Tables
- 1.2 Stored Procedures
2 System data
3 Unique database server features
4 Queries, attacks & filter evasions
5 Data exfiltration

Database objects

Tables

List of table names

Create a table

List of columns for a specific table

View table permissions

Change table permissions

Stored Procedures

List of stored procedures or functions

Parameters for a stored procedure or function

Source code of a stored procedure or function

Create a stored procedure or function

System data

Users

Identify current user

List of database users

List of database administrators

Database user permissions

Create a new user

Change a user password

Settings

View database server settings

Change database server settings

Host Operating System

Operating System version

OS environment variables

Execute OS shell commands

Read file contents

Arbitrary file writes

File uploads

Unique database server features

Queries, attacks & filter evasions

==Strings

Valid string delimiters

String concatenation

String-based queries with no quote characters

Tableless queries

Query comments

Query command delimiters

Data type casting

Output to file

Timing attacks

Data exfiltration

E-mail

Web

General network

@@ Line 15: / Line 15: @@
 =System data=
 ==Users==
+===Identify current user===
 ===List of database users===
 ===List of database administrators===
@@ Line 27: / Line 28: @@
 ===OS environment variables===
 ===Execute OS shell commands===
+===Read file contents===
+===Arbitrary file writes===
+===File uploads===
-=Queries=
+=Unique database server features=
-==Valid string delimiters==
+=Queries, attacks & filter evasions=
+==Strings
+===Valid string delimiters===
+===String concatenation===
+===String-based queries with no quote characters===
+==Tableless queries==
 ==Query comments==
 ==Query command delimiters==
 ==Data type casting==
-==String-based queries with no quote characters==
+==Output to file==
+==Timing attacks==
+=Data exfiltration=
+==E-mail==
+==Web==
+==General network==

Difference between revisions of "SQL Injection Cookbook template"

Revision as of 20:23, 13 January 2007

Database objects

Tables

List of table names

Create a table

List of columns for a specific table

View table permissions

Change table permissions

Stored Procedures

List of stored procedures or functions

Parameters for a stored procedure or function

Source code of a stored procedure or function

Create a stored procedure or function

System data

Users

Identify current user

List of database users

List of database administrators

Database user permissions

Create a new user

Change a user password

Settings

View database server settings

Change database server settings

Host Operating System

Operating System version

OS environment variables

Execute OS shell commands

Read file contents

Arbitrary file writes

File uploads

Unique database server features

Queries, attacks & filter evasions

Valid string delimiters

String concatenation

String-based queries with no quote characters

Tableless queries

Query comments

Query command delimiters

Data type casting

Output to file

Timing attacks

Data exfiltration

E-mail

Web

General network

Navigation menu

Search