This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

SQL Injection Cookbook template

Revision as of 20:29, 13 January 2007 by [email protected] (talk | contribs)

Jump to: navigation, search

Database objects


List of table names

Create a table

List of columns for a specific table

View table permissions

Change table permissions

Stored procedures or functions

List of stored procedures or functions

Parameters for a stored procedure or function

Source code of a stored procedure or function

Create a stored procedure or function

System data


Identify current user

List of database users

List of database administrators

Database user permissions

Create a new user

Change a user password


View database server settings

Change database server settings

Host Operating System

Operating System version

OS environment variables

Execute OS shell commands

Read file contents

Arbitrary file writes

File uploads

Unique database server features

Queries, attacks & filter evasions


Valid string delimiters

String concatenation

String-based queries with no quote characters

Tableless queries

Query comments

Query command delimiters

Data type casting

Output to file

Timing attacks

Data exfiltration



General network