Wiki

User Tools

Site Tools

Trace:
hacking:sql_injection_cheat_sheet_db2

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
hacking:sql_injection_cheat_sheet_db2 [2020/04/01 10:12] – created peterhacking:sql_injection_cheat_sheet_db2 [2020/07/15 09:30] (current) – external edit 127.0.0.1
Line 1: Line 1:
 ====== Hacking - SQL Injection Cheat Sheet (DB2) ====== ====== Hacking - SQL Injection Cheat Sheet (DB2) ======
  
-Version +|Version|select versionnumber, version_timestamp from sysibm.sysversions;| 
- select versionnumber, version_timestamp from sysibm.sysversions; +|Comments|select blah from foo; -- comment like this| 
-Comments  select blah from foo; -- comment like this +|Current User|<code> 
-Current User  +select user from sysibm.sysdummy1;
- select user from sysibm.sysdummy1;+
 select session_user from sysibm.sysdummy1; select session_user from sysibm.sysdummy1;
 select system_user from sysibm.sysdummy1; select system_user from sysibm.sysdummy1;
-List Users  +</code>
 +|List Users|<code>
 N/A (I think DB2 uses OS-level user accounts for authentication.) N/A (I think DB2 uses OS-level user accounts for authentication.)
  
 Database authorities (like roles, I think) can be listed like this: Database authorities (like roles, I think) can be listed like this:
 select grantee from syscat.dbauth; select grantee from syscat.dbauth;
-List Password Hashes +</code>
- N/A (I think DB2 uses OS-level user accounts for authentication.) +|List Password Hashes|N/A (I think DB2 uses OS-level user accounts for authentication.)| 
-List Privileges select * from syscat.tabauth; -- privs on tables+|List Privileges|<code> 
 +select * from syscat.tabauth; -- privs on tables
 select * from syscat.dbauth where grantee = current user; select * from syscat.dbauth where grantee = current user;
 select * from syscat.tabauth where grantee = current user; select * from syscat.tabauth where grantee = current user;
-List DBA Accounts TODO +</code>
-Current Database  select current server from sysibm.sysdummy1; +|List DBA Accounts|TODO| 
-List Databases SELECT schemaname FROM syscat.schemata; +|Current Database|select current server from sysibm.sysdummy1;| 
-List Columns  +|List Databases|SELECT schemaname FROM syscat.schemata;| 
- select name, tbname, coltype from sysibm.syscolumns; +|List Columns|select name, tbname, coltype from sysibm.syscolumns;| 
-List Tables select name from sysibm.systables; +|List Tables|select name from sysibm.systables;| 
-Find Tables From Column Name TODO +|Find Tables From Column Name|TODO| 
-Select Nth Row select name from (SELECT name FROM sysibm.systables order by +|Select Nth Row|<code> 
 +select name from (SELECT name FROM sysibm.systables order by 
 name fetch first N+M-1 rows only) sq order by name desc fetch first N rows only; name fetch first N+M-1 rows only) sq order by name desc fetch first N rows only;
-Select Nth Char  +</code>
- SELECT SUBSTR('abc',2,1) FROM sysibm.sysdummy1;  -- returns b +|Select Nth Char|SELECT SUBSTR('abc',2,1) FROM sysibm.sysdummy1;  -- returns b| 
-Bitwise AND   +|Bitwise AND|[[http://www.tar.hu/sqlbible/sqlbible0084.html|This page]] seems to indicate that DB2 has no support for bitwise operators!| 
- This page seems to indicate that DB2 has no support for bitwise operators! +|ASCII Value -> Char|select chr(65) from sysibm.sysdummy1; -- returns 'A'| 
- +|Char -> ASCII Value|select ascii('A') from sysibm.sysdummy1; -- returns 65| 
-ASCII Value -> Char +|Casting|<code> 
- select chr(65) from sysibm.sysdummy1; -- returns 'A' +SELECT cast('123' as integer) FROM sysibm.sysdummy1;|
-Char -> ASCII Value select ascii('A') from sysibm.sysdummy1; -- returns 65 +
-Casting SELECT cast('123' as integer) FROM sysibm.sysdummy1;+
 SELECT cast(1 as char) FROM sysibm.sysdummy1; SELECT cast(1 as char) FROM sysibm.sysdummy1;
-String Concatenation SELECT 'a' concat 'b' concat 'c' FROM sysibm.sysdummy1; -- returns 'abc'+</code>
 +|String Concatenation|<code> 
 +SELECT 'a' concat 'b' concat 'c' FROM sysibm.sysdummy1; -- returns 'abc'
 select 'a' || 'b' from sysibm.sysdummy1; -- returns 'ab' select 'a' || 'b' from sysibm.sysdummy1; -- returns 'ab'
- +</code>| 
-If Statement +|If Statement|TODO| 
- TODO +|Case Statement|TODO| 
-Case Statement TODO +|Avoiding Quotes|TODO| 
-Avoiding Quotes  +|Time Delay|???.  See [[https://www.microsoft.com/technet/community/columns/secmvp/sv0907.mspx|Heavy Queries]] article for some ideas.| 
- TODO +|Make DNS Requests|TODO| 
-Time Delay   +|Command Execution|TODO| 
- ??? +|Local File Access|TODO| 
- +|Hostname, IP Address|TODO| 
-See Heavy Queries article for some ideas. +|Location of DB files|TODO| 
-Make DNS Requests TODO +|Default/System Databases|TODO|
-Command Execution TODO +
-Local File Access +
- TODO +
-Hostname, IP Address TODO +
-Location of DB files +
- TODO +
-Default/System Databases +
- TODO +
  
  
hacking/sql_injection_cheat_sheet_db2.1585735946.txt.gz · Last modified: 2020/07/15 09:30 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki